Trade secret theft is illegal and commonplace. A 2010 report found the number of trade theft cases in federal court doubled between 1988 and 1998, and doubled again between 1995 and 2004.
While external threats (e.g. data thieves) and internal threats (e.g. negligent or rogue employees) comprise the majority of bad actors in the theft of trade secrets, supply chain relationships provide additional vulnerabilities. This is because when corporations outsource, they share highly sensitive and valuable trade secrets with foreign subsidiaries, joint-venture partners and third-party vendors. Examples include customer lists, manufacturing processes, production and sales strategies. A 2013 report issued by the Center for Responsible Enterprise and Trade (CREATe.org) contains numerous tales of trade secret thievery and provides practical guidance on securing supply chains and mitigating risks associated with trade secret theft. Read the report in full here, or consider our summary of the five practical tips its authors provide:
- Conduct a Strategic Assessment of the Company’s Trade Secrets
Establish an internal trade secrets program and identify who is charged with ensuring compliance (e.g. chief security officer or general counsel). What the company considers confidential should not be a mystery to the corporate officers and should be clearly and repeatedly communicated to employees. Strictly limit access to the confidential materials as necessary to perform job functions. Consider which trade secrets really need to be transferred to suppliers. As the CREATe report notes, segmenting a manufacturing process across multiple suppliers is one way to ensure the company’s intellectual property is not concentrated in one place for thieves to steal.
- Conduct Appropriate Contractual Due Diligence
Does the supplier have a reputation for intellectual property rights violations, trade complaints or export control issues? Has anyone asked? Verify that the supplier had implemented nondisclosure agreements with its employees and consultants. Outsourcing may reduce costs, but without thorough due diligence, the corporation exposes itself to unknown risk.
- Ensure Strong Contractual Protections
If you don’t ask, you don’t get. Review the contractual requirements to ensure favorable terms from the supplier necessary to safeguard the company’s intellectual property. This may include clear language identifying the confidential material, prohibitions on wrongful disclosure, auditing rights, further assurances, and return of material on termination of the contract. For jurisdictions with weak laws on trade secret misappropriation, arbitration may be a preferable contractual remedy for a dispute. Limit the supplier’s ability to subcontract and/or retain the right to inspect or refuse the supplier’s subcontractors.
- Take Appropriate Operational and Security Measures
Building an internal culture of compliance communicates the value of the company’s intellectual property assets to employees who will interact with your supply chain vendors. With favorable contractual terms permitting inspection and auditing rights of the supply chain vendor, budget for period audits and exercise those rights. A vendor may not tell you about a data breach affecting your trade secret unless your contract requires it, and you may never know if you don’t inspect. Review of the vendor’s compliance with the strong contractual protections is necessary to identify any problems.
- Take Appropriate Action After the Business Relationship Ends
Departing employees should be reminded of their nondisclosure agreement obligations. Return of company materials and electronic access rights must be rigidly and timely enforced. Where appropriate, it may be prudent to advise a competitor who has hired an ex-employee of the ongoing duty not to disclose the company’s trade secrets.