In the main, businesses are better at understanding how they create intellectual property (IP) and its commercial value. However, the protection of confidential information from misappropriation by former employees has reared its head again this quarter.
While not strictly a form of IP, all businesses create information that, if disclosed to third parties such as competitors or disclosed to the world at large, would lose its value and impact on the commercial success of that business. Such disclosure could negate a business’ ability to protect that information as a registered IP right. Examples of what can be protected by the law of confidence include: customer lists, price lists, supplier details, anything that is patentable (i.e., an invention), minor improvements to a product or process, research, recipes and formulae, business plans including a newly devised product and models - the list goes on! Suffice to say the scope of what can be protected under the UK common law is broad as long as it is confidential in nature, meaning that it has the “necessary quality of confidence”. In the UK, contracts of employment typically include clauses seeking to protect such information from confidentiality-destroying dissemination and misappropriation by employees during their employment and post-termination.
The position across the EU is not, however, uniform. This led to the creation of the EU Trade Secrets Directive which was adopted by the European Council on 26 May 2016. The Directive largely codifies the UK common law position on the protection of confidential information and trade secrets under the law of confidence. It is likely that the UK will transpose the Directive into national law prior to Brexit, given the deadline of 9 June 2018 for it to be implemented by Member States. Regardless, this Directive will remain highly relevant to UK companies and particularly those with EU operations.
So, what lessons can be learned and how should you prepare for compliance with the Trade Secrets Directive?
Lessons in valuing your claim: a pyrrhic victory
If there is a breach of confidence, properly framing your claim is crucially important. In a recent High Court decision, two former employees were found to have copied and retained files containing confidential information. Despite a finding of breach, in the words of the judge, the former employer “missed the jackpot” as the judge rejected the basis upon which the claimant sought damages of £15 million, instead awarding nominal damages of £2 (Marathon Asset Management LLP and another v Seddon and another  EWCH 300 (Comm), 22 February 2017).
So what went wrong? The claimant’s position was that the defendants had unlawfully taken the confidential information and must pay for the value of that information. The claimant argued that this ‘value’ should be based on estimating the price which the claimant could reasonably have charged the defendants for releasing them from their obligations of confidentiality based on a hypothetical licence on the assumption that the defendants were free to make as much use as they saw fit of the information. The claimant repeatedly made it clear that it did not advance any case based on any actual use of the files and such use was, in any event, irrelevant to its claim for damages.
The court made a distinction between these approaches to the assessment of damages. Unfortunately for the claimant, the judge rejected its basis of calculation as, in effect, it sought to value the benefit which the defendants would have obtained had they made the maximum possible wrongful use of the confidential information in starting up a competing business rather than any benefit which they in fact gained.
Had the claimant put forward an alternative case on assessing damages by reference to the actual use made of the confidential information and the benefit to the defendants as a result, then there may well have been a more substantial award of damages. The damages could have been calculated by deducting an amount taking “account of the time, trouble and expense which [the defendants] had saved themselves by making wrongful use of the […] confidential information”. However, as this claim had not been advanced, and the defendants had not had the opportunity to answer it, the judge rejected the claimant's case on damages.
This case is a useful reminder that even where liability and breach of duty can be easily proved, establishing a loss to the claimant or gain to the defendant may be less clear-cut.
The Trade Secrets Directive
As part of its public consultation which fed into the framing of the Directive, 62% of the respondents reported that divergent rules across Member States impacted negatively by creating higher business risk with weaker protection when doing business across borders, created less incentive to undertake cross-border R&D and increased expenditure in preventative measures to protect information. At the moment, the disparity across Member States as to how confidential information / trade secrets are protected creates protection and enforcement uncertainty which, in turn, detracts from the aim of creating a single market in the EU for intellectual property rights.
In seeking to address these concerns, the Directive introduces a minimum harmonised standard across the EU. It also aims to put inventors, creators, researchers and SMEs on the same footing as large corporates who are better prepared to protect their confidential information and/or transpose it to registered rights, where appropriate.
What is a “trade secret”?
Naturally, the Directive has to provide a pan-EU definition of what a “trade secret” is. Under Article 2(1), a trade secret is information which:
- is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question
- has commercial value because it is secret and
- has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret.
This wording is not surprising; it closely captures the UK common law test, mirrors the WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (known as the TRIPS Agreement) and is similar to provisions in the United States under their Uniform Trade Secrets Act.
Some aspects of the definition of a trade secret, however, are likely to require judicial interpretation, namely, the meaning of “commercial value” and “reasonable steps”. The Directive sets out that information has “commercial value” where its unauthorised “acquisition, use or disclosure is likely to harm the interests of the person lawfully controlling it, in that it undermines his or her scientific and technical potential, business or financial interests, strategic positions or ability to compete”. Ultimately, applying this will likely depend on an assessment of the particular facts of a case taking into consideration several factors such as the type of business and market environment.
As for “reasonable steps”, simply marking something as “confidential” is unlikely to be sufficient. Again, on a case by case basis, the courts will likely look at how critical or valuable the information which is claimed to be trade secret is to the business and whether appropriate safeguards have been put in place for that information; the more safeguards put in place, the higher the likelihood of satisfying this element of the test. Of course, this has the potential of increasing the burden on businesses.
What is prohibited?
Unlawful acquisition, disclosure or use of a trade secret is prohibited. When drilling into to what this means, the Directive states that the acquisition of a trade secret through unlawful access to materials or other conduct which is contrary to “honest commercial practices” is prohibited. Further, the use or disclosure of a trade secret in breach of any contractual or other duty is also caught.
In a substantial broadening of the scope of protection currently offered by many Member States, the Directive also prohibits the acts of producing, offering or placing on the market goods by persons who knew or should have known that that the trade secret used to produce the goods was unlawfully obtained or used. This provision is particularly welcome as its effect is to capture those further removed from the original breach even where they have no actual knowledge of the trade secret, such as suppliers and retailers or new employers.
No definition for “honest commercial practices” is provided. However, this is a phrase used in other EU Directives (such as in relation to EU trade marks) and it is likely that the national courts will not have difficulty in applying such a concept in the sphere of trade secrets.
There are exceptions will which will bring the acquisition of the trade secret out of the “unlawful” category including where the trade secret is used for the purposes of “whistle-blowing” or the trade secret is obtained by (i) independent discovery or reverse engineering of publicly available products or (ii) any other practice which is in “conformity with honest commercial practices”. Conduct which involves the “use of experience and skills honestly acquired in the normal course of employment” is also excluded from liability.
What are the remedies?
There are no criminal sanctions, but civil remedies across the EU will be harmonised to provide, at a minimum, mechanisms to:
- stop the unlawful use and further disclosure of misappropriated trade secrets through interim and final injunctions
- seize and destroy goods which have been manufactured on the basis of a misappropriated trade secret as well as all documents, objects or data embodying the trade secret
- provide the right to compensation for the damage caused by the unlawful use or disclosure which, importantly, may include additional damages taking into account unfair profits made and
- obtain publicity measures such as publishing a decision against the defendant.
Will there still be a place for forum-selecting?
As noted, the Directive only sets the minimum requirements to be adopted by Member States; it is up to those individual countries as to whether they wish to provide enhanced protection. There is further scope for divergence between Member States as there are phrases within the Directive that are open to judicial interpretation such as “commercial value” and “reasonable steps” in the definition of a trade secret. Therefore, consideration as to where best to litigate will still be a relevant factor, should the circumstances allow. One helpful measure, however, is that all Member States will need to put in place protection for trade secrets from disclosure in legal proceedings.
At this time, it is unknown whether any orders or injunctions will have an effect across all Member States. If so, following Brexit, this will be a further factor to consider.
What should you do?
Taking the time now to review your business’ approach to trade secrets will highlight any shortcomings and provide the opportunity to get compliance-ready. Of course, the real message is not to let the genie out of the bottle in the first place as civil remedies may not be sufficient to fully compensate for the damage caused and the loss of competitive advantage.
Get the policies and “lock & key” in place
Put in place policies and procedures to properly identify trade secrets and maintain them as secret. Consider at a minimum: (i) marking any documents (physical or electronic) as confidential (this is the absolute minimum safeguard); (ii) restricting access to the minimum number of people necessary for business purposes; (iii) the use of security and IT systems (and evaluating their integrity); (iv) a mechanism in place to allow internal “whistle blowing” so as to try to obviate external disclosure for this purpose. Also, audit your supply chain to ensure that they too have sufficiently robust policies, procedures and contract terms in place to maintain confidentiality.
Get the contracts right
Review the confidentiality provisions in contracts with employees, directors, consultants and so on to ensure that they provide suitable provisions for the protection of trade secrets including post-termination obligations and the definition of a trade secret / confidential information is aligned with the Directive.
Review the use of non-disclosure agreements and ensure the recipient of a trade secret has signed up in advance of disclosure.
Give training on what is a trade secret, its importance to the business, and company policies on maintaining secrecy. This may be particularly relevant for colleagues dealing with sourcing manufacturing or suppliers. It is also important to stress to employees that they are required to adhere to honest commercial practices which includes not using the trade secrets of others that they are in possession of through whatever means (such as the trade secrets of former employers that they may know as a result of that employment).