A key component to protecting your trade secrets, and to proving to a court that they are worthy of protection, is taking reasonable steps to maintain their secrecy. Many courts have recognized that “absolute secrecy” is not required in order to have a protectable trade secret. Rather, you need only take “reasonable measures” to protect your information in order to enjoy trade-secret status. But all too often, companies give this requirement short shrift and fail to take the time to ensure that their confidential information is adequately protected.
For example, in Wayman Fire Protection v. Premium Fire & Security, C.A. No. 7866-VCP, 2014 WL 897223 (Del. Ch. 2014), the plaintiff Wayman Fire was denied trade-secret protection for its confidential “Salesforce” documents after the Court determined that it had not done enough to adequately guard the information. Several former employees left Wayman Fire to join a competing business. When they did so, they took contact lists and opportunity lists (of potential customers) to their current employer. The Salesforce documents were available at Wayman through a customer relations management tool licensed by Wayman from a third party, which was customized to fit Wayman’s specific business needs. Access to Salesforce was password protected and users were required to change their password every 30-60 days. The security measures were part of the Salesforce service itself and not specifically implemented by Wayman.
The court held that Wayman had not shown it adequately protected this information because Wayman had not shown that it used any measures to protect the information other than password protection. For example, Wayman had not shown that it conveyed to its employees that the Salesforce information was highly confidential or secret. “If Wayman believed that information was proprietary, . . . they should have done something more to impress that fact upon those with access to Salesforce. . . . simply relying on the security features that came with Salesforce, primarily a password requirement, Wayman failed to make efforts that were reasonable under the circumstances to maintain secrecy of either of the Salesforce documents.” Id. at *16.
At the end of the day, take the time to make sure you are employing a number of steps to adequately protect your information—all of your information—so you do not find yourself unable to protect it if it comes into the wrong hands. Here are some basic things you can do to make sure you take reasonable steps to guard your trade secrets:
- Implement written policies setting forth rules for marking and maintaining confidential information that include clearly marking documents as highly confidential.
- Outline expectations of confidentiality in employee handbooks-require employees to maintain in strict confidence all confidential information disclosed in course of employment.
- Enter into confidentiality/non-disclosure and non-compete agreements with your employees.
- Conduct employee training with regular refreshers on importance of maintaining confidentiality.
- Enact security/IT policies.
- Control guest access to highly confidential information—such as through security guards, visitor badges, controlled/limited access, log in/log out procedures.
- Limit access to highly confidential information to need-to-know basis.
- Ensure controls on employee access—such as physical controls (locked rooms or cabinets), electronic controls (password protection), limited locations where confidential information is kept; consider restricting access to external devices, blocking uploads to web-based sites, and security monitoring for large or unusual exports.
- Exit interviews to have employees execute acknowledgments reaffirming their duties of confidentiality.
- Conduct IT reviews upon employee exits.
- Review and approve of papers, speeches and presentations (including at seminars and potential customer or partner meetings).
- Be mindful of third parties (including for outsourcing, collaboration and joint venturing). Disclose information only on a need-to-know basis and with strict controls on use and dissemination of information, including through confidentiality agreements.
- Conduct periodic audits of your information and procedures.