As the UK already has a strong and well-established legal framework for protecting trade secrets, these new regulations are unlikely to have much practical impact for businesses in the UK. The Regulations will not replace the current regime they are intended to supplement and sit alongside the existing common law (case law) in relation to trade secrets and confidential information. The impact of the Trade Secrets Directive is most likely to be felt in those EU countries that currently lack legal protection for trade secrets.
The key change is that, for the first time, the UK will have a statutory definition of a trade secret. Under the Regulations, a "trade secret" is broadly defined as "information which is secret, has commercial value because it is secret and has been subject to reasonable steps to keep it secret". This definition is narrower than the one currently used by the UK courts and focuses more on whether the information has been kept secret rather than its inherently secret nature. The new requirement that information must have been subject to reasonable steps to keep it secret means that businesses must continue to use, or put in place for the first time, the usual commercial confidentiality processes.
The introduction of this new legislation should prompt UK businesses to review the processes they have in place to protect their trade secrets to ensure they are robust. After all, it is much better to prevent the misuse of trade secrets in the first place than have to take expensive enforcement action after the event.
Businesses should ask themselves the following questions:
1 What are your trade secrets? Put in place a process for identifying your trade secrets in accordance with the new definition in the Regulations. Undertake a confidentiality audit/ health check and create a register of your key trade secrets. Keep that one somewhere safe!
2 What steps do you currently take to protect your trade secrets? Are these sufficient to satisfy the new requirement to take reasonable steps to keep them secret? What is "reasonable" will strictly depend on the nature of the information, its external value, uniqueness, portability, form, etc., though in practice it will no doubt be argued by defendants that if they were able to obtain the information by means fair or foul, the precautions taken to protect it were necessarily not reasonable!
3 What else could be done? For example, ensure confidential documents are marked as such. Protect electronic files with passwords and keep hard copy documents secure. Access to both should be limited on a need-to-know basis, under clear duties of confidentiality. Use encryption where practicable. Businesses should ensure their internal policies are robust enough to demonstrate to a court that reasonable effort was taken to protect trade secrets internally. Some of these processes will simply not be practicable for some businesses. Ultimately, it will be a tradeoff between the inconvenience of having these processes in place and the need to protect data central to the business. However, where the trade secrets are particularly valuable to the business, such inconvenience is likely to be worthwhile.
4 Ensure you have non-disclosure agreements in place every time you disclose confidential information to a third party. You should also have express contractual provisions in place with your employees, consultants or anyone else who will see that information in the course of their duties. For example, your contracts of employment and settlement agreements should include appropriate confidentiality wording and post-termination restrictions.