Whilst the United States of America has had State legislation for some while to protect trade secrets, it is only recently that Federal jurisdiction for trade secret theft has been legislated with the signing of the Defend Trade Secrets Act of 2016 (DTSA) effective from 11th May.

The DTSA creates a Federal cause of action for misappropriation of trade secrets and substantially reflects the US Uniform Trade Secrets Act that has been adopted by 48 states.

The EU Trade Secrets Directive (2018/943) that was passed recently will be implemented in each EU Member State during the latter part of 2018 and whilst the Trade Secrets Directive focuses on harmonising the protection of trade secrets across the EU it has one fundamental difference between the US approach.

Whilst the DTSA defines trade secrets in a similar way to the EU, the EU places a greater obligation on the owner of the trade secrets to show that it had taken steps to adequately protect the trade secret as such. Notwithstanding this one difference businesses on both sides of the Atlantic should be putting in place measures to take advantages of both sets of legislation including

  • Update employment and confidentiality agreements to highlight the whistleblower immunity provisions of DTSA
  • Assess businesses’ trade secrets and the protections in place to maintain the confidentiality of those secrets
  • Put in place an incidence response plan to anticipate actions that misappropriate or cause the disclosure of business information as well as personal data
  • Review information security policies and procedures
  • Ensure that any contracts adequately identify and define trade secrets
  • Assess the use of the work place of bring your own devices, web based applications, social media and other hosted solutions that might be the catalyst for an incident
  • Increase risk management and monitoring in the workplace
  • Train staff on the need to be vigilant in terms of the security of trade secrets during their creation and their use.

As businesses begin to implement the changes highlighted above they will also need to recognise the legal rights of staff in the work place as regards their privacy as well as current and future data protection laws and the increased use of employees of personal devices, social media, cloud services.