BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Specifically identifying your trade secrets is the first step in being able to protect them

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 11 Feb 2016 19:14:18 -0700
http://www.lexology.com/library/detail.aspx?g=9dee1186-93fc-40aa-b896-d86a71d31a25

To some it may seem obvious, but before a business can take reasonable
steps to protect its trade secrets, it must be able to identify which of
its intellectual assets are protectable as trade secrets. A business may
not differentiate between trade secrets and confidential information, but
there is a difference and a business should differentiate between the two
(see our previous post on the differences here). A business may believe
that whatever steps it takes to protect its confidential information will
be sufficient to protect all of its trade secrets. However, that approach
can prove harmful in practice, as the practical measures to protect the
intellectual assets may differ depending on the nature of the assets.

First, there is a difference between what information courts determine to
be a trade secret and what information courts determine to be confidential
information. A trade secret is a subset of the information that falls under
the umbrella of confidential information and requires heightened
protection. Second, if a business protects its trade secret information as
it protects its other confidential information, then the business may be
vulnerable to losing trade secrets either through theft or through a
judicial finding that the information is not a trade secret because the
business did not take reasonable efforts to maintain the secrecy or
confidentiality of the information.

Under the Uniform Trade Secrets Act, which has been adopted in 47 states,
to qualify as a trade secret, information must meet two requirements:

1. The information must be sufficiently secret to derive economic value
from not being generally known to others who can obtain value from its
disclosure or use; and
2. The information must be subject to efforts that are reasonable under the
circumstances to maintain its secrecy or confidentiality.

With regard to the first requirement, a business should consider creating a
master list of the information it believes to be a trade secret. This
master list may contain general categories of information or specific
information. The more specific a business can be in identifying the
information it believes to be its trade secrets, the more likely it is the
business will be able to put in place measures to protect the information
from disclosure and use by third parties under the act.

Once a business has identified the information it believes to constitute
its trade secrets, the business should identify where that information is
located within the business and who has access to that information,
internally and externally. Is the information something that can be
accessed in only one place and only a few people have access to it? Is
access limited to those who have a need to know or access the information
to perform their business functions? Is the information something that is
located in more than one place and can be accessed in several different
ways by many people in the organization? Is this information shared with
business partners outside the business?

Once a business has identified the information it believes to be its trade
secrets, where that information is kept and who has access to that
information, the business can evaluate the appropriate measures to protect
the secrecy and confidentiality of the information. The threshold is that
the business must put in place protections that are “reasonable under the
circumstances” to maintain the secrecy and confidentiality of the
information. What is “reasonable under the circumstances” will depend on
the nature of the information, where the information is located, who has
access to the information and how it is used.

A non-exhaustive checklist of steps a business might take to protect
information it considers to be a trade secret can be found here. However,
it is highly recommended that a business consult with an attorney familiar
with litigating trade secret matters to develop a robust plan to protect
its trade secrets.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: