Until recently, trade secrets were, apart from a few exceptions, often overlooked in favour of patent rights in terms of the value that they contribute as IP assets. But this was not a fair assessment – for many firms, keeping certain things secret is vital to success.
Trade secrets are often central to the way that a modern company operates and competes in the market. Loss or breach of a trade secret can cause significant if not catastrophic economic loss for the secret holder and disrupt their future trading activity.
The European Trade Secret Directive, which came into force in 2018, harmonises the way that member states, including the United Kingdom (where equivalent legislation is being implemented post-Brexit), handle trade secrets. As long as the requirements established by the directive have been met, trade secret protection is stronger than ever and there are established remedies for pan-European protection in the event that a trade secret is taken out of its home country.
What is a trade secret?
Trade secrets are a particular type of confidential information that has value, usually in a commercial context, and may include academic information, especially if this is licensable. Trade secrets can take many forms and may be referred to as ‘know-how’ or ‘proprietary confidential information’. Secrets may be shared with other parties, for example, in a joint venture.
What can we learn from historical trade secrets?
Keeping information secret that helps with trade is not a new concept. For example, glass-manufacturing techniques were originally closely guarded trade secrets. Venice was one of the most well-known glass-manufacturing centres in Europe in the eighth century and guilds went to huge efforts to ensure their secrets were kept, isolating glassmakers in Murano and forbidding them to leave. This was fairly effective, despite the huge demand for glass as cathedrals were being built all over Europe.
Nevertheless, the secrets of glassmaking spread very slowly throughout Europe. By 1449, John Utynam was offered a patent to encourage him to share the trade secrets of stained-glassmaking with English apprentices. This historic example illustrates rather nicely that even if employees are isolated on an island, trade secrets can and will eventually get out. Back in the middle ages there was little that could be done about secrets being divulged after being taken into a different country. Today, under the European Trade Secret Directive, legal action can be taken against employees that are enticed to divulge trade secrets, even if they leave the country.
Aims of the European Trade Secrets Directive
The directive harmonises the national laws of its member states in the following fundamental ways:
- an equivalent level of protection of trade secrets is now available across the European Union (including the United Kingdom as it was an EU member state at the time the directive came into force);
- the term ‘trade secret’ is uniformly defined;
- common measures are provided against the unlawful acquisition, use and disclosure of trade secrets; and
- the production, offering, placing on the market, importing, exporting or storing of any goods whose design, quality, manufacturing process or marketing significantly benefits from unlawful acquisition, disclosure or use of trade secrets is unlawful across the European Union.
This means that in EU member states, and in the United Kingdom going forward after Brexit, there is a fundamental common understanding of what a trade secret is, what is unlawful to do in relation to a trade secret, and what remedies and other measures are available. It should be kept in mind that the directive sets out minimum measures that are available – individual member states may provide more.
Trade secrets under the directive
Not all confidential information can be considered a trade secret under the directive, which defines a trade secret (in line with the definition given in Article 39 of the Agreement on Trade-Related Aspects of Intellectual Property Rights) as information that meets all of the following requirements:
- it is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;
- it has commercial value because it is secret; and
- it has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret.
The onus is on the secret-keeper to know what needs to be done to ensure the rights and remedies under the directive will be available in the event that a trade secret has been stolen.
Trade secret management practicalities
It is likely to be essential to establish a policy for handling trade secrets if their value is to be protected in most organisations and the requirements set out by the directive are to be met. This should stress how important it is that the trade secret is managed in a manner that retains its confidentiality and sets out good practice for handling documentation relating to the information forming a trade secret.
Employees and trade secret training
Employees should be trained to have awareness and develop the right behaviours regarding their employer’s trade secrets as well as any secrets belonging to another party to which they are given access. Access should always be strictly limited only to the employees who need to know the trade secret. All individual training should be logged in case it is necessary to establish that a particular employee had received sufficient training to know that they were acting unlawfully if they steal a trade secret and to address any attempts to use a lack of training as a defence.
Topics that training should cover include:
- handling trade secrets;
- internal and external aspects of trade secret creation and maintenance;
- understanding what document marking means;
- who can trade secrets be discussed with;
- how to engage appropriately with other parties;
- how to prevent contamination;
- social engineering awareness;
- understanding residual information;
- how to handle trade secrets shared by another party;
- access control; and
- how to recognise information that is a trade secret and what to do next so this is captured.
Contractual obligations – non-disclosure, non-compete, non-solicitation
Reminding an employee of any non-disclosure, non-compete and non-solicitation clauses from their employment terms when they resign can be useful to deter them from sharing trade secrets when they move on. While such clauses and agreements are fairly common for technical, legal and other specialist areas, they may not be enforceable. Even non-compete and non-solicitation clauses which comply with EU competition law and are reasonable may find that the courts in many EU member states are hostile to their enforcement.
It is also important not to forget that incoming employees may also cause trade secret headaches. Employers might want to consider whether employment contracts should set out employer expectations about residual knowledge for certain incoming employees to safeguard issues regarding bringing in secrets and contaminating information.
Sharing secrets with trusted parties
A trade secret policy should set out standard contractual measures to protect secret information if the information must be shared with a third party and to ensure that this is consistently handled.
Different agreements involving the same trade secret should be carefully drafted to ensure that the same terms to maintain confidentiality for the trade secret are provided. Perpetual terms of confidentiality are unlikely to be practical to enforce, so it is important to set a term that is appropriate. Be aware that when the term of confidentiality expires in one agreement, so will any trade secrets previously protected by that term of confidentiality and this could affect other agreements. Where a trade secret is licensed to another party, there are likely to be contractual obligations to maintain the confidentiality of that trade secret imposed on both parties.
Employees should understand what must be kept secret and what can be shared when collaborating with another party, including if they receive a secret from a third party. For example, in order to patent something that requires or relates to a secret shared by another party, their consent should be obtained if the secret will become public when the patent application is published.
Face-to-face and virtual meetings
The use of a non-disclosure agreement (NDA) where there is a need to disclose a trade secret to anyone outside an organisation should be mandatory, even if there are other contractual obligations to generally maintain confidentiality.
An NDA can cover online video and voice meetings, as well as face-to-face meetings. For virtual meetings it is important to implement agreed security measures by using a unique password just for that meeting and encrypting the meeting if possible. Use a lobby and establish beforehand that only recognised parties will be admitted.
Encourage common sense, as it is not usually necessary to share a trade secret at an initial meeting. Get to know the other party before sharing any secrets, and establish trust and what they want first. Remember, an NDA may not always be respected by the other party.
Before any meeting starts, the scope of the NDA should be checked to confirm that it includes all aspects of any trade secrets or other confidential information that may be discussed and that the NDA has been signed by all parties prior to the meeting starting. If information is accidentally shared in a meeting that is not covered by the scope of the NDA, a retrospective scope amendment may be possible, but there is no guarantee that the other party will agree to this. Employee training can help avoid such a situation occurring.
Trade secret creation
Raising employee awareness of what can be a trade secret will become just as important as educating employees about what might be patentable to have trade secrets recognised as valuable corporate IP assets. It would be advisable to consider:
- conducting an IP audit to capture existing trade secrets; and
- implementing a reward scheme for employees who submit details of new trade secrets, which can then be date stamped.
Trade secret management
It is advisable to establish a management policy to track each trade secret and also a document marking policy for both digital and physical forms of information and align this with access control and document retention and disposal policies.
A marking policy may be provided for watermarks, as well as headers, email signatures and filenames to provide for various categories of sensitivity. The disposal policy should ensure that all documentation relating to a ‘live’ trade secret is shredded, not just binned.
Digital access should also be suitably controlled, for example, by encryption and access records. Be aware that evidence may be needed to show that a digital trade secret was protected in a manner that distinguished it from the way that other confidential digital information is kept. There are consultancy firms that have recognised that digital assets need practical protection, as well as legal protection in the form of IP rights. If digital asset protection is a concern, consider consulting someone who has suitable experience of digital vaults.
The last-day downloading of proprietary information to a memory stick by a disgruntled or naïve individual is still a well-known occurrence. To prevent this from happening, best practice is to remove all access rights to any trade secrets as soon as possible after an employee’s resignation.
Understand how and why all trade secrets are vulnerable
All trade secrets are vulnerable in the sense that if someone else independently finds the same information, they may choose to make it public. There is nothing that can be done about this, yet the proprietary nature of the information forming a trade secret is lost when the same information is put into the public domain by someone else. Best practice is to conduct a risk assessment and analyse strengths, weaknesses, opportunities and threats (known as a ‘SWOT’ analysis) to assess whether certain information is best protected as a trade secret rather than by another form of intellectual property, such as a patent.
What to do if it all goes wrong and a trade secret is stolen
The directive clearly spells out that acts such as unauthorised access, appropriation or copying of any documents, objects, materials, substances or electronic files containing trade secrets without the consent of the trade secret holder is unlawful. The remedies provided by the directive include:
- cessation or prohibition of use or disclosure of a trade secret;
- prohibition of production, offering, placing on the market, or use of infringing goods;
- adoption of appropriate corrective measures (eg, recall or destruction of infringing goods); and
- seizure of infringing goods.
The directive thus provides remedies to prevent unauthorised disclosure and to prevent subsequent use by the receiving party of a trade secret. Various international agreements now also offer similar scopes of protection for trade secrets. This means that as soon as it is known that an employee has stolen a trade secret and has fled the European Union, it may be possible to obtain an injunction and restrain the employee, even if they head outside the European Union.
In addition, any disclosure of information covered by an NDA or similar confidentiality clause is a breach of confidentiality and contract. If someone has shared information with another party and they have used it in an unlawful way, injunctive relief, compensation for loss of profit or unjust enrichment and other corrective remedies may be possible under the relevant national laws of contract and confidentiality.
There is no trade secret misappropriation if:
- a trade secret has been an independent creation;
- a trade secret was already in the public domain; and
- the other party did not take proper efforts to keep the information secret.
Be prepared to provide evidence of all the above points quickly, to demonstrate that:
- the information stolen was kept as a trade secret;
- a trade secret policy existed and was executed in relation to the stolen trade secret; and
- the employee who is believed to have stolen the trade secret knew that what they were doing was not lawful (eg, by using training logs).
Trade secrets in the United Kingdom – Brexit
The United Kingdom enacted a statutory instrument to bring the directive into force in the United Kingdom on 9 June 2018. The United Kingdom previously had laws in place to protect confidential information that are now supplemented by the provisions of the directive. This means that similar remedies are available if the requirements for information to be regarded as a trade secret are met in the United Kingdom.