In all but three states, trade secrets are defined under some variant of the Uniform Trade Secrets Act (UTSA). Trade secret information is a subset of confidential information. All information that qualifies for trade secret protection is confidential information. But not all “confidential information” falls within the coverage of the UTSA.
Confidential information that does not qualify for protection under the UTSA may still be protectable. Understanding the distinction between trade secrets and confidential information can help a business to shape and design measures to protect its intellectual assets.
“Trade secret” is defined under the UTSA as: “Information, including but not limited to, technical or non-technical data, a formula, pattern, compilation, program, device, method, technique, drawing, process, financial data, or list of actual or potential customers or suppliers, that:
- is sufficiently secret to derive economic value, actual or potential, from not being generally known to other persons who can obtain economic value from its disclosure or use; and
- is the subject of efforts that are reasonable under the circumstances to maintain its secrecy or confidentiality.”
While not determinative, the courts may also look to the following factors to assist them in determining whether information qualifies for protection as a trade secret:
- The extent to which information is known outside of the business;
- The extent to which the information is known by employees and others involved in the business;
- The extent of measures taken to guard the secrecy of the information;
- The value of the information to the business and competitors;
- The amount of effort or money expended by the business in developing the information; and
- The ease or difficulty with which the information could be properly acquired or duplicated by others.
As discussed, a business may have a protectable interest in confidential information even if it does not constitute “trade secret” information under the UTSA. ”Confidential information” is not defined by statute. Information may be defined as “confidential information” by contracts and agreements such as employment agreements, non-disclosure agreements, letters of intent and purchase/sale agreements. These contracts and agreements define the scope of what is deemed protectable as well as the consequences of misuse of the information. Confidential information may be any information about a business that is not generally known to the public, and the category of potentially protectable confidential information is more encompassing than a business’s trade secrets.
Proactive measures are required to protect a business’s intellectual assets regardless of whether these assets are eligible for trade secret protection or are potentially protectable confidential information. A first step is conducting an internal audit to determine specifically what the business believes to be its trade secrets and its confidential information.
After this determination has been made, a business can put in place (or make sure that it has in place) the necessary protections such as agreements with employees and with the third parties that receive access to the information, internal and external security measures, internal policies and procedures and ways to monitor compliance. And finally, once a breach is identified, prompt action is required to address misappropriation or misuse, as failure to respond timely may constitute a waiver.