June 10, 2020
Stepping Up to 21st Century Trade Secret Protection
©2020. Published in Landslide, Vol. 12, No. 5, May/June 2020, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.
Trade secrets are among a company’s most valuable assets but are often poorly understood, undervalued, and not well protected. The protection landscape is changing, as companies are increasingly turning to measures beyond nondisclosure agreements (NDAs) and litigation to protect these vital assets. There are few readily available resources, however, to guide companies in these eﬀorts, and most lawyers do not have experience in assisting clients in developing comprehensive and interdisciplinary trade secret protection programs. In addition, trade secret protection, by its very nature, needs to be highly customized and depends on a myriad of factors. This article explores some aspects of what I call “trade secrets 2.0,” or enhanced trade secret protection, especially in contexts where a business needs to share trade secrets with other businesses.
One study has shown that 84 percent of the Fortune 500’s value is no longer in bricks and mortar assets, as it had been 50 years ago, but rather is now in intangible assets.1 Among the most valuable intangible assets are things like public or registrable intellectual property (IP)—patents, trademarks, and copyrights—as well as trade secrets, which derive their commercial value from their secrecy. Several recent studies in the United States2 and abroad3 show that trade secrets are considered the most important form of IP by many businesses, even more important than patents. Factors leading to this conclusion include the growing intangible nature of the modern technologies and the challenges to maintaining patent protection in the United States for crucial areas of innovation such as software, diagnostic medical testing, and business methods. Other factors include the availability of new trade secret laws here and abroad, including the Defend Trade Secrets Act of 20164 in the United States and the 2016 European Union directive on trade secrets.5
Despite the evident paramount importance of trade secrets to today’s businesses, IP lawyers regularly talk about the three forms of IP—patents, trademarks, and copyrights—and some even question whether trade secrets should be categorized as IP. To be fair, the potential of what can be a trade secret is vast and covers not only technical trade secrets, including formulas, recipes, processes, and research and development (R&D)
Trade Secret Management
information, which all fall within the scope of what one would consider IP, but also customer information, business plans, marketing plans, ﬁnancial forecasts, and other business information that we would not necessarily think of as “intellectual property.” Indisputably, trade secrets are important business assets.
Therefore, IP lawyers need to become more educated on this area of the law, as well as on how businesses are currently thinking about trade secret protection.
For many years, the primary way that businesses protected trade secrets was through conﬁdentiality agreements, restrictive covenants in employment agreements, and enforcement in litigation, typically by employment lawyers and commercial litigators. Sometimes, IP lawyers, especially patent lawyers, will think about trade secrets in the context of deciding whether or not something is patentable. Typically, patent protection is encouraged by patent lawyers, businesspeople, and even investors who see patents as an important hallmark of investment-worthy companies. More recently, companies have relied heavily upon cybersecurity and data protection, thinking that those eﬀorts will save the day. Despite newsworthy examples of “stranger danger”—eﬀorts by hackers and nation-states to inﬁltrate a company’s computer networks and steal trade secrets—studies show that, historically, the vast majority of trade secret loss comes from insiders.6 These insiders include employees, former employees, business partners, suppliers, customers, and joint venture partners.
Against this landscape, many companies are starting to think more broadly and holistically about trade secret protection as a matter of business processes and not merely legal protection. Indeed, in-house attorneys who use these “trade secret 2.0 methods” regularly report that if they end up in trade secret litigation, it is because the business process (not just legal eﬀorts) failed. While helpful by-products of modern trade secret management are being in a better position for and reducing the cost of enforcement, the real end goal is to avoid the need for enforcement altogether.
So, what is modern trade secret management? It is a host of things and usually needs to be very company- speciﬁc because a one-size-ﬁts-all approach is not eﬀective. Some are proponents of a very formulaic approach to this eﬀort, expecting that all companies should follow a set series of steps or methodology—e.g., identify, categorize, protect, and value the trade secrets. While each of these components has value and should be considered in an eﬀective trade secret management program, the exact best approach will likely vary depending on a wide variety of factors, including but not limited to:
- the stage in the business life cycle (i.e., startup, growth, or established);
- the size (in terms of employees and revenues);
- the location (e.g., one vs. multiple, domestic vs. international, since trade secret laws can vary widely);
- the nature of the trade secrets (e.g., business vs. technical);
- the extent and strength of associated patent protection;
- the speed at which the protected technology is evolving;
- the age of the trade secret and time period in which it was developed;
- the availability of documentary records underlying the trade secret, its value, and protection eﬀorts to date;
- the value of the trade secrets;
- the existing data and cybersecurity protection policies and procedures;
- the sophistication of the workforce;
- the number of people who must handle the trade secrets within and outside of the company;
- the extent to which other’s trade secrets are being shared with the company (intentionally or unintentionally, such as by new employees);
- the company culture;
- whether or not there is an in-house legal team, the size of that team, and the experience of that team with trade secret protection;
- the existence and quality of contractual documentation (e.g., NDAs, employment agreements);
- whether or not there has been any enforcement eﬀorts to date and the outcome of those eﬀorts; and
- the availability and feasibility of new technologies such as blockchain to use in the trade secret protection program.
This list of factors is not meant to be exhaustive or to function as a checklist for this analysis, but is merely an illustration of the kinds of issues that need to be considered and addressed.
As should be obvious by now, a strong and eﬀective trade secret management program far exceeds what has historically been called a “trade secret audit.” It is comprehensive and interdisciplinary, requiring input from various parts of a company, including legal, IT, R&D, and other business units. It can be a signiﬁcant eﬀort. The design and implementation of such a program is typically outside the experience of most counsel, and there are few resources currently available to give companies a road map on how to even begin (although there are some eﬀorts underway to do so).7 One good place to start for many companies is to focus on key entrance and exit points, including not only employee onboarding and departure, but also trade secret sharing (inbound and outbound) with third parties.
Trade Secret Sharing
Third-party sharing is frequently the least addressed and one of the places with the highest risk. Inherently, once two businesses are sharing trade secrets, you have a more complex problem that is universally not solved by traditional trade secret protection methods. First, cybersecurity eﬀorts, which are primarily focused on preventing inﬁltration or unintended exits, are irrelevant. These eﬀorts seek to counter or preempt activities such as employee unauthorized downloading of vats of information to a thumb drive or uploading the data to a cloud drive, or inadvertent loss of equipment with trade secret information on it. Second, there likely will be NDAs or other agreements in place that require the receiving party to maintain the conﬁdentiality of the shared trade secrets. However, the reality is that such agreements, while possibly having a deterrent eﬀect, will not prevent misappropriation.
There are many diﬀerent scenarios in which trade secrets may be shared with third parties. One example is in the supply chain, where trade secrets may be shared with suppliers or vendors on the one hand, or with customers on the other. Some companies, especially smaller and startup companies, need to rely upon others to manufacture (and sometimes even develop) their products, or at least to provide components to the trade secret holder, occasionally made according to the trade secret holder’s speciﬁcations. This is commonly seen in the food industry, for example, where many startup and small companies rely on a “co-packer” to make their products. Sometimes, the trade secrets are the source of supply or the exact nature of what is being used (as opposed to having something made to trade secret speciﬁcations). Other times, a vendor or supplier is using the company’s trade secrets to do work for or provide a product to a customer—in those scenarios, there is also a risk to the trade secrets. Similar issues arise in prospective and actual joint ventures, where business parties inherently need to share technology to see if the joint venture will work and then during the relationship.
Another scenario in which trade secrets are shared among businesses is when a trade secret owner is seeking an investment or a merger or acquisition. In those situations, trade secrets may be shared as part of due diligence with multiple potential investors or merger/acquisition partners, as well as with the ultimate investor or business partner. Often, in those scenarios, the potential receiving party will ask not to receive any trade secret information. However, given the breadth of the kinds of information that trade secrets cover and the need to “sell” the company, trade secrets may be shared anyway (perhaps unintentionally) by the business team.
One factor that is very important in these kinds of sharing situations is that the parties in the relationship frequently may not have equal bargaining power. This can be helpful in some ways if you are the more dominant party, as you can put conditions on how the receiving party handles your trade secrets. But even dominant parties have risk in these scenarios, most notably the risk that the other side will later accuse you of trade secret misappropriation. If you do not have leverage in the relationship, it can be more challenging to ensure that measures are in place to protect your trade secrets.
What are some steps you can take if you are going to be sharing trade secrets with third parties (or receiving theirs)? First, even if you do not already subscribe to the idea that all companies should identify all of their trade secrets or have not yet done so, now is the time. On some theoretical level, identifying all trade secrets as early in their creation as possible has appeal. The practical reality is that most companies have not done this to date; it would be a substantial, if not Herculean, task for them to do it (especially in large companies), and it would be a
moving target. Given this, most companies up until now have refused to attempt it—and some suggest it should never be attempted. Not only would it be supremely diﬃcult and often always out of date, but what if you forget something? Or what if you articulated the trade secret in a way that is later not helpful in litigation? Not unreasonably, others suggest that one never knows what will truly be considered a trade secret until the time of enforcement, because of technology changes. Whether or not something is a trade secret does need to be considered in the technological context at the time of enforcement. We do not need to get bogged down in this debate. However, if there ever was a time when you needed to identify what your trade secrets were (other than at enforcement), when you are sharing your technology with other companies is certainly an important time to do it!
Several recent cases underscore the beneﬁts of identifying trade secrets when sharing them with third parties. One example is Big Vision Private Ltd. v. E.I. DuPont de Nemours & Co.8 In Big Vision, the trade secret owner was unable to enforce its trade secrets because the court held that it had failed to give DuPont, which also had been developing technology in the area in question, clear notice of what trade secret information was being shared. Another example is ScentSational Technologies, LLC v. Pepsico, Inc.9 In ScentSational, although the trade secret claim was decided against the trade secret owner on causation/damages grounds, the owner also lost his bid to be named as a coinventor on the patent that he alleged included the trade secret. The court determined he had no contemporaneous records describing the trade secret, which was necessary to corroborate his claim of a joint invention. These cases are, of course, only two of the many examples that exist where business relationships went awry, and trade secret misappropriation was claimed (if not found). But what is clear from these cases is that trade secret identiﬁcation contemporaneous with the sharing of information would have been helpful and may have changed the outcome (perhaps avoiding a frivolous claim or making a claim more successful, depending on your perspective).
One word of caution when you are identifying trade secrets: be careful not to be too narrow. One thing clients— and even attorneys—do fairly often is to have an overly narrow view of what they are calling a trade secret. This arises for several reasons. First, there is a valid concern that overbroad designations will be harmful at the time of enforcement, or maybe oﬀ-putting to business partners who do not want to have access to much if any of your trade secret information. Second, many engineers and businesspeople dismiss a lot of what they do as common knowledge, easily ﬁgured out, etc., but when one probes more deeply, one quickly realizes that is not always true. Finally, many lawyers also do not fully understand the scope of what can be considered a trade secret under the law and think that only “big” things like the Coca-Cola formula are trade secrets and thus worth protecting. But it is often the more subtle things—like R&D information or process secrets—that will make your case in enforcement and can give the trade secret misappropriator the business advantage.
Assuming you have a good handle on what you are trying to protect as a trade secret while also avoiding accusations of misappropriation, there are some other recommended practices that you can use to mitigate potential loss or future claims. One key fact is to know who you are doing business with and understand how they handle their trade secrets. Does the company you are working with have a history of not respecting other’s IP? Do they know what their trade secrets are, and are they being transparent with you on whether what they are sharing is a trade secret or whether they already know what you are sharing? Vague statements about your
own or the other side’s trade secrets are only going to hurt you later. What kind of conﬁdentiality measures do they use for their information? Many agreements—especially when the party sharing trade secret information does not have a lot of leverage—will not have speciﬁc provisions on how trade secret information will be handled. Rather, the agreements include a clause that says “protect our stuﬀ like you would your own.” That is great, in theory, but what if they are not doing a good job of protecting their own stuﬀ? Chances are they are not going to do any better with yours.
Think carefully about whether you need to share trade secret information with the other side in the ﬁrst place. Can you put the information in a black box? If using vendors, can you make sure no one vendor has all your information? Can you show them the information while not letting them have copies or disabling a way to make copies? Even if printing is disabled, there are always screenshots and phone cameras. Thus, one really needs to think this through and explore available technical options.
If you have leverage in the business relationship, you should consider other contractual requirements. For example, can you limit the number of people on the other side with access to your trade secrets? Can you designate who those people are? Train them? Require them to sign NDAs with you? Can you limit internal copying and require the return of information at the end of the business relationship? You should also consider higher tech options and other options that might be available uniquely in your industry or area of technology. One caveat is that even if you have a lot of business leverage, you still need to think practically about what you can reasonably expect the other business partner to do. If the business partner is a small company, they may not have the resources to meet your requirements but may sign an agreement because they want the business and do not have proper legal counsel. That will give you an excellent breach of contract claim later, but practically speaking, renders your carefully drafted protection measures useless.
All of these eﬀorts and measures are pointless unless you monitor and enforce them. If you are placing contractual requirements on the third party, how are you checking to see if they are honoring them? For example, one of the most often overlooked conditions is requiring the return of the trade secret information at the end of the business relationship. Think about companies sharing molds with factories in China—are companies getting them back at the end of the relationship, or are factories keeping the molds and continuing to proﬁt from them? Of course, when trade secret misappropriation is suspected, a quick and thorough response (typically legal, but may also be technological) is also essential. Even if the particular incident is not that concerning at the time, the way trade secrets work, if eﬀorts are not consistently made to protect them over time—including following up on misappropriation—the trade secret may not be enforceable later when it matters.
This is only a snapshot of how one can approach trade secret sharing. There are many other techniques that can and should be considered, including those which would generally protect trade secrets regardless of whether they are shared. Most businesses would beneﬁt, for example, from having a web of IP protection, such as using both patents and trade secrets to protect a particular technology. In addition, all businesses should
train employees on these issues and create a culture around trade secret protection. The most important thing that can be done, however, is to proactively think about the issues and develop a plan to address them. That, in a nutshell, is the heart of trade secret 2.0 protection.
- OCEAN TOMO, INTANGIBLE ASSET MARKET VALUE STUDY (2019),https://www.oceantomo.com/intangible-asset-market- value-study.
- BAKER MCKENZIE, THE BOARD ULTIMATUM: PROTECT AND PRESERVE. THE RISING IMPORTANCE OF SAFEGUARDING TRADE SECRETS (2017), https://www.bakermckenzie.com/-/media/ﬁles/insight/publications/2017/trade-secrets.
- EUROPEAN INTELLECTUAL PROP. OFFICE, PROTECTING INNOVATION THROUGH TRADE SECRETS AND PATENTS: DETERMINANTS FOR EUROPEAN UNION FIRMS (2017), https://euipo.europa.eu/tunnel-web/secure/webdav/guest/document_library/observatory/documents/reports/Trade Secrets Report_en.pdf.
- 18 U.S.C. §§ 1836 et seq.
- Council Directive 2016/943, 2016 O.J. (L 157) 1.
- David S. Almeling et al., A Survey of In-House Attorney Views on Trade Secrets, LAW360 (Jan. 12, 2018), https://www.law360.com/articles/999664/a-survey-of-in-house-attorney-views-on-trade-secrets.
- These include the Sedona Conference Working Group 12 Team 5, Governance and Management of Trade Secrets (https://thesedonaconference.org/wgs/wg12), and the Licensing Executives Society’s Intellectual Capital Management Standards Project, IP Protection in the Supply Chain standards drafting team (https://www.lesusacanada.org/page/supplychainst).
- 1 F. Supp. 3d 224 (S.D.N.Y. 2014), aﬀ’d, 610 F. App’x 69 (2d Cir. 2015).
- No. 13-cv-8645 (KBF), 2018 WL 2465370 (S.D.N.Y. May 23, 2018), aﬀ’d, 777 F. App’x 607 (Fed. Cir. 2019).