Trade Secrets Protection Planning: Are You Watching Your Asset?
Written by: David J. Volk, Esq. | August 18, 2019
Do you have a competitive advantage in your marketplace? A competitive advantage is often obtained by ownership and use of formulas, processes, or other information. The information may be entitled to trade secret, patent, or copyright protection, but you must take certain actions to ensure the information is protected either by legally qualifying for protected status including managing the risk of loss through agreements and data security protocols.
To maintain a competitive advantage, you must take steps to protect your valuable data. Having even a basic knowledge of trade secret law will better enable you to protect your company's competitive advantage. VolkLaw can help guide you to protect trade secrets and set out various procedures to follow to preserve and protect valuable confidential information. Procedures should be distributed to all workers and a periodic review of compliance should be led by experienced counsel. Procedures should be supported by a variety of forms, including appropriate employee and vendor nondisclosure agreements.
Potential Types of Proprietary Information
a. Financial Information
b. Organizational Information
c. Marketing Information
d. Technical Information
Some protection exists as a matter of law, but that requires proof of its special status. That can be difficult to prove in court. Bear in mind, all important and valuable information might or might not have trade secret, patent, or copyright protection. So, a good risk management plan will address trade secret and other valuable data protection through all reasonable means.
Florida courts recognize the importance of trade secret protection and the resulting benefits to the public. In an effort to confront the problem of theft or disclosure of valuable information and to help businesses deal more effectively with industrial espionage and piracy, the Florida legislature enacted its own version of the Uniform Trade Secrets Act (UTSA).
Under Florida law, trade secret information:
(1) derives economic value from not being generally known or readily ascertainable by others; and
(2) is the subject of reasonable efforts to maintain its secrecy.
To sue for misappropriation of trade secrets under Florida law, you must show facts sufficient to create a reasonable inference that:
(1) you owned secret information and took reasonable steps to protect its secrecy;
(2) the secret was misappropriated, either by one who knew or had reason to know that the secret was improperly obtained or by one who used improper means to obtain it; and
(3) the secret derives independent economic value from not being generally known or ascertainable through proper means.
If the information is generally known or readily accessible to third parties, it cannot qualify for trade secret protection. Whether information is a trade secret is a question of fact. Once a party establishes that the information is a trade secret, it must next demonstrate that the disclosure of the information might be harmful to it.
Establishing the commercial value of a trade secret is relatively straightforward. However, structuring a trade secret protection program that will be considered by court to consist “of efforts that are reasonable under the circumstances to maintain its secrecy” is more difficult. VolkLaw can help you think through what is valuable and protectible and how to keep it safe.
A. General Rule
To meet the reasonable efforts test, the law requires the trade secret owner to undertake actual efforts which are rigorous enough to force another to use improper means to discover the trade secret. In structuring a program to meet this standard the company must consider:
(1) the efforts to maintain secrecy need not consist of all conceivable means to maintain secrecy, prevent improper means of discovery or disclosure, or be so extensive as to make discovery or disclosure impossible;
(2) the efforts must be steps actually taken, as opposed to mere intent;
(3) the trade secret must be treated as secret by some combination of physical security measures and confidentiality procedures; and
(4) the efforts must be directed at the particular trade secrets as opposed to general business security.
B. Identify Possibilities
The trade secret owner should identify all the efforts that reasonably may be employed to protect the secrets. The owner must then balance the costs and benefits of each applicable effort in selecting the measures to include in its trade secret protection program.
C. Consider Situational Factors
In choosing the particular measures, the trade secret owner must consider three situational factors:
(1) the nature of the trade secret;
(2) the nature of the industry, including the prevalence of industrial espionage; and
(3) the nature of the company.
In analyzing the nature of the trade secret, the owner must consider whether it is obviously something that should be kept secret or is nonintuitive in nature. The less obvious the secret, the greater the need to inform employees that it is a trade secret and must not be disclosed. Similarly, the value of the trade secret has an impact on what efforts are reasonable. The greater the value, the more extensive the efforts to protect it should be.
With respect to the nature of the industry, companies in industries that are extremely competitive, that have high levels of employee turnover, or in which industrial espionage is prevalent, require more extensive efforts to maintain secrecy. In analyzing the nature of the company, one must evaluate its size and financial strength. A small company with few employees need not undertake the extensive protective measures required by a Fortune 500 company.
Developing a Trade Secret Protection Program
The trade secret protection program should be designed to accomplish two major objectives: (1) prevent misappropriation of trade secrets; and (2) be sufficient to convince a court to enforce the company's right to legal protection against misappropriation of its trade secrets.
After devoting the required time and effort to identify and select the measures to be included in the program, someone within the company should be assigned to be responsible for the continuous monitoring, review, and assessment of the program. Enforcement of the program, periodical evaluation of its performance, and adding or dropping features are part of your ongoing program. Once the program is adopted, it must be followed. If litigation occurs, your diligence is an important factor.
C. Security Measures
The physical layout of the company's facilities is usually the starting point in identifying the security measures to be included in a protection program. Physical security measures include: locks on entrances; buzzer locks on doors to sensitive areas; visitor screening and the use of badges; exclusion of the general public; destruction of sensitive documents; physically separating sensitive work areas from the rest of the facility; locking files; and physically locating a facility in a geographically remote location.
D. Confidentiality Procedures
Confidentiality procedures fall into four major categories:
(1) document control;
(2) procedures directed at computer use;
(3) procedures directed at employees; and
(4) procedures directed at third parties outside of the company.
1. Document Control
Our electronic age makes document control a difficult task. It gets harder all the time. Nevertheless, measures can be taken to reduce the risk of misappropriation of trade secrets and confidential data contained in electronic and hard copy documents. Documents that are important must be identified and classified according to the level of security required.
For example, high risk documents that may be shared with any company employee may be classified and marked “Proprietary — Internal Use Only”. More sensitive documents may be classified and marked as “Proprietary — Need-to-Know”. These documents would consist of proprietary information that should be disclosed only to employees or others needing this information in order to carry out their jobs and other assigned tasks. Examples include departmental budget information, organizational charts, performance reviews, market studies and market research. The most sensitive information may be classified and marked “Proprietary — Registered”. This information would include information that has the greatest value to the company. Examples include business plans, unreleased financial results of operations, and information regarding new unreleased products. Information with this classification should be assigned a number for tracking purposes and not photocopied without the consent of the originator. Finally, when not in use, the materials should be kept in locked cabinets or in password-protected data files.
Access to such documents should also be appropriately restricted. Employees should be periodically warned against leaving sensitive documents on their desks or at the copy machine. When sensitive documents are no longer needed, they should be shredded or disposed of in receptacles designated especially for such purpose.
2. Procedures Regarding Computer Use
Computers can be as dangerous as they are helpful. Procedures to protect the integrity and secrecy of the information stored therein has taken on an added importance. Non-user physical access to computers should be limited. Computer screens should have lock functions. Employees should be instructed to log off if they will be out of their office or away from their desk for any length of time. Passwords and other data protection methods should be used as appropriate.
Special caution should be taken with electronic mail. Unauthorized users can access electronic mail systems and it is easy to send electronic mail to the wrong address. Generally, more secure methods should be used when transmitting proprietary information.
3. Procedures Directed at Employees
Procedures should be developed to alert employees to the necessity of protecting trade secrets and confidential data and to deter inadvertent disclosure. Employees should be made aware of company policy regarding trade secret protection at the interview stage. Additionally, such policies should be included in all employee training and in the company policy manual. Posters can be placed throughout the premises warning of the consequences to the company of disclosure of the company's trade secrets and data.
Employees and independent contractors should be required to sign at the time they are hired, or as a condition of continued employment, noncompete, trade secret, and confidentiality agreements and, in some cases, assignment of invention agreements. These agreements require employees:
(1) to avoid disclosure of any proprietary information without appropriate authorization;
(2) to disclose to the company on an ongoing basis all research and technical activity; and
(3) to acknowledge that any inventions, developments, modifications, or enhancements made during the course of employment belong to the employer.
When an employee quits or is terminated, he or she should be required to turn over to his or supervisor or to the person conducting the employee’s exit interview all company property including research, reports, drawings, blueprints, schematics, notebooks, electronics, and designs. In addition, the employer should immediately terminate the employee’s ability to access the company’s physical premises, computer network, and email system. The employee should also be instructed to delete electronically stored information that they may have on their personal devices such as email attachments or documents stored on a cloud-based service such as Dropbox or Google Drive.
The departing employee should receive an exit interview. Exit interviews give the company the opportunity to impress upon the departing employee his or her continuing obligations to the company. In addition, information should be gained about the departing employee's new employer for monitoring or future reference.
4. Procedures Directed at Persons Outside the Company
Almost every company conducts business with suppliers, vendors, consultants, contractors, subcontractors, investors, and other parties outside of the company. Trade secrets often must be disclosed in the conduct of such business. Nondisclosure agreements are critical to protect trade secrets and other information in these cases. Additionally, if business is actually transacted, a nondisclosure provision should be part of every contract. The company should develop special nondisclosure and confidentiality agreements for visitors, bidders, contractors, vendors, consultants, service providers, and employees.
Trade secret protection is an effective and relatively low cost means of safeguarding proprietary information. VolkLaw can help you identify and protect trade secrets and other valuable information through a trade secret protection program. By implementing the suggested procedures, as well as monitoring and assessing the program on a regular basis, you will be better positioned to effectively protect your competitive advantage in the marketplace.
And now the tedious disclaimer. Sorry, have to do it. The matters discussed here are general in nature and are not to be relied upon as legal advice. Every specific legal matter requires specific legal attention. The law is constantly changing, and matters discussed today may not be the same tomorrow. Legal matters are also subject to different interpretations by attorneys, judges, jurors, and scholars. No attorney-client relationship is intended or created as a result of matters discussed here. You should consult counsel of your choice if you have any dealings in these areas of the law. Volk Law Offices, P.A. and its attorneys and other employees make no representations or warranties with respect to the accuracy or completeness of the matters addressed.