If you’re not sure whether trade secrets may be an important asset of (or risk to) your company, just ask Bill Gates... His very own Corbis was slapped recently with a $20 million judgment by a Seattle court for apparently misappropriating trade secrets of Seattle startup Infoflows. So when I sit down with clients to review and help refine their intellectual property strategy, this is one area I always make sure is well understood. I often hear tech execs say that they are relying primarily on trade secret protection, as opposed to patents for instance, to protect their innovations and differentiate their business from that of their competitors. That’s all good (assuming it’s the right strategy in their case!). Yet, when I probe a little bit, I quickly realize that many don’t have a very clear idea of what trade secrets are, what the pros and cons are and, more importantly, what they need to do to protect those adequately.
So what is a trade secret anyway?
A trade secret is a form of intellectual property rights, just like patents, copyrights and trademarks, with the difference that trade secrets are not protected by federal law, but rather by a state-by-state in statutory or case law. Most US states (including Washington), have adopted the Uniform Trade Secrets Act (UTSA), codified at RCW 19.108.010. So in reality, it pretty much boils down to a federal regime (in the US at least), but you will be guaranteed to impress your friends every time you inform them of that subtlety! The UTSA defines a “trade secret” as information that derives actual or potential economic value purely from the fact that the information is not generally known to others. In order to be deemed a trade secret, the information cannot be easily ascertainable and must be subject to reasonable efforts to maintain its secrecy. The concept of trade secrets is often confused or interchanged with that of confidential information. Indeed, they are close cousins; while not all confidential information amounts to trade secrets (usually for a lack of economic value- e.g. the obsolete Power Point slides), trade secrets constitute confidential information of their owner and must remain as such to ensure any legal protection. For this reason, you will often see legal agreements (such as NDAs) list trade secrets –and rightly so- as part of the overall concept of Confidential Information. The textbook examples for trade secrets hail from America’s finest: fast-food! Indeed, Coca-Cola’s “secret formula” and KFC’s secret recipe for its “eleven herbs and spices” are the quintessential trade secrets. While recipes in general can be hard to protect under traditional intellectual property laws since they are often little more than ingredient lists and evolving methods of preparation, which can easily be adapted or revised, companies can protect such secret formulas as “trade secrets”. This is why KFC, Coke and so many others have gone to great lengths to establish and protect their trade secrets by fiercely and famously guarding them. In some cases, even business plans and customer lists can be protected as trade secrets. In the technology sector, trade secrets commonly involve source code, algorithms, production methods and technique, etc. Indeed, most commercial software companies treat their crown jewels – i.e. their source code - as trade secrets and will only distribute their code in binary format to retain their value over time. Conversely, the same source code loses its protection under trade secret the minute it is published, for instance, under an open source license or as the result of a leak.
Remedies for misappropriation of a trade secret can include court injunctions to prohibit use of the information or the payment of a royalty. Courts may also order that the offender pay damages for actual monetary loss caused by the misappropriation and/or damages for unjust enrichment that inures to the benefit of the person stealing the information. A court may even order “exemplary” or punitive damages if the misappropriation is deemed to be willful or malicious. However and unfortunately for the owner of the trade secret, once the word it out, they cannot put the genie back in the bottle and the secret –as well as the legal protection it enjoyed- are forever lost. This is why it is so important to protect those properly.
What is the best strategy to protect trade secrets?
Establishment and protection of trade secrets differs from that of other forms of intellectual property, i.e., patent, copyright and trademark in that a company does not ”apply for” or register the information with the government to secure the trade secret. Rather, a company can only ensure (and therefore, prove in litigation) that its information is a trade secret by keeping it secret. Once a company waives the confidential status of the information, trade secret protection ends. Therefore, a company is well-advised to develop and establish a plan for identifying what information it wishes to protect as trade secret (as well as all of its intellectual property), determine the steps it will take to ensure the ongoing confidentiality of that information, and implement that plan as these are vital both for minimizing leaks and enforcing protection if necessary.
i) Identification. The first (and arguably most important) step in protecting trade secrets is to understand and identify the information that should be protected as trade secret. This process can be arduous and expensive, since each item of potentially secret information must be individually examined and numerous factors considered. The most obvious consideration is the monetary value the company has in keeping the information secret from competitors and the public at large and how easy it can be ascertained from third parties, whether by reverse engineering or other means. Company leaders must also determine the extent to which the information is already known inside and outside the company, and by whom. For example, Coca-Cola’s original key ingredients (cocaine and caffeine) are well known and therefore now part of the public domain, but the present formula is very carefully guarded from both the public and all but a handful of its own employees. The company must then consider whether and what steps have already been taken to protect this information. Companies must think proactively – how might my competitor obtain access to my information? Employee or third-party disclosure (often inadvertent), computer hacking, dumpster diving, or robbery, plain and simple? Also important is an understanding of what types of information are not trade secrets. Classifying everything as trade secret weakens a company’s argument that the really important information was protected, and can limit or preclude court remedies.
ii) Company policies. After carefully cataloging and classifying what it wants to maintain as trade secrets, a company must take steps to protect the information by designing and implementing carefully worded internal policies governing how, and to what extent, employees and third parties will access, utilize and protect the secret information. Access should be shared on a need-to-know basis only. Those accessing the information must be trained, or at the very least informed, of the company policies and consequences of breach. The existence, education and consistent implementation of these policies serve to strengthen a company’s argument for protections and damages in court.
More relevantly, technology companies also establish and implement strict policies and controls for protecting their trade secrets. For instance, at larger software companies, developers are very rarely given access to the source code as a whole. Each developer or team of developers working on a component only has access to the particular code snippet concerned. Third parties, including partners and investors, are also given limited and controlled access to confidential information. When part of Microsoft Windows operating system source code was leaked to the internet in 2004, the company, in conjunction and cooperation with the FBI, investigated and determined that the leak was not caused by a breach in security or one of its own employees, but rather was a result of the company’s programs to share code with certain partners, resulting in a revision of company sharing policies. As such, there will always be a natural tension between the urge to protect the secrecy and the need to share information with partners, and companies have to strike the right balance in accordance to their own priorities. One thing is clear; identification, education, clear internal policies and limited access a company’s trade secrets will go a long way in preserving that protection over time.
iii) Contractual protections.
The most obvious of these policies are confidentiality agreements. Employees and independent contractors should be asked to sign proprietary information and invention assignments, and non-disclosure agreements (NDAs) upon hiring (non-compete covenants can also reduce risks in jurisdictions where they are enforced). These agreements must be carefully drafted in order to adequately protect the specific nature of the confidential information at hand. These contracts remind employees of their personal liability should they choose to misappropriate confidential information. Consequences may include lawsuits for damages and restitution, possibly including exemplary damages and attorneys fees, court orders to stop misuse, and of course termination of employment. Carefully drafted confidentiality agreements not only serve to put employees and independent contractors on notice of their duties to protect and preserve confidential information, but they also strengthen a company’s case in court should misappropriation occur. For the same reasons, it is paramount to each company when hiring new employees that they be reminded to not bring any trade secret of their previous employer and that they not be placed in a situation where they may be asked to share or re-use some of those for the benefit of their new employer, as tempting as it might be. A well drafted offer letter, a follow up welcome email and strict internal policies to that effect are highly desirable and will go a long way to shield the company from wrongdoings of a rogue employee.
Similarly, third parties, including partners and potential investors/acquirers, should also be required to sign confidentiality agreements. This is not always possible however: VCs are notoriously reticent to sign such agreements, and often have the financial leverage to push back, and it is logical that those parties would want to examine the inner workings before making a significant financial commitment while avoiding the inevitable “tainting” that comes with it. Companies must consider the risks at stake and how they can mitigate those (i.e. limited access). Absent a proper written NDA, they may want to disclose just enough to tease, but not enough to teach!
iv) Other protections.
Finally, in addition to the consistent implementation of strong company policies and carefully constructed contractual protections, a company should clearly label confidential information that they wish to designate and protect as a trade secret. Labeling such information as “confidential” serves several purposes. It puts employees and third parties on notice that company policies with respect to trade secrets apply to that information. As with the confidentiality agreements discussed above, labeling provides notice that consequences for breach of policy may result, and strengthens the company’s case in litigation. However, also as stated above, over-labeling can defeat these purposes. For obvious reasons, companies must also enact policies for document retention and destruction, in compliance with government rules and regulations, to ensure physical protection of the information. Personally, when I know a document is never to be shared outside the company, even under NDA, I will tell my clients to use the label “Proprietary & Confidential- For Internal Use Only”, which alerts employees who may not have all the details that something belongs to their employer and is not meant to be shared, regardless of whether there is a NDA in place with a specific recipient.
Employee exit interviews are another important tool used by companies to protect trade secrets and other intellectual property. Exit interviews remind and reeducate departing employees of their continuing contractual and fiduciary obligations to company, and consequential liability for breaching those obligations. Providing copies of the NDA and employment agreements that they signed at hiring is an effective technique to accomplish this purpose.
In short, trade secrets constitute one of the pillars of a company’s sound intellectual property strategy. As such, they require strong internal policies, continued vigilance and meticulously crafted agreements to remain effective as a building block to a company’s program to protect its intellectual property. In a world where it’s hip to be “open”, an open secret might be the last thing you want!