Trade secrets are an important part of many companies’ intellectual property portfolios. As long as the trade secrets are kept secret, they continue to be protected by law indefinitely. Most other intellectual property, except continually used trademarks, are only protected for a certain number of years.
Trade secret violations can come with hefty penalties and acts as a deterrent against misappropriation of your intellectual property. In 2006, a Coca-Cola employee attempted to sell stolen trade secrets to Pepsi; however, Pepsi wisely refused and instead alerted Coca-Cola to the scheme. The employee was eventually sentenced to eight years in prison for conspiracy to steal trade secrets. The possibility of facing similarly tough criminal and civil sanctions may have been on the minds of decision makers at Pepsi.
Identify Your Trade Secrets
Your trade secrets are known only to your business and give you an advantage. More types of information than you think can qualify. Formulas, processes, quality control information, blueprints, tolerances, drawings, unpatented inventions, test data, production data, source code, spread sheets, forms, check lists, customer information, marketing information, and business plans can be protected as trade secrets.
Sometimes you will have to decide between patenting an invention or keeping it a trade secret. There are several considerations to weigh in this decision, and I will discuss those in a subsequent post.
Have a Written Trade Secret Protection Policy
Every business should have a written policy for trade secrets. Your Trade Secret Protection Policy should define trade secrets categorically, so include a list of the kinds of trade secrets your business protects. State that the list is non-comprehensive and that proprietary information that isn’t listed should be protected.
List procedures for maintaining secrecy. Businesses must make reasonable efforts to protect trade secrets. For example, keep doors to sensitive areas locked and use firewalls and passwords to restrict access to computers.
Access to trade secrets should be on a need to know basis. Establish which employees should have access to which information and which steps should be taken to prevent access by an unauthorized person. Whoever accesses trade secrets should sign a Non-Disclosure Agreement and be aware of the consequences for failure to keep trades secrets secure. A breach could result in termination and legal action. If proprietary information must be shared with a third party, always use Non-Disclosure Agreements to deter the third party from sharing it with anyone else.
Also, make sure that employees understand that disclosing proprietary information by speaking aloud, whether directly to an unauthorized person or where an unauthorized person can overhear, can be a punishable breach.
Every employee should sign off that they have read and agreed to the Trade Secret Protection Policy.
Periodic employee training should reinforce and supplement your written Trade Secret Protection Policy. As you make improvements and additions to your Trade Secret Protection Policy employee training will keep employees informed of changes. Have employees sign off that they are aware of these changes.
Whenever possible, mark trade secrets as proprietary to your company. This will help employees know what they need to protect and will be useful if there is litigation. As new proprietary information is created in the course of business, make sure employees know to mark and protect it.
Access to sensitive areas should always be restricted, and only authorized personnel should be allowed in sensitive areas. Keys, badges, passwords, and other access control items should always be restricted to authorized personnel. Biometrics can be helpful for this. Keep proprietary material in restricted areas when possible, but if materials must be moved, have procedures in place to do so securely.
All trade secrets stored electronically must be password protected with strong passwords. Access to email should be password protected. Avoid sending proprietary material via email whenever possible since email is less secure and prone to user error because it’s easy to send information to an unauthorized person unintentionally. Employees should be made aware of phishing, social engineering, and hacking threats. Passwords and verification information should never be disclosed to an unauthorized person. All devices containing trade secrets should be kept behind a firewall, protected by password, and preferably encrypted. Unauthorized software should never be installed.
Only mobile devices owned by the business may contain trade secrets, and trade secrets must never be transferred to an employee’s personal device. Mobile devices containing trade secrets should always be protected under all applicable procedures for both physical security and electronic security. They should always be locked up securely when not being used for work, they should be password protected and encrypted, and third parties should not access them.
Job candidates should be screened for indications (such as past statements, behaviors, or associations) that they may represent a security concern. Before a new hire accesses proprietary information, have them read and sign your Trade Secret Protection Policy and a Non-Disclosure Agreement. If state law allows, consider whether you want employees to sign a Non-Compete Agreement.
When an employee leaves, make sure that no proprietary information goes with them. Terminate their passwords and biometric access. Recover keys and badges that grant access to secure areas. Retain mobile devices that contain trade secrets. During the exit interview review the terms of the Trade Secret Protection Policy.
If you have questions about protecting your company’s trade secrets, feel free to contact me at firstname.lastname@example.org.