As stories of international and domestic hacking and espionage dominate the news cycle, it’s easy to forget that when it comes to trade secrets, employees and business partners—not hackers—pose the biggest threat. See David S. Almeling et al., A Statistical Analysis of Trade Secret Litigation in Federal Courts, 45 Gonz. L. Rev. 291 (2009/2010).
In a recent webinar, Gordon & Rees addressed protection of trade secrets and proprietary information from employee theft. Here, we address some steps to help prevent business partners from misusing your trade secrets.
- Identify your trade secrets and control access to them
Before any agreements are drafted or any information or documents are exchanged, be sure you have identified your trade secrets (see also the definition under the Uniform Trade Secrets Act). You can’t protect them unless you know what they are. This sounds like common sense, but surprisingly, in the hustle and bustle of everyday work, not all companies take the time to do this until they’ve realized their trade secrets have ended up in the wrong hands. (Unless it is appropriate for your industry, referring to everything as a “trade secret” is not helpful, either—for example, your business partners are less likely to take your actual trade secrets seriously if you claim that information you have made public are also trade secrets.)
A trade secret “registry” could be considered favorable evidence in court—as long as it is timely updated and actually distributed to employees. See Schalk v. State, 823 S.W.2d 633, 643 (Tex. Crim. App. 1991). This registry will also help your own employees with the marking the proper designations when such information is exchanged with a business partner.
Securing your trade secrets in-house will not only help your case in court, it also helps when it comes to disclosure to third parties, particularly inadvertent disclosure. Chances are, not every employee will require access to every trade secret. Secure physical and electronic access to the appropriate trade secrets to the appropriate personnel.
What measures are appropriate will depend on the circumstances and will likely evolve with time and technology. Information stored on secure servers that had three layers of physical security passwords, 256-character PuTTY keys, with portions possessed by only a single person was found by a court sufficient evidence for a jury to conclude that a trade secrets owner took appropriate measures to protect its trade secrets. Xtec, Inc. v. CardSmart Techs., Inc., No. 11-22866-CIV-ROSENBAUM, 2014 U.S. Dist. LEXIS 184604, at *26 (S.D. Fla. May 15, 2014).
On the other hand, where information was distributed to 600-700 people where at most only 190 people signed confidentiality agreements, and where that same information was not stamped as “confidential,” a court found that no reasonable jury could conclude that “reasonable efforts” were made. Tax Track Sys. Corp. v. New Inv’r World, Inc., 478 F.3d 783, 788 (7th Cir. 2007).
- Draft tailored non-disclosure agreements (“NDAs”)
Before any information is exchanged with a business partner, have your attorneys help you draft a non-disclosure/confidentiality agreement tailored to the arrangement. Not only will this agreement help you in case you need to litigate the matter, it will provide the protocols for your business partner to follow.
Some provisions you and your attorneys will want to consider are the return/destruction of trade secrets at certain stages (and certainly when the relationship is terminated), a perpetual non-disclosure and non-use clause when it comes to trade secrets (as opposed to an expiring one), how trade secrets will be identified/marked (and the ability to later identify/mark previously exchanged documents), and requirements for the business partner’s employees to sign individual NDAs and/or obtain training on how to handle trade secrets. This is not an exhaustive list—work with your attorney to flesh out the agreement.
Be wary of stock or template agreements; many of them may not contemplate the specific issues that may arise in your situation. Many “standard” agreements also contain language that relieve the business partner of its contractual obligations of non-disclosure and non-use as soon as the trade secrets are made public—without specifying that such public disclosure must have been authorized by the owner of the trade secret, and without giving the owner the chance to mitigate the effects and damage of the unauthorized disclosure.
But no matter how perfect the agreement, it won’t matter if it isn’t properly implemented.
- Train your own employees
Identify all the employees who will be corresponding with the business partner and make sure you train them. Let them know what information can be exchanged, what cannot, which individuals from the business partner they can exchange information with. Provide them with a written checklist and designate a person most knowledgeable—or better yet, a specialized team to direct their questions to. This team should also conduct some “spot checks” throughout the relationship to make sure protocols are being followed.
If the relationship with the business partner will span more than a couple months, also have a plan in place to retrain your employees in regular intervals.
- Train the business partner’s employees
Even if you require individuals from the business partner’s company to sign an NDA, that may not be enough. You may want to provide the partner’s employees with the necessary training, or at least provide the partner with the necessary materials to provide the training themselves (and require them to do so as part of the NDA). Regularly communicate with the partner to make sure they are protecting your trade secrets, and have your employees and your specialized team pay attention to how the business partner is using this information as well.
- Create a contingency/emergency plan
Did an employee send a trade secret to the business partner without marking it as such? Has the business partner communicated plans that may violate the NDA? Has the relationship with the business partner begun to go sour?
Your team should already have a contingency plan in place to deal with these—and other—situations, and protocols to continually improve security and access. Make sure you follow through on enforcing contractual provisions, and make sure you act swiftly.
In closing, remember that when dealing with trade secrets or handling other proprietary, confidential or otherwise private information, nothing beats being prepared.