To some it may seem obvious, but before a business can take reasonable steps to protect its trade secrets, it must be able to identify which of its intellectual assets are protectable as trade secrets. A business may not differentiate between trade secrets and confidential information, but there is a difference and a business should differentiate between the two (see our previous post on the differences here). A business may believe that whatever steps it takes to protect its confidential information will be sufficient to protect all of its trade secrets. However, that approach can prove harmful in practice, as the practical measures to protect the intellectual assets may differ depending on the nature of the assets.
First, there is a difference between what information courts determine to be a trade secret and what information courts determine to be confidential information. A trade secret is a subset of the information that falls under the umbrella of confidential information and requires heightened protection. Second, if a business protects its trade secret information as it protects its other confidential information, then the business may be vulnerable to losing trade secrets either through theft or through a judicial finding that the information is not a trade secret because the business did not take reasonable efforts to maintain the secrecy or confidentiality of the information.
Under the Uniform Trade Secrets Act, which has been adopted in 47 states, to qualify as a trade secret, information must meet two requirements:
- The information must be sufficiently secret to derive economic value from not being generally known to others who can obtain value from its disclosure or use; and
- The information must be subject to efforts that are reasonable under the circumstances to maintain its secrecy or confidentiality.
With regard to the first requirement, a business should consider creating a master list of the information it believes to be a trade secret. This master list may contain general categories of information or specific information. The more specific a business can be in identifying the information it believes to be its trade secrets, the more likely it is the business will be able to put in place measures to protect the information from disclosure and use by third parties under the act.
Once a business has identified the information it believes to constitute its trade secrets, the business should identify where that information is located within the business and who has access to that information, internally and externally. Is the information something that can be accessed in only one place and only a few people have access to it? Is access limited to those who have a need to know or access the information to perform their business functions? Is the information something that is located in more than one place and can be accessed in several different ways by many people in the organization? Is this information shared with business partners outside the business?
Once a business has identified the information it believes to be its trade secrets, where that information is kept and who has access to that information, the business can evaluate the appropriate measures to protect the secrecy and confidentiality of the information. The threshold is that the business must put in place protections that are “reasonable under the circumstances” to maintain the secrecy and confidentiality of the information. What is “reasonable under the circumstances” will depend on the nature of the information, where the information is located, who has access to the information and how it is used.
A non-exhaustive checklist of steps a business might take to protect information it considers to be a trade secret can be found here. However, it is highly recommended that a business consult with an attorney familiar with litigating trade secret matters to develop a robust plan to protect its trade secrets.