Are Your Secrets Safe? The Time Is Now For A Trade Secret Audit

Monday, August 1, 2005 - 01:00
Elliot D. Ostrove

While specific laws regarding trade secrets may vary from jurisdiction to jurisdiction, it is generally accepted that any type of information that provides an actual or potential economic and/or competitive advantage may be considered a trade secret. For such information to be a protected trade secret, however, its secrecy must be maintained.

There are many ways that an outsider can come into possession of your company's trade secrets, ranging from inadvertent disclosure to corporate espionage. The most common and likely avenue of disclosure is through current or former employees. Therefore, while many of the issues discussed herein will pertain to general protection of trade secrets, the focus will be on protection of those trade secrets, vis-à-vis the company's employees. To ensure secrecy, a plan of protection is needed.

Identification Of The Trade Secret

The first step of any plan for protection is to identify that which is sought to be protected. Sounds simple in concept, but in reality, it is challenging for a company's management to identify all the information that needs protection. This is so because in contrast to intellectual property such as trademarks, patents, and copyrights, there is no requirement to register or file a trade secret with any agency or governing body in order to fully protect the information. Consider the variety of information that could be valuable trade secrets:

Product formulas; customer information; prospective customer information; product designs; contract specifications; business solutions; company financial information; costs of materials; profit margins; planned (unreleased) product lines; marketing strategies; pricing strategies; chemical formulas and even knowledge of what not to do in research, development and/or production of a product; and many more.

Identifying a company's trade secrets in these and other categories starts with asking the question "What information does the company have that gives it an advantage over its competitors?" It is important to not only ask management, but also the company's engineers, researchers and the "people in the field." The latter groups will be in touch with what is considered state-of-the-art in the industry and will have a day-to-day working understanding of what information is providing the company an advantage over its competitors.

Protection Of Information

It is not unheard of for in-house counsel or senior management to identify a type of information as a trade secret only to find out that an engineer or researcher involved in the development of the information has recently published their findings in a trade journal. So, the plan for trade secret protection cannot end with the identification. For information to qualify as a trade secret, it not only must provide the company some economic and/or competitive advantage, but it also must be maintained as a secret. Therefore, once the information that should be protected is identified, the method of storage, transmittal and use of the information together with appropriate protections for the information must be implemented.

When considering proper storage of information (the appropriate level of security needed), first determine what form the information takes. Is the information in "hard" form - on paper in reports and files - or is it in "soft" form - electronic on a computer or other electronic storage device? If the information is in "hard" form, consider whether it should be marked "confidential," whether it should be stored in locked cabinets, whether the cabinets need to be in a restricted area, or whether other measures should be taken to limit exposure of the information.

More likely today, the information will be in electronic form. Such storage increases the ability to protect the information and, at the same time, increases the ease of dissemination or misappropriation of the information. If only certain employees need access to the protected information, consider storage of the information in a separate password protected database or even a completely separate network. Layers of additional protection can be placed from there. Such protection can be as simple as ensuring that if the information is printed, a legend at the bottom of each page reads, for example, "Confidential Information of Company - DO NOT DUPLICATE." Or, it can be more technical such as further segregation of information with additional password protection, use of propriety software so that the ability to transfer information to an outside computer is reduced, or encryption of the information.

All possibilities should be considered in light of the value of the information, the shelf-life of the information, and other factors that are unique to each business. Once appropriate measures are determined to physically secure the information, measures must be taken to protect the information from every company's greatest asset and greatest threat of misappropriation/dissemination - its employees.

Employee Protection

A company has three points of contact with its employees. At each point, the company can take simple steps to protect its trade secrets and confidential information. Those points of contact are (1) at the time of hire, (2) during the term of employment, and (3) at termination of the employment. Since human resources personnel are involved at all three points, it is important to ensure that human resources personnel are properly trained on all issues, have an understanding of the various policies of protection and are properly ensuring the enforcement of those policies.

At Hire

The company's first contact with an employee is when that employee is hired. That is also the company's first opportunity to introduce the employee to its trade secrets and confidential information and lay the ground rules for the use and disclosure of information. Emphasizing from the beginning that the company has trade secrets and confidential information and that it expects its employees to keep those confidences can avoid any confusion or misunderstanding in the future. The more specific the company is, the less possibility there is for misunderstanding.

There are several steps a company can take to introduce the employee to its trade secrets and confidential information and to emphasize the requirement of protecting information. For example, a confidentiality section in the company employee handbook; and/or requiring employees who come into contact with confidential information to execute confidentiality agreements. (Issues of enforceability must be addressed based on the specific facts and law of the particular jurisdiction.) In both instances, a description of the confidential information should be included and the more specific the description (without disclosing the secret) the better. Other examples include a contract restricting the employee's ability to solicit customers for a limited period of time; or a contract restricting the employee's ability to work for a competitor for a period of time. (Again, issues of enforceability of such restrictions must be addressed based on the specific facts and the law of the particular jurisdiction). Consider whether confidentiality should be addressed as part of the new employee orientation process. There are many others.

The goal must be to put in place the strongest protection for the company's secrets while at the same time putting the employee on notice as to what those secrets are. A balance must be struck, however, between protecting company secrets and imposition of a policy of mistrust.

During Employment

Throughout any employee's tenure he/she is likely to have almost daily access to information that the company has deemed to have value. There are several things that can be done to ensure that employees keep in mind their obligations to protect company information.

Reminders of the sensitivity of information can be put in place. For example, when protected information is printed, a legend can be printed at the bottom of each page noting the confidentiality of the information. When an employee is about to access a protected database, a pop-up screen can remind the employee that the information they are about to view is confidential. So too, a similar screen can pop up prior to printing the information. When the definition of your company's confidential information changes, e.g., new groups of information are added to the list of what the company considers confidential, consider sending a memo to affected employees.

The goal of each of these examples, as well as many other things that can be done, is to remind employees of the company's confidential information and how that information should be treated. This is one of the ways to avoid accidental or mistaken disclosure. It is also a way to ensure that the employees and management are on the same page with regard to what is and what is not confidential.

Most important during this time period is to keep track of employee movement and make sure that documents that were executed at the time of hire continue to safeguard the company. A system of review of executed documents and employee positions can be put in place to make sure that when employees move (either up the corporate ladder or change physical location), the previously executed documents continue to provide the company with protection.

At Termination

Whether an employee's employment has been terminated voluntarily or involuntarily, it is important to make sure the company's information is protected as that employee walks out the door. There are many security measures that can be put in place at this stage. Examples include exit interviews (including a request for the return of information) and employee termination certifications in which the employee states they have returned or will return information.

More invasive measures can also be employed, such as escorting the employee from the premises, review of materials left in the employees work area and inspection of the employee's computer. However, state and federal laws regarding, for example, employee rights and electronically stored communications, must be considered if any of these policies are put in place.

The Audit

Protection of trade secrets and confidential information is often a task that is relegated to the back-burner during the busy work day and is only seriously considered after there has been a breach in security. It is clear, however, that protection of trade secrets and confidential information is best accomplished by a comprehensive plan of protection. The best protection is accomplished by putting such a plan in place before disaster strikes. To ensure the greatest protection for the company's secrets, identify protected information and be sure to establish policies and procedure to protect that information. Then, periodically review the information being protected and the policies and procedures for the protection of that information. Inadvertent disclosure can be avoided (or at least the possibility is severely reduced) by such a plan. If the information is misappropriated and litigation is necessary, a comprehensive plan put in place can reduce initial costs of investigation and will only strengthen any claim that the information is held in secrecy and therefore entitled to protection under the law.

Elliot D. Ostrove practices in the Litigation department at Pitney Hardin LLP, where Mr. Ostrove is an Associate. This article represents the author's opinions and does not necessarily reflect the views of Pitney Hardin or any of its clients. Mr. Ostrove may be reached at (973) 966-6300.

Please email the author at with questions about the article