Trade Secrets: What Companies Must do to Protect them
A trade secret is, essentially, information of commercial value that is kept secret by those who have an interest in protecting and benefitting from its value.
The attribute of secrecy is fundamental to whether certain information qualifies as a trade secret. Unless the entity possessing the information makes a reasonable effort to maintain the secrecy of the information, the information will not be deemed a trade secret and will not receive legal protection as such.
The decision in the case of Abrasic 90 illustrates just how vital protecting secrecy is. Abrasic 90 v. Weldcote Metals, No. 18-C-5376 (N.D.Ill. Mar. 4, 2019). In that case, the court held that plaintiff Abrasic 90 could not show an adequate likelihood of success on the merits of its claims to warrant enjoining defendants, including plaintiff’s former CEO and his subsequent employer, Weldcote Metals, from operating in the abrasives industry and using Abrasic 90’s purported trade secrets to do so.
Central to the court’s holding was its finding that, although some of the information taken by the defendants was of such a nature that its compilation might be protectable as a trade secret, Abrasic 90 “did virtually nothing to protect that information to preserve its status as a trade secret.”
The company’s “data security was so lacking” the court had difficulty identifying “the most significant shortcoming.”
The court nevertheless lists those shortcomings, which included:
- Failure to enter into any nondisclosure or confidentiality agreements with employees, distributors, or suppliers.
- The nonexistence of any policy around the confidentiality of its business information.
- Failure to train employees or otherwise instruct them regarding their obligations to keep certain categories of information confidential.
- Allowing the defendant CEO’s employment agreement, with its nondisclosure and noncompete provisions, to expire five years prior to his departure.
- Failure to ensure any confidential information was returned when employment relationships ended.
- Failure to ask former employees to delete secret business information from personal devices.
- Use of a shared network drive, accessible via a shared password, with no encryption and no restrictions on anyone’s ability to access, save, copy, print or email anything kept on the shared drive.
- Rejection by the company of its IT manager’s recommendation that the company segregate certain documents, allow access only on a need-to-know basis and adopt an “Acceptable Device Use Policy.”
- Generally, doing nothing to protect trade secrets that was, in any way, different than steps taken to protect information that was “indisputably not a trade secret.”
The lessons are clear for any entity that wants to claim trade secret status for certain information. Steps to protect such information must include:
- Identification, labeling, and segregation of the secret information. When secret business information is unidentified and freely intermingled with non-confidential information, it undermines any otherwise reasonable measures to protect that information.
- Physically and electronically securing the information. Physical security means that hard copies of secret business information is kept in locked file cabinets, rooms or other areas of restricted access. Access to and use of electronic information must also be controlled. The information must not be made freely available on shared drives. Rather, access must be restricted to those who have a “need-to-know” the information. This may be done through encryption, access permissions systems, password protection, etc.
- Having clear data security policies to describe what is a trade secret, who is authorized to access, use, copy or disclose such information, and what employees must generally do to protect secret business information.
- Training employees on these matters.
- Adequate use of nondisclosure and confidentiality agreements with anyone to whom trade secret information is disclosed – especially employees. This includes keeping all such agreements current.
- Monitoring and enforcement of data security policies and nondisclosure and confidentiality agreements.
- Procedures to ensure the return or destruction of trade secret information in possession of others when relationships with employees, suppliers, distributors, and customers reach their end.
Designating information as a trade secret can have important implications for executives embroiled in non-compete disputes. This is becasue New York courts generally will not enforce a non-compete agreement unless necessary to protect a companies trade secrets. If a company does not take steps to protect its trade secrets then the information will be not be deemed a trade secret. This will likely prove fatal to the companies attempt to enforce its non-compete agreement.