As recent high-profile cases have shown, it is essential for in-house counsel to devise comprehensive policies to protect their confidential information. Here is a guide
Industrial espionage has always been with us and, if anything, the importance of industrial secrets is increasing. In some companies secret technology is one of the most important assets. However this area of the law has never been given quite the same attention as other areas of intellectual property.
The law of trade secrets
The law of trade secrets in the UK has largely developed through civil case law as an equitable doctrine. At its most basic, in order for a breach of confidence case to succeed, a claimant must show at least that the information in dispute was of a confidential nature and that there has been some unauthorized use of the information (or such use is threatened).
In the case of patents, infringement may cause damage to the proprietor but the patent still has value. A problem with trade secrets is that unless the misuse is caught at an early stage, if the information reaches the public domain then the asset may become valueless. An injunction may be of limited value and damages may be inadequate because of the difficulty in assessing the long term value of the asset.
One oddity is that in the UK if an employee takes away a trade secret recorded on a piece of paper that is worth a few pence he may be guilty of a criminal offence; if he copies the information onto his own paper then he is not. However, of course in many cases the real value lies in the information, not the material on which it is recorded.
As the law stands in the UK, trade secrets do not constitute property for the purposes of the Theft Act and so cannot be stolen. In the 1970s a student was prosecuted for stealing the contents of an exam paper (which he then returned having absorbed its contents). He was disciplined by the university but escaped prison. Although the Theft Act states that stolen property can include intangible property, the Court ruled that this did not include confidential information. Since the student returned the paper, he had not "permanently deprived the owner" of the paper so he had stolen nothing. Even if the confidential information constituted "property" there would be no theft in any event because the original owner still had the information – although in a devalued form.
What is needed is a new statutory offence. The Law Commission proposed an offence of trade secret misuse that would be committed by a person who uses or discloses a trade secret belonging to another without that other's consent, provided the defendant knew the information was a trade secret and that the other person did not, or might not, consent to its use or disclosure. This was proposed in 1997 but nothing has yet happened. Quite why is difficult to say.
Other countries have seen no difficulty in introducing legislation to deal with the issue. Misuse of trade secrets has been a criminal offence in Switzerland for years. There is also legislation dealing with the issue in the US and Canada.
Criminal prosecutions for trade secret misuse and industrial espionage are becoming more commonplace in the US. In May 2007, a Coca Cola employee was sentenced to eight years in prison for trying to sell trade secrets to Pepsi. Last year a federal grand jury indicted an auto-parts engineer, his wife (the company's former vice president for sales) and a former company metallurgist on 64 counts of stealing trade secrets. It is claimed that they handed over hundreds of confidential computer files to potential Chinese competitors. The trial is due to start later this year.
Frequently trade secrets cases involve individual defendants – disgruntled employees or other individuals looking to profit by selling confidential information to a company's competitors. Individuals may have inadequate resources to pay damages in a civil claim. Where this is the case a criminal prosecution is likely to be the only real deterrent to trade secret misuse.
The value of trade secrets
Trade secrets can be worth many millions of dollars. In a high-profile dispute, car maker Ferrari is suing McLaren's chief designer and his wife for alleged misuse of its trade secrets. Ferrari claim that the designer had in his possession a technical dossier containing confidential information for designing and running a Formula 1 racing car. This dossier is said to relate to the 2006 and 2007 Ferrari Formula 1 car and a particular engineering technique to lower the car's floor. Ferrari alleges that the technology has given McLaren the edge in the 2007 championship. Ferrari has said they will suffer losses of at least €5.5 million if McLaren wins the 2007 championship and that there will be damage to the value of their brand and consequent sponsorship opportunities.
How can a company protect itself?
If the criminal law in the UK offers no deterrent, what can a company do to protect its trade secrets? A company should first carry out an audit to identify its most valuable information. When this is done the company needs to ensure that the information can be shown to be and continues to be confidential. The protectable information may be more than the formula for rocket fuel – it can also be business information, such as customer lists or sales data.
Different levels of security may be appropriate for different types of information. At the very least all employees' contracts of employment and third party contractors' contracts should include a carefully drafted confidentiality clause governing use of the company's information. A company's highly confidential information should be clearly marked as such and should only be distributed internally to those who need to know it. For highly important technology it can be advantageous to keep a log of those who have access. At least this will provide a place to start if things go missing. It is also important to educate employees on the importance of the protection of trade secrets and other proprietary information.
Some of the most frequent disputes relate to employees who have left to work for a competitor. Inevitably the ex-employer alleges that the ex-employee must have revealed its secrets. In many cases, the new employer will believe that the old employer is simply trying to stifle competition. The courts have tried to strike a balance between the interests of employers and employees by drawing a line between so-called real trade secrets and other confidential information of a more general type. The latter type may not be generally known and while the courts will prevent unauthorized disclosure or use during the term of the employment it will not be inclined to do so after employment ends. In the case of trade secrets the courts will continue to afford protection notwithstanding that the employment has come to an end. However, there can be real difficulties in separating out the real trade secrets from more general information. It is a bit like describing an elephant – you know one when you see one. As a guide, the courts have classified information which an employee might gain during his employment into three categories:
Information which, because of its trivial nature or its easy accessibility from public sources of information, cannot be regarded by a reasonable person or by the law as confidential;
Information which the employee had to treat as confidential but, once learned, remained in the employee's head and became part of his own skill and knowledge; and
Trade secrets so confidential that they cannot lawfully be used for anyone's benefit but the employer.
The first category of information cannot be protected at all. The second category of information (low grade information) is not usually protected by the courts in the absence of a specific contractual restriction (see below). The third category (high grade information) may be protected irrespective of whether the employment contract contains any special provision in respect of it and irrespective of whether the employee is still employed or has left employment.
The courts have listed the following factors as a guide to deciding whether information falls within the high grade category:
The nature of the employment;
The nature of the information;
Whether the employer impressed upon the employee the confidentiality of the information; and
Whether the information can be easily isolated from other information which the employee is free to use.
Ordinary confidential information after employment
Is this a lost cause? Not entirely. This type of low grade information can be covered post employment by a contractual restriction. Such a covenant will be subject to the usual rules as to restraint of trade. As a result, if it is cast too widely the courts will not enforce it at all. Thus it may be possible to restrain an employee from using low grade information for perhaps a year or so after he has left his previous employment. As noted above, while the employee is employed (even if his duties have ended), his contractual duty of good faith to the employer will, in any event, prevent him from making use of the second category of information in addition to the third.
Other security steps
There are other practical steps a company can take to protect its confidential information. Regular IT security audits are important to establish any weaknesses in the systems used. Equipment should be kept up to date with the latest firewall and anti-virus software. Documents sent by email may not be secure. If valuable information is not encrypted it is at risk. Consider whether email is a suitable means to transfer highly valuable information. Huge amounts of information can now be stored on very small devices such as MP3 players and USB sticks. Consider whether it is appropriate for employees to bring in such devices to areas where highly secret information is kept.
Companies should set up a policy that makes it clear that no confidential information is to be disclosed outside the company until the recipient has signed a suitable non-disclosure (NDA) or confidentiality agreement. Although an obligation of confidence may be implied by the circumstances, it is always preferable to execute a written confidentiality agreement where possible.
To avoid future disputes it is important to define carefully in the confidentiality agreement:
What is being disclosed (using schedules to list documents containing the information and ensuring that the information is only disclosed in writing or at least confirmed in writing);
What use can be made of the information by the recipient, including to whom the information may be disclosed and what use the recipient may make of the information itself. For example, if technical information is disclosed to a potential licensee for the sole purpose of deciding whether or not to enter into a licence agreement with the owner of the information this should be specified in the confidentiality agreement otherwise it may be argued that there was no restriction on use of the information;
What information is excluded from the obligation of confidentiality; and
The term for which the information should be kept confidential. This may vary. In some fast moving industries information may lose its value very quickly whereas in other cases certain information may need to be kept confidential indefinitely.
It is also good practice for all confidential information disclosed to another party to be submitted via a single person in order to maintain an audit trail.
Often disputes arise as to the origin of confidential information. The best way to show that technical or R&D information has been developed independently of any confidential information received from a third party is to have a policy of documenting rigorously all technical work done within the company. Notebooks and documents containing technical information should be dated, signed by the authors and countersigned for verification. Discussions and telephone calls that produce ideas should also be recorded in writing, dated and signed. Such records will be the primary evidence of when, where and how any concept originated.
Where particularly sensitive information is being provided, it is possible to include further provisions in the agreement to ensure its security as far as possible. For example:
An obligation on the recipient that it will only provide the information to named individuals (who may be notified in advance to the disclosing party for approval for very sensitive information) and a register kept of the individuals and the information they have received.
An obligation that the recipient will ensure secure storage of the confidential information.
A right of inspection by the disclosing party (or an independent inspector) to satisfy the disclosing party that the necessary security arrangements have been complied with.
An undertaking that the confidential information should only be disclosed to those officers, employees and representatives of the recipient who need to know it. For very sensitive information each such officer, employee or representative should send the disclosing party a signed undertaking in an agreed form prior to disclosure of the information to them.
General limitations on the number of copies that can be made of the information by the recipient (or on its behalf). Each copy of the document should have a unique number and the number of the copy disclosed should be marked against the name of the recipient.
But most of all, be careful with whom you share information. The best worded contracts will not put the trade secret genie back in the bottle.
© Robert Anderson and Sarah Turner 2007. Robert is a partner and Sarah is of counsel in the London IP group of Lovells