Some of the most well-known and best-selling products in the world are protected by trade secrets. Famous examples include the recipe for Coca-Cola Classic, the 11 herbs and spices used by Kentucky Fried Chicken, and the recipe for Bush’s Baked Beans. Other famous trade secrets include the formula for WD-40, the process by which a book is included on The New York Times’ Best-Seller List, and Google’s search algorithm, which determines search results and the order in which you receive them every time you run a Google search.
However, being famous or well-known is not a requirement for something to be a trade secret. For example, the customer lists for many successful businesses are trade secrets. Computer software can be a trade secret, as can proprietary bidding systems, manufacturing techniques, and marketing strategies.
Because trade secrets help companies make money at their competitors’ expense, attempts to obtain them by wrongful means are far from unusual. As a recent study from The Center for Responsible Enterprise and Trade and PricewaterhouseCoopers recently explained:
Numerous actors – foreign intelligence services, competitors, transnational criminal organizations, hacktivists and malicious insiders – target and steal companies’ trade secrets for various reasons. Social engineering schemes such as tailored spear-phishing campaigns that implant malware to steal trade secrets, or duping employees into revealing sensitive corporate information, exemplify the means by which these actors engage in trade secret theft. Constantly evolving technologies in smart phones, laptops, and tablets that employees use for work provide additional means for threat actors to access a company’s secrets. Threat actors’ motivations are equally diverse. Some seek personal financial gain, while others hope to advance national interests or political and social causes.
As attempts to steal or misappropriate trade secrets have increased, related litigation has followed suit. A 2014 article in Inc. Magazine explained that: “the number of trade secret cases in U.S. federal courts doubled between 1988 and 1995, doubled again from 1995 to 2004, and is projected to double again by 2017.”
Although litigation can be an important tool in the fight to protect trade secrets, companies in all industries should consider implementing systems to keep trade secrets from leaking to outside parties, and to prevent the need for litigation. Taking such precautions can result in substantial savings, as well as avoiding the risk that trade secrets will become public, and their protections lost.
Trade Secrets Overview
Trade secrets in the United States are largely governed by state law. However, if a trade secret relates to interstate or foreign commerce, or if it is being stolen for a foreign power, the Federal Economic Espionage Act of 1996 (18 U.S.C. §§1831 and 1832) authorizes federal criminal and civil penalties for trade secrets misappropriation. At the state level, 48 states (New York and Massachusetts are the two holdouts), the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have all adopted the Uniform Trade Secrets Act (“UTSA”).
Under the UTSA, trade secrets can include information, formulas, computer programs, devices, methods, techniques, processes, or other similar items that:
• Their owners derive independent economic value from because they are not known to the public;
• The public cannot get through appropriate legal means; and
• Their owners take reasonable efforts to keep secret.
Trade secret protection lasts as long as the secret stays secret. Unlike patents or copyrights, which have expiration dates, trade secrets can remain valuable property for decades. One such example is the recipe for Coca-Cola. Owners of trade secrets have a variety of remedies to stop the misappropriation of trade secrets under the UTSA. The most important remedies are: injunctive relief, in which a court can order a person or company to immediately stop using trade secrets and to return all copies to their rightful owner; monetary damages for lost sales and other harm, which in egregious cases can be doubled; and awards of attorneys’ fees.
Easy Ways To Lose Protection
As more and more information is moved to computers, and more business is being done online, it is becoming much easier for trade secrets to be stolen or misappropriated through computer hacks and other electronic means. Given that scenario, computer software should be updated regularly with firewalls and other defensive measures, and programs put into place to ensure that information is not copied and released to third parties.
In today’s digital age, however, there are numerous pitfalls in protecting trade secrets that have nothing to do with technology. Consider the following scenario that incorporates facts from several recent court decisions. A company decides to outsource manufacturing or bid preparation work to a third party. Because the firm receiving the outsourced work needs access to trade secret information to perform the work, the parties sign a typical non-disclosure agreement (“NDA”) that provides all trade secrets will remain the property of the company that originally owned them. The NDA also allows a party disclosing trade secrets to stamp them confidential or proprietary to make sure there is no confusion.
Although the two companies sign the NDA, a number of documents are given to the outsource company that are inadvertently not marked confidential and do not contain any other notice that they have to be kept secret. Further, the outsource company does not require its employees to sign agreements that they will keep trade secret materials confidential. Compounding the risk of dissemination, the outsource company has several independent contractors work on the project who are not full time employees.
Ultimately, some disgruntled employees and independent contractors at the outsource firm leave and open a new business with trade secret information they took in violation of the NDA signed by their previous company. After the owner of the trade secrets files a lawsuit, the judge determines that the information in question has lost its status as a trade secret. In making this ruling, the judge notes that the plaintiff failed to take reasonable efforts to keep the information secret. For example, the information was not designated as confidential or proprietary. Further, the NDA did not require the company that received the information to have each employee and independent contractor sign an agreement acknowledgement that they too were subject to the NDA’s restrictions.
Another situation that commonly arises is when companies create a joint venture or strategic partnership and share confidential information to create a response to a request for proposals. In such cases, each member of the joint venture might see their partners’ confidential pricing materials, bidding methods, proprietary software, and other similar items. Unless careful contracting and information protection programs are employed, trade secret protection can be easily waived in such situations.
Companies also need to be careful about how much access employees are given to company data and information. If confidential information is freely available to all employees regardless of whether they need to use it as part of their job, a court could use that fact as a factor in deciding that a company did not take reasonable efforts to keep the information secret.
Companies who believe they have information that qualifies as trade secrets should consider implementing systems to make sure they keep such information as secret as possible. Although there is no “one size fits all” program for protecting confidential information that will fit every company, the following are commonly used strategies:
• Companies should require their employees (and any independent contractors with access to confidential information) to sign a carefully drafted NDA, which prohibits the employees and independent contractors from utilizing proprietary corporate information except where such use is in furtherance of the companies’ business interests. Employees and independent contractors should sign such NDAs no later than their first day of work, and they should be required to reaffirm their obligations under the NDA in exchange for every pay raise or promotion they receive.
• NDAs should be executed with third parties restricting the use of the disclosing companies’ confidential and proprietary information. Although legal counsel should be sought in drafting the NDA, such an agreement should typically require the receiving party to ensure that its employees have read and will abide by the terms of the NDA. Further, care should be taken in making sure that information that is disseminated under the NDA is marked consistent with the terms of the NDA.
• Even in the absence of an NDA, sensitive documents should always be stamped as “confidential,” and the most important marked as “highly confidential.” Electronic versions as well as hard copies should have these designations.
• Do not allow anyone to send out Excel spreadsheets, Word files, or other electronic materials that allow the recipient to determine a formula or how calculations were performed. Instead, require that all documents going to outside parties be in .pdf.
• Password-protect important computer files and limit as much as possible the number of people who have the password.
• Use strong passwords that are changed periodically.
• Make sure computer systems have strong firewalls and other protections that are regularly updated.
• Require employees to carry identification badges.
• Restrict all non-employees’ access to company premises by using visitor identification cards and requiring all visitors be accompanied by an employee outside of your reception area.
• Store sensitive records and materials in a separate locked room. If you have such a room, consider requiring a key card or a fingerprint for access.
Trade secrets can be one of the most important assets a company owns. With advance planning, they can continue to be important weapons for years to come.