In our first post, we discussed the scope of trade secret protection, as well as how a trade secret is established and enforced. In this second post, we discuss trade secret "hygiene" – that is, best practices for maintaining trade secret protection over time.
Outlined below are specific steps that you can take to get the most out of trade secret protection. These measures will not only minimize the risk of having your valuable business information lost or stolen, but also put you in the best position to litigate a claim of misappropriation, if necessary.
Take Stock Early and Often: First things first – identify and catalog your startup's trade secrets. What are they, what makes them valuable, and what measures are you taking to keep them secret? This is not a one-time task, but an ongoing practice. As your product and business develop, your trade secrets, too, may change. Likewise, what may constitute reasonable efforts to maintain secrecy at one stage may not suffice later on.
Consider implementing an employee submission procedure and a periodic review (perhaps every few months, in periods of rapid development), to identify protectable information in the future, before the protection can be lost.
When identifying your trade secrets, consider not only your core innovation, but also any valuable data (or compilations of data) that your business relies upon. Even a combination of public information can be a trade secret, provided that the combination itself is not readily ascertainable (e.g., a list of publicly known addresses of businesses that you have determined as prime sales targets).
In the unlikely event that you need to bring a misappropriation claim, you will have the burden of identifying the relevant trade secret with precision and proving that it qualifies for trade secret protection in the first place. Inventory records can be powerful evidence to that end.
To ensure that the records can be used in court if necessary, consider establishing an inventory process that does not involve your lawyers – otherwise, the records may be protected by your attorney-client or work-product privilege, such that you cannot use it in litigation without compromising your company's privilege (which you do not want to do).
Take Reasonable Measures to Maintain Secrecy: An ounce of prevention is worth a pound of cure. Your secrecy measures should include as many as possible of the following steps based on your company's resources, the nature of the trade secret information at issue and the particular ways in which the information could be lost or compromised:
- Use nondisclosure agreements (NDAs) with all employees and third parties. The consistent use of NDAs is one of the most important factors for establishing that a plaintiff has exercised "efforts that are reasonable under the circumstances" to keep the secret a secret. NDAs also have the benefit of creating a contract-based cause of action to shore up your trade secret claims.
- Train incoming employees on their confidentiality obligations. Periodically refresh those trainings, particularly as an employee gains exposure to additional trade secret information.
- Establish an effective employee off-ramping process. When employees leave the company, take documentable steps to (1) remind them of their ongoing confidentiality obligations, and (2) ensure that no trade secret information leaves the company with them in electronic or hard copy form, whether intentionally or otherwise.
- Do not rely too heavily on non-compete clauses. Courts are increasingly critical of restrictive covenants against future employment. As such, you should not rely solely on such provisions to safeguard the information that your former employees possess.
- Disclose trade secret information – both internally and externally – only on a need-to-know basis.
- Use prominent confidentiality legends on sensitive documents.
- Use the term "trade secret," where appropriate, in discussing valuable, confidential information within your company. Imagine that, despite your best efforts, you are in litigation. The defendant who has misappropriated your trade secrets puts one of your employees on the witness stand. If your employee is asked whether she ever heard anyone in the company refer to the relevant information as a "trade secret" and her answer is "no," it may be hard to convince a jury that your business really considered the information a valuable trade secret.
- Implement an information tracking software system in connection with any sensitive documents so you can tell who has accessed what, and when.
- Employ electronic security measures such as firewalls, password-protected drives or servers, and data encryption; place reasonable limits on employees' ability to remotely access sensitive information.
- Have a destruction policy for copies of sensitive documents and digital files.
- Employ physical security measures, if appropriate. (No shoeboxes!)
Whatever policies you adopt, be consistent in how you practice and enforce them. The failure to consistently enforce such policies may be interpreted by courts as a lack of reasonable effort to maintain the secrecy of a trade secret.
Of course, even when reasonable precautions are taken, valuable business information still may be stolen or inadvertently disclosed. When that happens, do not despair – all is not lost. A single disclosure does not necessarily destroy trade secret protection, as long as reasonable measures were taken (and continue to be taken) to maintain secrecy.
Understanding how trade secret protection is gained and lost is an important step toward safeguarding your startup's innovative ideas and products. And as intellectual property protection goes, trade secret offers a significant "bang for its buck." By implementing a strategy as described above, you can maximize that protection – and you and your startup can venture beyond a closed development environment and into the marketplace with confidence.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.