Friday, August 3, 2012

Protecting Trade Secrets

As reported in the Wall Street Journal and other media, notoriously secretive Apple Inc. was forced to divulge many diverse, and fascinating, trade secrets in its closely-watched litigation with Samsung (now in jury deliberation). Witnesses were compelled to testify concerning Apple's development of the iPhone and iPad, its marketing budget and other sensitive matters, including - ironically - measures taken to protect the confidentiality of its trade secrets.
Unlike patents, a trade secret cannot gain protection through registration, but only through reasonable efforts to maintain its secrecy. For Apple, such efforts included "locking down" one floor in a building and installing cameras and keycard readers to ensure that Project Purple, their code name for development of the iPhone, would remain confidential. Team members were recruited only from within the company and were only told the nature of the project after they had joined the team.
While few of us deal with trade secrets of that magnitude, virtually every successful company has some commercially valuable information that derives its value from not being widely known. In a future blog post, we will address judicial, legislative and administrative issues relating to trade secrets, but this post concerns practical measures that should be considered to protect the confidentiality of trade secrets.
Perhaps the first step in any comprehensive effort to protect a company's intellectual property rights is to perform an IP audit, interviewing key personnel from various departments and functions, including R&D, product development, marketing, sales, legal and financial, compiling a list of all proprietary information, describing the nature of the information, how it is being protected, who has access to it (internally and externally), its approximate value, the cost of developing it, how easily it could be duplicated without authorization, and so forth, in order to develop a rational plan of protection.
Physical security measures may be employed, such as erecting barriers to prevent unauthorized entry onto the premises or to sensitive areas, employing security guards, requiring employee and visitor ID badges, storing materials behind locked doors or in locked cabinets, requiring users to sign a logbook, installing security cameras, requiring regular use of shredders (or employing a professional shredding service) and labeling confidential documents and materials as such. Computers should require passwords, which should be changed regularly, and copiers should record the user's ID.
More basically, sensitive information should be disseminated only to those with a need-to-know. In particular, employees should be instructed not to cc confidential information to the whole company, or worse yet to outsiders. After all, an item is - by definition - not a trade secret if reasonable efforts aren't made to keep it secret.
Each new hire should be required to sign an agreement containing confidentiality and non-competition provisions and a clause stating that all IP developed during the course of employment is assigned to the employer. Comparable language may also be stated in the Employee Handbook.
Confidential information should be shared with customers, vendors, contractors or other outside parties only to the extent absolutely required and only after receipt of a satisfactory, signed Non-Disclosure Agreement.
When an employee resigns or is terminated, the company should consider restricting the employee's access to sensitive materials and monitoring the employee's emails, downloading and copying activities.
Prior to departure, a checklist should be reviewed to ensure the employee has returned all company property, including notebook computer, ID badge, keys and so forth. The employee should attend an exit interview, where he or she is handed a copy of the confidentiality and non-compete agreements that were signed at hiring, is reminded of those continuing obligations and asked to sign an acknowledgement.
After departure, the company may wish examine the employee's computer, work area, files and other confidential information he or she was privy to, to ensure all appears to be in order. Finally, the company should preserve the former employee's emails and hard-drive temporarily (not simply assigning the computer to a new colleague), just in case of trouble.
While the unauthorized theft and misuse of a company's trade secrets can have devastating consequences that can be hard to quantify and even harder to remedy through legal action, at least the types of measures describe above can go a long way towards minimizing the risks and enhancing the odds of a satisfactory final outcome.

No comments:

Post a Comment