United States: Protecting Trade Secrets Globally: Comparing The U.S. And EU

International attention to misappropriation of trade secrets has never been at a higher level. In early May 2014, a U.S. federal grand jury indicted several Chinese military officials for allegedly misappropriating trade secrets from U.S.-based companies; in late May 2014, the European Council announced that it is proceeding with a Directive to strengthen trade secret protection laws throughout the EU; and the U.S. Congress is now seriously considering the Defend Trade Secrets Act which would create an unprecedented federal civil right of action for trade secret misappropriation. When the two legislative bodies which govern the lion's share of the world's economy are paying close attention to trade secrets, it is timely for businesses to compare existing laws protecting trade secrets in the EU with those in the U.S., the proposals for change in both, and to implement or strengthen their corporate trade secret protection programs.

The Current State of the Law in the EU

European companies are increasingly exposed to misappropriation of trade secrets. One in five European companies has been the victim of trade secret misappropriation, or attempts at misappropriation, at least once in the past 10 years, and for two in five European companies, the risk of trade secret misappropriation has increased during the same period.

In Europe, the differences in the level of trade secret protection are significant, with some Member States offering only weak protection by means of fragmented legislation. In addition, there are differences in the scope of protection, the cost of litigation, and the level of enforcement in the differing jurisdictions.

In the responses to the European Commission's consultation on the protection against misappropriation of trade secrets and confidential business information at the beginning of 2013, 62% of respondents felt that divergent national protection of trade secrets against misappropriation had an impact when they were carrying out business across borders in the EU, and over half of the respondents wanted this issue addressed at the EU level. In an attempt to address these issues, the European Council announced on May 26, 2014, that a Directive on the protection of trade secrets and confidential business information from misappropriation and misuse by third parties would be taken up for discussion by the European Parliament.

The aim of the Directive is to harmonize national laws on protection against the misappropriation of trade secrets by establishing a common definition of "trade secret" and ensuring that in cases of unlawful acquisition, use, or disclosure of a trade secret, a sufficient and comparable level of redress across the EU is provided. Before looking at this proposal in more detail, an insight into some of the challenges currently facing a business wishing to protect its trade secrets and confidential business information in the EU can be gained by a brief comparison of the United Kingdom and Germany.

The United Kingdom

The United Kingdom is a common law jurisdiction in which trade secret law is fairly well developed in a body of judicial decisions. For information to be protected, it must be capable of protection, i.e., it must: (i) have the necessary quality of confidence; (ii) have been imparted in circumstances importing an obligation of confidence; and (iii) be subject to unauthorised use, or threatened use, of the information. There are four distinct categories of information and the category into which each piece of information falls will govern the extent to which it can be protected and also the available remedies (e.g., injunction, search orders, delivery up and damages/account of profits). The four categories of information are: (i) trade secrets; (ii) "mere" confidential information; (iii) information which is part of an employee's own general skill and knowledge; and (iv) trivial or public information. Only the first and second categories are capable of protection, and only the first category is protected both during and after employment, in the absence of any expressed restriction relating to such information. Depending on the precise circumstances, an employer may have some or all of the following potential causes of action against an employee who has misused or disclosed trade secrets without permission:

• Breach of duty under the employment contract (e.g., breach of the implied duties to act in good faith towards the employer, to respect the confidentiality of the employer's trade secrets and confidential business information, not to compete with the employer's business and not to solicit customers from the employer, and/or breach of the fiduciary duties to act in the best interests of the employer, of loyalty, not to profit from his/ her position, and to use information obtained in confidence from the employer only for the benefit of the employer);
• Breach of post-termination restrictive covenants;
• Breach of confidence (if the information used/ disclosed is capable of protection (see above); and
• Database right infringement (a database right will automatically subsist where the employer has made a "substantial investment" in obtaining, verifying, or presenting the contents of the database).

Germany

Germany, on the other hand, is a civil law country and trade and business secrets are protected by several statutes.While there is no separate "Trade Secret Act" in Germany, trade and business secrets are protected under scattered provisions in different laws and regulations, both civil and criminal.

Provisions dealing with the protection of trade and business secrets can be found in various acts including the Act against Unfair Competition (UWG), the Civil Code (BGB), the Criminal Code (StGB), the Commercial Code (HGB), and the Anti-Trust Act (GWB), and are established through Federal Labor Court rulings.

According to the relevant definitions, facts, circumstances, and/or processes qualify as trade or business secrets if: (i) they are related to a particular business enterprise; (ii) they are known only to a limited group of people (and are therefore not public); (iii) they are kept secret for economic purposes; and (iv) the business enterprise has an apparent and legitimate interest in keeping the information secret.

Under the terminology of the law, technical circumstances and processes (e.g., computer programs) are "trade secrets," while commercial circumstances and processes (e.g., customer lists and business strategies) are "business secrets." However, the level of protection is similar in relation to both categories of confidential information.

Moreover, additional contractual agreements ensuring that trade and business secrets are optimally protected are common. Confidentiality clauses in employment contracts must be transparent and balance the interests of employers (to keep their trade and business secrets confidential) and employees (to use the professional knowledge and experience gained during the employment in their subsequent careers).

In cases of unpermitted use or disclosure of trade and business secrets, an employer may seek civil law and contractual sanctions, including interim injunctions, cease and desist orders, damages, and termination of employment. The most important legal concepts providing for respective remedies are:

• Breach of the good faith principle pursuant to the Civil Code;
• Breach of duty under the employment contract; And
• Breach of a non-competition or confidentiality agreement.

While the relief available in the United Kingdom is limited to civil remedies, in Germany criminal penalties are also available in certain circumstances:

Under the Act against Unfair Competition, the unauthorized use or disclosure of trade or business secrets for the purposes of competition, for personal gain, for the benefit of a third party, or with the intent of causing damage can result in punishments such as imprisonment of up to three years or, alternatively, fines; and

In accordance with the German Criminal Code, the disclosure of trade and business secrets by certain professionals (lawyers, doctors, etc.) is subject to imprisonment of up to one year or, alternatively, fines.

The Proposed EU Directive

The European Commission has recognized the competitive need for harmonization, given that business success is increasingly dependent on know-how and innovation.

The desire to harmonize starts with the basics. The proposal for the Directive defines "trade secret" as information which:

• Is secret, i.e., is not generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;
• Has commercial value because it is a secret; and
• Has been subject to reasonable steps by the person lawfully in control of the information to keep it secret.

The proposal then sets out the circumstances under which the acquisition, use, and disclosure of a trade secret is unlawful, the key element being the absence of consent of the trade secret holder. Next, it addresses the measures, procedures, and remedies that should be made available to a trade secret holder in cases of unlawful acquisition, use, or disclosure of that trade secret by a third party, including a proposed limitation period of at least one year, but no more than two years, in which to bring claims This is significantly shorter than the current six year limitation period in the UK.

Although harmonization of the various Member State laws on trade secrets is ambitious, there is a general consensus that, for the reasons set out above, it is much needed.

The Current State of the Law in the U.S.

The Uniform Trade Secrets Act (UTSA)

Prior to the promulgation of the Uniform Trade Secrets Act in 1979 by the Uniform Law Commission, an American non-profit organization which drafts uniform legislation for consideration by state legislatures, each state had its own common law of trade secrets set forth in judicial decisions. Today, 47 states have adopted the UTSA in some form. However, some states have seen fit to modify some aspects of the UTSA, so that complete uniformity of trade secret law across the U.S. has not been achieved. Nevertheless, there is a high degree of uniformity in the 47 states which have enacted some version of the UTSA with respect to basic issues, including the definitions of "trade secret," misappropriation by "improper means," and the remedies available. The UTSA defines a trade secret broadly as follows:

"Improper means" of misappropriation is defined by the UTSA as "theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means." Remedies for misappropriation are well-developed, and may include injunctive relief, damages for lost profits, disgorgement of amounts by which the misappropriator has been unjustly enriched, or a reasonable royalty.

The Defend Trade Secrets Act

Despite the widespread adoption of the UTSA, some businesses and their legal counsel have become frustrated with litigating international trade secret cases in state courts, which unlike the federal courts, do not allow for nationwide service of process. Moreover, seeking discovery across state or national borders can be more complicated in state courts than in federal courts. Accordingly, the Defend Trade Secrets Act has been introduced in Congress to create a federal civil right of action under the Economic Espionage Act of 1996, which until now has provided only criminal remedies for misappropriation. The Defend Trade Secrets Act, Senate Bill 2267, has wide support within the U.S. business community, and bi-partisan political support from its sponsors, Senators Coons (D. Del.) and Hatch (R. Utah).

Conclusion: Businesses Should Implement or Strengthen Trade Secret Protection Programs Now

The international trend of strengthening legal remedies for trade secret misappropriation undoubtedly is a positive development for businesses which own trade secrets. However, legal remedies can only provide relief after trade secrets have been stolen, and after time-consuming and expensive litigation. In every time and place, the best way to safeguard trade secrets is to implement a proactive corporate trade secret protection program that effectively prevents misappropriation in the first place. The heightened international attention to trade secret protection is a wake-up call for companies that have not yet implemented a trade secret protection program to do so, and for revision and strengthening of such programs within businesses that already have them.

While an appropriate trade secret protection program will depend on the nature of each company's business, size, geographic locations, and other factors, every company has regular practices that touch their employees' lives. The lack of discussion of trade secret protection as a part of such regular practices may wrongly convey the message that data security is not important enough to be mentioned. Such regular practices may include:

• New hire orientation, including training (for managers and non-managers);
• Distribution of employment agreements (e.g., confidentiality agreements) and employment manuals;
• Performance evaluations, including awarding bonuses;
• Annual or other regular refresher training (for managers and non-managers);
• Messages from executive management ("setting the tone from the top");
• Postings on internal websites; and
• Other communications unique to particular organizations.

In an upcoming issue, we will discuss in more detail the converging methods of protecting trade secrets and privacy within the corporate environment, including the essential element of training of the workforce to minimize leakage of valuable data.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved