In ancient China, the secret of silk making was jealously guarded, and the punishment for exporting silkworms was death. Centuries later, today's businesses, especially fast-moving IT and networking companies, have information, knowledge and technologies that are critical to their profitability and even their survival. Yet all too often, top executives fail to take the right steps to identify and protect confidential information, especially trade secrets.
What constitutes a trade secret? It can be any information that derives independent economic value from not being generally known or readily ascertainable. A trade secret must be both a secret and something that generates revenue.
As they take inventory of their trade secrets, companies first need to distinguish them from other forms of confidential information. Steps should then be taken to make sure that trade secrets are kept confidential. If the information is treated carelessly, it will be difficult to argue later that it was a trade secret. Legend has it that one of the most famous trade secrets, the recipe for Coca-Cola, is locked in a vault and that only two employees are permitted to know the recipe at any one time. Such extraordinary measures leave no doubt that the recipe is a secret.
But just because something is confidential doesn't make it a trade secret. Employee or customer information can be confidential but not necessarily a candidate for trade-secret protection. A trade secret must also have economic value. Companies should assign a value to each trade secret. If a trade secret is misappropriated, management will have a stronger case if its value can be quickly identified. The value of a trade secret can be determined in several ways:
- By calculating the cost of research and development.
- By combining the R&D cost with the expected revenue from the product.
- By adding the development cost, the expected revenue and the estimated goodwill associated with the idea.
Keeping secrets
To ensure their status and protect them from theft, trade secrets should be kept under lock and key. A company must have strong security policies to help protect trade secrets, whether they exist in written documents, on individual computers or on a network. Such a security policy may make a company less susceptible to attacks that could expose not only its trade secrets, but also its business plans, customer lists and pricing information, putting it at a competitive disadvantage. The biggest threat typically comes from employees. Industrial espionage, the theft of trade secrets by a competitor, is usually done through a dissatisfied employee. Rivals seek out the weakest link and offer rewards for information. Employees can also pose a threat to trade secrets simply by leaving to join a new company, whether out of dissatisfaction or because of an opportunity for career advancement.
In one well-known case, several former Cadence Design Systems Inc. employees were accused of stealing Cadence trade secrets for Avant Corp. The red flag was raised when a Cadence employee quit his job and refused to sign a nondisclosure agreement (NDA). This prompted company officials to check his e-mail, only to discover a large transfer of information. Avant agreed to pay more than $460 million to settle the civil and criminal charges brought against it.
Business partners, vendors and outside contractors also pose risks. Marketing and technical personnel should be trained on how to properly exchange trade-secret information with critical business partners. Companies should also take care that they aren't inadvertently taking ideas that aren't theirs. Consider Jack Evans, an inventor from Connecticut, who claims that General Motors Corp. stole his idea for an automotive cooling technology for the Corvette. He filed suit against GM in 1994, charging the company with theft of a trade secret. The case is still being fought in court. In addition, the recent trend to outsource work for IT, human resources and other functions requires companies to rethink and, in some cases, reinvent ways to protect trade secrets. Often, these outside vendors or contractors require access to confidential information that may inadvertently lead to disclosure of a company's trade secrets. Or these individuals may take advantage of a lucrative opportunity to sell a company's trade secrets.
Another threat can arise from competitors obtaining a company's product and then trying to unravel the secret behind it, in a process known as reverse engineering. If reverse engineering poses a serious threat, management should consider abandoning trade-secret protection and use other intellectual property protections, such as copyrights and patents.
IT professionals should play a major role in developing information security policies to help keep a company's trade secrets from being stolen. In addition, companies should consider implementing the following best practices to help protect their trade secrets:
- If the secrets are stored in a computer, the computer shouldn't be part of a network. If it must be part of a network, it should be isolated, and access to the information should be highly restricted.
- Access to sensitive offices or sections of a company's premises should be highly restricted; this can be accomplished by limiting employee key-card access to certain locations. Visitors should be required to report to security; they shouldn't be allowed to roam freely. Guest privileges should be limited for those employees working with trade secrets.
- Only a few employees should have access to the trade secrets. Those who need access should be asked to sign NDAs. In many industries, NDAs and employment contracts are common, and employees have no objection to signing them. In other industries, it may be necessary to educate employees about the need for NDAs to avoid damaging morale.
- When possible, companies should build necessary skills in-house to allow them to keep trade secrets out of the hands of outsiders. A consumer products company might build its own testing lab, for instance, rather than rely on an outside vendor. If it's not possible to bring some services in-house, then due diligence should be conducted on prospective business partners before they're entrusted with trade secrets. After you've completed due diligence, partners and vendors should be required to sign NDAs. Even then, access to trade secrets should be highly restricted.
- When building a trade secret security plan, management should consider seeking assistance from law enforcement officials who can offer advice on appropriate security measures. In addition, if there's a misappropriation, law enforcement officials will be familiar with the firm's security plan and the value of its trade secrets. They may be able to quickly gather evidence of the theft and even recover the trade secret before it has been disseminated.
Although the loss of a trade secret can be damaging enough, failure to take the appropriate steps to guard important secrets can put management at risk of a shareholder lawsuit as well. Prevention is the best medicine. By taking inventory of its trade secrets and beefing up security and employment practices, a company can reduce the risk of a theft and protect its profitability and long-term success.
by Jim West of the Chubb Group www.chubb.com
Leave a comment