When is a trade secret not a trade secret? When you don’t treat it like one.
Companies often believe they have legal protection for confidential or proprietary information simply because they call the information a “trade secret,” “confidential,” or “proprietary.” Unfortunately, however, what you call the information can be irrelevant. How carefully you protect that information from disclosure is far more important – and will usually determine whether the information will merit legal protection by a court.
Courts considering trade secret issues customarily assess trade secrets in two steps. First, does the information derive independent economic value from not being known to others? Second, if so, did the owner of the information take adequate steps to protect the information from disclosure? Too often, companies only pay lip service to the second step, and courts are increasingly denying trade secret protection when companies fail to institute concrete measures to safeguard their information.
How then can you increase the likelihood that a court will protect your information? As a rule, you should restrict access to confidential information to as few employees as possible, and only to those who need access for purposes of their jobs. Further, you should treat information you deem confidential differently than you treat non-confidential information. And while there is no silver bullet, cases analyzing trade secret claims yield some simple and effective practices that will demonstrate the value of the information you are trying to protect:
- Use confidentiality or non-disclosure agreements with employees, specifying (1) the precise information you contend is confidential and (2) the limitations on the employees’ use and disclosure of the information. These agreements should survive the employees’ employment, so they can’t use your confidential information at any time in the future.
- Require confidentiality or non-disclosure agreements with any business partners, vendors, customers, independent contractors and outside salespeople with whom you will share confidential information, specifying (1) the precise information you contend is confidential, (2) the limited purposes for which the information can be used, and (3) limitations on the sharing of the information.
- Institue and enforce clear policies requiring the return of confidential information after employment ends or a business relationship is terminated, and consistently apply that policy. The failure to require the return of confidential information even once can signal to a court that you don’t value the information as confidential.
- Institute and enforce policies and handbook provisions prohibiting the use or disclosure of company information outside the company.
- Train employees on what information you consider to be confidential and how to maintain the secrecy of that information.
- Restrict physical access to hard copies of confidential information to the limited group of employees who need the information, using locked rooms or cabinets.
- Restrict access to electronic confidential information to the limited group of employees who need the information, using encryption, password protection, firewalls and other measures that prevent access to the information.
- Restrict employees’ ability to make physical or electronic copies of confidential information.
- Forbid or at least limit access to and use of confidential information on employees’ personal devices.
None of these measures designed to safeguard confidential or proprietary information is particularly burdensome. But if instituted, these practices will go a long way towards demonstrating to a court that the information does indeed have value and is worthy of legal protection. Without them, you risk no protection at all.