Trade Secrets: The ‘Reasonable Steps’ Requirement 19/08/2015 by Intellectual Property Watch Leave a Comment Share this:Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Facebook (Opens in new window)Click to email this to a friend (Opens in new window)Click to print (Opens in new window) The views expressed in this article are solely those of the authors and are not associated with Intellectual Property Watch. IP-Watch expressly disclaims and refuses any responsibility or liability for the content, style or form of any posts made to this forum, which remain solely the responsibility of their authors. By Pamela Passman, President and CEO, Center for Responsible Enterprise And Trade (CREATe.org) Trade Secrets: Seeking to Define the ‘Reasonable Steps’ Requirement The pervasive use of information technology, rise of worldwide supply chains, the relentless physical and internet exchange of data in every business sector, and an explosion in online data thefts has elevated trade secret protection to the top priority at many companies. The stakes are high. Theft and misuse of trade secrets can have devastating effects on a company’s earnings, competitiveness, reputation, and even their existence. When the worst does happen and trade secrets are compromised, regional and national laws require companies to take reasonable steps to protect trade secrets and intellectual property (IP). But figuring what “reasonable steps” are can be challenging since governments have been vague about the term’s definition. Additionally, laws and legislation continue to evolve on this issue. Nonetheless, we can gain insights into the ‘reasonable steps or efforts’ requirement based on how courts have responded to date on this issue. In short, court actions point to the need for companies to embed trade secret protection into business operations to qualify as legal protection. Originated in US Legislation, Adopted Globally The term “reasonable steps’ to keep information secret derived from model legislation created by the United States as part of the Uniform Trade Secrets Act (UTSA) drafted in the 1970s. The UTSA provided a template that most US states used to develop their trade secret laws and sanctions, and many countries have adopted verbatim or in substantially similar terms in their trade secrets laws. The 1996 World Trade Organization (WTO) Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) was the first international treaty to protect trade secrets and other undisclosed information explicitly. TRIPS defines protection of such information as a form of protection against unfair competition, incorporates “reasonable steps” and requires its 161 country members to implement laws in line with this approach. In the US and Europe, there are moves to enhance protection of trade secrets. In both instances, the definition of trade secrets would include the requirement that the owner has taken reasonable measures to keep such information secret. Some countries, notably Japan and Russia, have specified in their legislation or case law more detailed lists of protection measures that the owner or controller of information must implement. In Russia, companies must implement a “regime” of trade secrecy, ranging from defining a list of information constituting commercial secrets, and limiting and tracking access to that information to regulating use and affixing a “commercial secret” stamp specifying the holder of that information. Japanese courts have said trade secret holders must limit the number of people with access to the information, give clear notice that the subject matter is secret, and implement physical and electronic access restrictions. Complying with ‘Reasonable Steps’ In an assessment of protections companies have implemented in winning lawsuits globally, several elements of an effective trade secret protection plan have emerged. Centering around eight categories, these include: Creating policies, procedures and agreements and other records to establish and document protection Putting physical and electronic security and confidentiality measures in place Initiating risk assessments to identify and prioritize trade secret risks Establishing due diligence and other ongoing supply-chain management procedures Creating an information protection team to manage oversight and coordination of policies, procedures and agreements Training employees and suppliers Monitoring and measuring corporate efforts Taking corrective action and continually improving policies and procedures For years, many companies, particularly high technology companies, have simply relied on non-disclosure agreements and securing their networks as their first lines of defense, which the courts have determined are evidence of “reasonable measures.” However, the courts have also mentioned a company’s overall corporate policy is important for maintaining confidentiality as evidence of to protecting trade secrets. More importantly, the policy, procedures and records need to be followed consistently. The inability to follow company procedures has led to insufficient protection of a company’s trade secrets, several cases have shown. Extend Practices beyond Nondisclosure Agreements and Network Security As several lawsuits have shown, companies must also extend their procedures and policies to third parties that may have access to sensitive company data or trade secrets. To minimize risk, companies should also identify and classify what they deem to be corporate secrets, and assess the risk in the event that they are stolen. They need to keep a record of who has access to the information and train employees and suppliers about how secrets should be protected and what is expected of them when handling such information. The “reasonable steps” do not end there. Companies should designate a person or team with overall responsibility to protect trade secrets and make sure corporate policies are enforced, maintained, and updated. Failure to have someone or a team protecting trade secrets has been frowned upon in some court cases. An ad hoc approach often leads to the likelihood that “no one is in charge,” courts have stated. Having a team or person in charge ensures that trade secret protection isn’t just a one-time exercise that happens at company startup or when an employee gets hired. To ensure employee compliance and to maintain consistency, ongoing procedures should be continually updated and reviews should take place annually. The courts have praised firms who review nondisclosure agreements and have them re-signed annually, and praised companies for keeping detailed security reports, for example. Companies Need a Comprehensive Protection Plan It is vital for companies to understand what “reasonable steps” are and what best practices need to be implemented as a global consensus converges around “reasonable steps” for trade secret protection. The world has seen a dramatic increase in cyber terrorism of companies of every size, and to protect critical business information and trade secrets, companies need to move beyond nondisclosure and network security and put more comprehensive plans in place. Failure to do so could damage not only a company’s reputation but also its competitiveness and future. A whitepaper on the topic of the “Reasonable Steps” requirement can be found here. Pamela Passman is founding President and Chief Executive Officer of the Center for Responsible Enterprise And Trade (CREATe). Learn more about IP and trade secret protection at www.CREATe.org. Image Credits: CREATe.org Share this:Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Facebook (Opens in new window)Click to email this to a friend (Opens in new window)Click to print (Opens in new window) Related "Trade Secrets: The ‘Reasonable Steps’ Requirement" by Intellectual Property Watch is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.