The Trade Secrets Directive (2016/943) will need to be implemented in each EU member state during 2018.
Whilst the Trade Secrets Directive (the Directive) focuses on harmonised protection of trade secrets across the EU, a by-product of the Directive is the focus on cyber crime and the need for businesses that own trade secrets to take greater steps to protect them.
The Directive defines a trade secret as information which is (1) secret, (2) valuable because of its secrecy; and (3) subject to reasonable steps by the person in control of the information to keep it secret.
The Directive will afford greater protection for trade secrets than the current UK common law, and whether or not the UK leaves the EU, it is expected that significant parts of the Directive will find their way into UK law.
For the owner of a trade secret to be able to enforce the right to protect it or to enforce that right against those that have unlawfully acquired the trade secret, the owner will need to show that sufficient steps had been taken to keep it secret.
Businesses will therefore need to:
- review their non-disclosure agreements and confidentiality clauses in their business contracts
- review their technical and organisational security policies and procedures
- ensure that contracts of employment and service contracts adequately address the protection of trade secrets
- assess the use in the workplace of bring your own devices (BYOD), web-based applications, social media and other hosted solutions
- increase risk management and monitoring in the workplace and
- train staff on the need to be vigilant in terms of the security of trade secrets during their creation and their use.
As businesses begin to implement the changes highlighted above they will also need to recognise the legal rights of staff in the workplace as well as current and future data protection laws and the increased use by employees of personal devices and social media.