In today’s complex global economy, competition is fierce. For many businesses, trade secrets are their single most important and valuable asset, and strong protection of that asset is paramount. In the same regard, trade secret theft can be one of the greatest threats to a company. Over the past few years, trade secret theft has increasingly gained international attention and led the federal government to develop a comprehensive strategy to protect against trade secret theft. What is clear from the report, Administration Strategy on Mitigating the Theft of U.S. Trade Secrets, however, is that while public policies aimed at protecting the nation’s economy through protection of trade secrets are part of the equation, an equal—and arguably more vital—component of that protection comes from the private sector.
The report laid out five “Strategy Action Items” for protecting U.S. trade secrets. One of these items focused on the promotion of voluntary best practices by private industry. The report reflects that while the public sector is taking action to increase the security of U.S. trade secrets, responsibility falls primarily upon the private sector. Analysts project that numerous factors—including the globalization of our economy and the trend towards employees working remotely—will contribute to an increasingly high risk of trade secret misappropriation. While trade secret theft is becoming a larger and more costly concern, businesses are not without recourse. In this context, an ounce of prevention is very much worth a pound of cure, and the federal government’s report set forth a few primary pieces of advice that we will work through below.
The report strongly emphasizes the importance that “companies need to consider whether their approaches to protecting trade secrets keeps pace with technology and the evolving techniques to acquire trade secrets enabled by technology.” This means it is important to regularly audit information/data security policies to ensure they provide adequate protection. For example, does a business have a policy of allowing employees to access email and company files from their personal smartphones and laptops (known as “Bring Your Own Device” or BYOD policies)? If so, it is critically important to regularly evaluate the topics that are addressed in such policies to make sure they are in line with the state of technology. For instance, a BYOD policy in 2008 would likely not have addressed cloud networks, but by 2010, cloud networks should have been a central concern, given that they cause a wider distribution of data onto devices not completely controlled by the company. No longer does a would-be thief need to break into the company vault to steal the secret formula. Instead, if that formula was contained on a company-controlled server, but then accessed remotely and stored onto an outside cloud network, the thief would simply need to access the cloud—a significantly less-protected storage space. This example illustrates why it is important to ensure that policies reflect the current state of technology, since trade secret thieves are generally more tech-savvy than an average business.
The report also recognized that industry best-practices should encompass a holistic approach to protect trade secrets via a wide array of vulnerabilities. Not only is it important to stay current on technology, but companies must also not forget about the basics. Protecting trade secrets requires a broad approach with numerous focal points. The report identified a number of “best practice target areas,” and three in particular are worth mentioning. The first is “R&D compartmentalization,” which concentrates on the compartmentalization of processes, components and personnel. By compartmentalization, a security breach of one sector will leave the others unaffected, and helps to prevent a total breach. Secondly, the company should continue to focus on physical security policies. While it may seem a bit antiquated, the old-school practices of hiring security guards, installing security systems and setting up surveillance cameras still remain an effective and necessary component of a comprehensive protection strategy. Lastly, HR policies should also be utilized to provide enhanced protection. Running permissible background screens on employees—particularly those with access to trade secrets—is critical, as are robust confidentiality, non-disclosure and non-solicitation agreements. Moreover, while there is a general presumption against non-compete agreements, they are typically permissible when drafted narrowly to focus on protection of trade secrets.
Of course, no single strategy will be sufficient by itself. Rather, the combination of these various approaches is critical to ensuring a comprehensive strategy of trade secret protection. Businesses that have not recently conducted a thorough evaluation of their comprehensive strategy should strongly consider doing so to protect their proprietary information.