Trade secrets frequently drive the success of a business both in South Korea and the United States.

Overview for Korean Businesses

Trade secret protection is more important than ever given increased workforce mobility and industrial espionage, as well as the advent of technology that makes misappropriation easier than it used to be. The loss of a trade secret can undermine a business’ competitive advantage.

South Korea’s Patent Act and the Unfair Competition Prevention and Trade Secret Protection Act (“UCPA”) proscribes trade secret misappropriation. It is comparable to U.S. trade secret law although there are some differences, such as in the U.S. the putative trade secret holder must take reasonable steps to protect the secrecy of the information.

U.S. trade secret legal requirements are relevant to South Korea businesses that do business or may do business in the U.S., especially given the importance of the U.S. market. If South Korean businesses want to protect their trade secrets as trade secrets in the U.S., they need to satisfy U.S. requirements for such protection – include that reasonable steps be taken to protect the trade secret before the information is misappropriated. This blog article underscores the need for a business to take such reasonable steps, what may be rejected as reasonable steps, and the ramifications if reasonable steps are not taken.

Case Background

A recent U.S. federal decision reminded businesses about the importance of taking appropriate measures to protect their proprietary information before any misappropriation occurs. In Abrasic 90 Inc. v. Weldcote Medals, Inc.[1], the court denied the plaintiff’s motion for a preliminary injunction “largely because [the plaintiff] did not protect its supposedly secret information.” The court’s order underscores that businesses may be unable to enforce as a trade secret their valuable information unless they have taken adequate steps to protect its secrecy.

In that case, a manufacturer of grinding and sanding disks sought to enjoin its former employees and their new employer from operating in the abrasives industry and from using its trade secrets. The defendants took information about the plaintiff’s pricing, customers and suppliers when they left the company to start a competing business. Yet, the court declined to issue an injunction on the ground that Abrasic had failed to protect its supposedly trade secret information.

The court explained that there are two basic elements to the analysis: (1) the information must have been “sufficiently secret to impart economic value because of its relative secrecy” and (2) the plaintiff must have made “reasonable efforts to maintain the secrecy of the information.” The court concluded that the plaintiff failed to establish the second element because it “did virtually nothing to protect that information to preserve its status as a trade secret.”

The court criticized “[the plaintiff’s] almost total failure to adopt even fundamental and routine safeguards for the information at issue[,]” pointing to the following conduct by the plaintiff:

  • Failing to confine access to the alleged trade secret information to those who had a need to access it (aka “need to know” access).
  • Permitting employees to access the confidential information without requiring them to sign non-disclosure agreements (NDAs).
  • Using employment policies that do not require employees to maintain the confidentiality of the company’s confidential information after the employment ends.
  • At termination of employment, failing to ask the employee if she possesses any of the company’s confidential information and failing to ask the employee to delete or return it.
  • Failing to admonish employees at termination of an on-going obligation to protect the company’s confidential information.
  • Using confidentiality employment policies that are vague and do not give employees sufficient guidance about what information they are to treat as confidential to the company.
  • Doing nothing to train or educate employees about their obligations to protect the company’s confidential information.
  • Failing to require suppliers and distributors who had access to the information to execute NDAs.
  • Failing to password-protect and encrypt the company’s trade secrets.
  • Permitting employees unfettered ability to download, save elsewhere (e.g., a USB drive), print, and email files containing the company’s confidential information.
  • Allowing employees to share passwords.
  • Failing to label “proprietary” or “confidential” documents or files containing the company’s confidential information.
  • Disclosing publicly supposedly confidential information.
  • Using an IT Manager who has no training in data security or is otherwise unqualified.
  • Not implementing security measure recommendations of its IT Manager, such as requiring employees to remove company data from their personal devices when their employment ends.
  • Taking no measures to protect supposedly confidential information that are different than measures taken to protect non-confidential information.

What It Means for Your Company

There is no single set of protection measures that automatically qualifies as reasonable efforts. What are reasonable efforts depends on the circumstances, such as the nature of the information to be protected. For example, reasonable measures to protect a trade secret recipe may not be appropriate to protect trade secret customer pricing terms. Other circumstances affecting reasonableness may include the trade secret holder’s sophistication, size and resources. A “mom and pop” operation likely would not be held to the same standard as a Fortune 500 company. As a business grows and become more sophisticated and its trade secrets change, it should periodically revisit its protection measures to attempt to ensure that they are appropriate and commensurate to those taken by businesses in similar circumstances.