A constant challenge for businesses with important trade secrets is how to simultaneously make commercial use of them while also preserving their legal status. To be protected as a trade secret, a piece of commercially valuable information must be “the subject of efforts that are reasonable under the circumstances to maintain its secrecy.” Cal. Civ. Code § 3426.1(d). Activities directed beyond the confines of the business present various disclosure risks, ranging from unscrupulous commercial partners to outright theft. External threats to trade secrets can be managed in various ways: robust contracts, tight limits on how and with whom information is shared, and so forth. But defending trade secrets also requires careful internal management.
A key question for managers of intellectual property is how far to take the policies and procedures that govern the control of a business’s IP portfolio. In some ways the law is frustratingly vague about what measures need to be taken. One often confronts uncomfortable ambiguities when crafting a concrete plan that will be “reasonable under the circumstances.” A guiding principle is that “reasonable steps” are sufficient to protect information in such a way that it can only be exploited by an outsider who uses inappropriate or unlawful methods to obtain it. The goal is therefore to ensure that anyone outside the firm who learns about a trade secret is doing so in a controlled way.
The overarching goal of internal trade secret policy is to prevent unprotected disclosures. Once information escapes the holder’s control, it can rapidly lose its special legal status. In some circumstances a business may choose to share certain trade secrets with third parties under confidentiality contracts. For many businesses such disclosures are difficult to avoid. For example, many businesses hire third-party contractors to maintain their computer networks. An IT professional may have incredibly deep access to a client’s information and needs to be subject to a strict contractual obligation to respect its confidentiality.
Unprotected disclosures can happen in other ways. A risk that probably keeps many managers up at night is that an employee accidentally discloses secrets bysending an email to the wrong recipient, or attaching the wrong files. A trade secret could also be accidentally revealed in a casual conversation. Such slips may leave a short window for recovering the secret before it is lost for good, but they need to be addressed promptly and with vigor.
Sloppy disclosures can happen in other ways that are potentially more problematic, because they are deliberate. Executives who are excited about a company’s technology might disclose more than they should when talking to people who aren’t bound by confidentiality obligations: journalists, industry groups, potential investors, and so forth. An advertising campaign for a new product might be designed in such a way that the trade secrets are effectively disclosed to sophisticated competitors. A trade secret could also be inadvertently disclosed in a publicly available patent filing, and potentially even in non confidential litigation paperwork.
The specific steps a company should take to control how its trade secrets are handled within the company itself will depend on the specific qualities of the trade secrets themselves and the size of the business, among other factors. A given piece of secret information will have certain raw characteristics that must be taken into account in crafting a program to protect it. A large file of computer code, which must be complete to function, may require a different approach than a formula that could fit on a single sheet of paper. Likewise, a very small firm will have different challenges from a very large one. Smaller companies potentially have an easier time ensuring their employees are using best practices, but they may also need to rely much more on outsiders and they may face greater employee turnover. Smaller firms may also be less likelyto have the full suite of controls over their electronic systems.
Here are a few examples of the kinds of internal strategies that many companies will find useful for protecting their trade secrets. For many of these, the object isn’t simply to establish a sound legal argument for why something should receive protection as a trade secret. More importantly, it is also to prevent unprotected disclosures in the first place.