Commercially sensitive information may need new protections as businesses pivot to remote working. William Fry’s technology team shares some advice.
The Covid-19 pandemic has forced many businesses to adopt new or alternative working practices, particularly having employees work from home. Many employees are now discussing and using confidential business know-how outside of the workplace for the first time, and often via new and unfamiliar systems.
Inevitably, malicious actors have taken and will continue to take advantage of this in order to misappropriate such information. For these reasons, businesses should familiarise themselves with the law on trade secrets.
Taking steps to protect such commercially sensitive information is not just a security concern; it is a prerequisite to availing of certain legal protections.
What are trade secrets?
The European Union (Protection of Trade Secrets) Regulations 2018 provide that trade secrets comprise any information that:
- Is secret in the sense that it is not generally known among, or readily accessible to, persons within the circles that normally deal with the information in question
- Has commercial value because it is secret
- Has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret
Lawful v unlawful
It is unlawful for a person to acquire a trade secret without the consent of the trade secret holder if the person acquires it by “unauthorised access to or appropriation of any documents, objects, materials, substances or electronic files, lawfully under the control of the trade secret holder … or any other conduct which, under the circumstances, is considered contrary to honest commercial practices”.
However, a person can lawfully acquire trade secrets, such as by their own independent discovery or creation, or otherwise “in conformity with honest commercial practices”.
The Trade Secrets Regulations provide for a range of remedies if a trade secret is found to have been acquired, disclosed or used unlawfully. These can include damages, orders to preserve confidentiality, orders not to make use of information that has been deemed to be a trade secret, and corrective measures such as the recall or destruction of infringing goods.
Reasonable steps for protection
If a business finds itself in a situation where someone has taken advantage of the current disruption to make use of commercially sensitive information, it will stand to it if the business can demonstrate in court proceedings that it took “reasonable steps” to protect this information according its trade secret status.
In the current circumstances, such reasonable steps could include:
- Preventing remote access to any information that is particularly sensitive
- Ensuring that employees only communicate on work-related matters via agreed, secure platforms
- Prohibiting any use or downloading of unauthorised programs or applications on work devices
- Notifying employees to be on alert for phishing messages and other scams (especially those related to the coronavirus)
- Requiring employees to make all necessary security updates on their work devices
A business that takes these or similar steps to protect its information will be in a much stronger position to prove that the information that has been compromised is a trade secret.
What if a trade secret is compromised?
Businesses should also consider steps to prepare for a situation in which a trade secret or other commercially sensitive information is compromised, such as:
- Ensuring the ability to remotely wipe any lost or stolen devices containing such information
- Keeping track of all information that is under password protection and being ready to change these passwords
- Having a reporting process in place so that employees know who to notify
Steps such as these are advisable so that a business can mitigate the consequences if its trade secrets or other commercially sensitive information is compromised.
Businesses should carefully consider implementing these and other steps to protect trade secrets by means of a new policy. This will ensure a coordinated approach to protecting commercially sensitive information across the business. It may also prove useful in asserting that such information was a trade secret, meriting the protections and remedies that come with such status, if the information is compromised.
By David Cullen and Leo Moore, with Andrew Desmond contributing
David Cullen is head of William Fry’s technology group, where he and Leo Moore are partners and Andrew Desmond is an associate.
A version of this article originally appeared on the William Fry blog.