The Irish legislation, the European Union (Protection of Trade Secrets) Regulations 2018 (Regulations) came into effect in June 2018. The Regulations have provided a welcome attempt at harmonising the disjointed area of protection of confidential business know-how. These new laws mark the start of trade secrets being given more formal protection in line with other types of intellectual property rights.
What is a trade secret?
A trade secret is a valuable piece of information for a business that is treated as confidential and gives the business a competitive advantage.
The Regulations mirror the definition of trade secret as set out by Article 2 (1) of the equivalent EU Directive (2016/943). This defines a trade secret as information which meets the following requirements:
- It is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question
- It has commercial value because it is secret
- It has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret
By its nature, this excludes trivial information and the experience and skills gained by employees in the normal course of their employment.
Identifying a trade secret
In assessing whether or not certain information or know-how is a trade secret, the three aspects of the test should be considered in further detail:
Is the information actually secret?
Secrecy is a crucial element of the trade secret regime. Is the information broadly known to people within industry circles that normally deal with such information? If so, then it is less likely to constitute a trade secret. In addition, factors such as the time and effort used to create the information and its use within the business will also be relevant.
Does the information have commercial value?
The information, if kept secret, should have actual or potential commercial value. In practice, this is a low threshold; however the value should be derived from the information being secret. Businesses must demonstrate that if the information is released into the public domain, they would suffer real harm.
What efforts are made to maintain secrecy?
It is generally not enough to show that information is a secret. Businesses must also make reasonable efforts to keep it secret. A business’ efforts will be assessed objectively, although the size of the business as well as industry practices will also be relevant amongst other factors. This means it will be increasingly important for businesses to have in place guidelines around the protection and use of their trade secrets in a similar manner to brand guidelines.
Where use of a trade secret by a third party is deemed unlawful, the Regulations set out a variety of remedies. Injunctions, corrective measures (such as, recall or destruction of infringing goods) and damages are some of the key remedies available to protect the trade secret owner.
A person who contravenes or fails to comply with some orders of the court issued under the Regulations commits an offence and is liable on summary conviction, to a fine or imprisonment for a term not exceeding 6 months or both, or (b) on conviction on indictment, to a fine not exceeding €50,000 or imprisonment for a term not exceeding 3 years or both.
Where such an offence is proved to have been committed by a body corporate with the consent, connivance or approval of, or to be attributable to the wilful neglect on the part of, any person, being a director, manager, secretary or other office of the body corporate, or a person who was purporting to act in any such capacity, that person as well as the body corporate commits an offence.
How we can help
The time has come for Irish businesses to ensure that their essential trade secrets are protected in a similar manner to their other intellectual property rights. Businesses should focus on the requirements on what constitute a trade secret and begin developing clear policies and guidelines, especially in areas such as use by third parties and data access requests.