In brief: protection of trade secrets South Korea

Protection

What legislation governs the protection of trade secrets in your jurisdiction? How is a ‘trade secret’ legally defined?

In Korea, trade secrets are governed by the Unfair Competition Prevention and Trade Secret Protection Act (UCPA). The UCPA defines a trade secret as ‘information, including production methods, sales methods, useful technical or business information for business activities, which is not known publicly, is managed as a secret, and has independent economic value’ (article 2(2) of the UCPA).

How is ownership of a trade secret established?

While the UCPA does not provide for the specific standards for determining the ownership of a trade secret, one who is in possession of a trade secret is generally deemed to have the ownership of the trade secret.

What criteria are used to establish the state of secrecy of a trade secret before misappropriation or disclosure?

Trade secrets must not have been disclosed prior to misappropriation or disclosure. However, disclosure of trade secret to a person or an entity under a duty of confidentiality does not affect the secrecy of the trade secret.

How is the commercial value of a trade secret established?

To constitute a trade secret, the information must have an ‘independent economic value’.  Information of independent economic value may include not only technical information but also business information, such as cost information, customer information and product development plans. If the possession of trade secrets gives the holder of the information an advantage over competitors (such as a ‘head start’ or ‘lead time’ advantage), independent economic value would be deemed to exist (the advantage does not need to be permanent or even significant). The UCPA does not stipulate specific methods for assessing the economic or commercial value of a trade secret. In general, the commercial value of a trade secret is determined in view of the various factors relating to the competitive advantage to be gained from possessing the trade secret.

What criteria are used to determine whether the rights holder has adopted reasonable protective measures to prevent disclosure and misappropriation of trade secrets?

The UCPA originally stated that ‘considerable efforts to maintain secrecy’ were required. This was amended in January 2015 to ‘reasonable efforts to maintain secrecy’. The UCPA was amended again in 2019 to further relax the required level of the protective measures to ‘information managed as a secret’. In a Supreme Court decision predating the 2015 amendment, the Court ruled that ‘considerable efforts to maintain secrecy’ means that the ‘information is marked or is made known to be confidential and access authority and access methods are restricted and that the information should be kept and managed objectively, such as by imposing a duty of confidentiality on the recipient’ (Supreme Court Decision 2006Do7916 dated 9 July 2009). Over the years, physical management of the trade secret (eg, marking as confidential information, prohibiting carrying out of the trade secret material or access by outsiders by installing locking devices or firewalls, or granting varying levels of access to trade secrets), human management (eg, training on management of confidentiality to employees) and institutional management (eg, establishment of internal regulations related to confidentiality) have been recognised as important factors in finding for existence of secrecy in the information.

Due to scarcity of case law under the 2019 revised UCPA, there is currently no clear legal authority on the level of protective measures required for the information to be deemed to have been ‘managed as a secret’. It also remains to be seen whether the courts will continue to apply the higher threshold from the pre-2015 Supreme Court case.

What best practices and internal policies should rights holders consider to ensure maximum protection of their trade secrets?

For protection of trade secrets, the following procedures may be considered.

• Confidentiality agreements should be executed with both new hires and existing employees.
• Departing employees should be required to sign an agreement acknowledging that taking or using any material from the company is prohibited. In addition, access should be restricted to company materials for a certain period before the employee leaves the company, and all electronic devices used by the employee should be retrieved.
• A non-compete agreement should be executed with employees containing a provision expressly prohibiting the departing employee from transferring to a position at a competing company for a certain period. However, since such prohibition is against occupational freedom, which is a guaranteed right under the Korean Constitution, the prohibition period should be reasonably limited. In this regard, a non-compete period exceeding one year is rarely recognised by Korean courts. 
• The company's trade secret should be marked as confidential and physical export should be restricted. This is the most important aspect of the best practice and mainly concerns the management of electronic and computer systems, including the following measures:
  • prohibiting the copying of files onto unapproved devices or transferring files to external email addresses;
  • requiring approval for exporting files;
  • using a digital rights management system to prevent unapproved persons from viewing files;
  • managing the list of emails and files sent from an internal server to an external source;
  • using a watermark to show that the material is confidential when printed;
  • granting varied levels of access authority to internal data for each employee, according to the importance and confidentiality of the data; and
  • blocking access to the company’s servers or offices from outside (firewalls, locks, etc);
• In relation to mergers and acquisitions, and foreign investment transactions, a confidentiality agreement should be signed with the other party and (if applicable) related external professionals (lawyers, accountants, etc). Any company materials should be provided in a virtual data room setting to prevent unintended copying or duplication.