The management of cyber security threats has moved from a task on IT Directors’ “to do” lists to a regular feature on management board agendas.

A great deal of focus is on avoiding the real threats posed by external actors which may result in a loss of access to part, or even all, of their IT infrastructure or a wholesale loss of data. Such threats are real and, when they happen, will make the headlines. However, the threat posed by authorised users of your IT systems must always be borne in mind.  We regularly support clients mitigating the risk from the “insider threat”, or helping ameliorate the after effects of an unauthorised loss of data by an employee or consultant.

An important measure is to ensure sensitive information is protected in line with the requirements of the Trade Secrets Regulations 2018.  If you do so, the law will afford enhanced protection to that information.  If not, then information misappropriated from your business might not be capable of protection from disclosure to the public – and your competitors!

Trade secrets: why protect them?

Trade secrets can be the lifeblood of any business. Ranging from key recipe ingredients, such as the secret composition and ingredients in IRN-BRU ®, to unpatented software algorithms which control how we shop on Amazon ®.  Unlike other forms of IP protection they cost nothing to protect and can last forever if kept confidential. Yet, in spite of their undeniable value, their protection has varied significantly across Europe and has been far less progressive than the protection of other IP rights. Increasingly often, leakage or theft of confidential information and trade secrets has hit the headlines causing irreparable damage to the businesses concerned.

Trade Secrets Regulations

The Regulations are intended to provide legal certainty for dealing with the unlawful acquisition, use or disclosure of trade secrets across the UK.  They contain the steps a business must take to ensure that its confidential information remains a ‘trade secret’.

What is a ‘trade secret’?

Information will be considered a trade secret if it:

• Is secret in the sense that it is not generally known among, or readily accessible to, persons within the circles that normally deal with this kind of information;
• Has commercial value because it is secret; and
• Has been subject to reasonable steps (under the circumstances) to keep it secret by the person lawfully in control of the information.

An onus is put on those in control of such information to ensure that they take reasonable steps to keep it secret. Intention is not enough – active protective measures require to be taken.

What is considered ‘reasonable’ by the courts is not defined and is likely to depend, at least in part, on the business in question and the nature of the information.

Remedies

The Regulations contain remedies which can be obtained from the courts where a business’ trade secret is compromised. These include:

• Orders to stop the unlawful acquisition, use or disclosure of a trade secret, as well as measures to maintain the secrecy of trade secrets when they are the subject of a matter in court;
• Interim measures for seizure and delivery up of suspected infringing goods before a final judgment has been made; and
• Provisions allowing for financial compensation to be awarded instead of a final interdict/injunction.

What should you do to make use of the Regulations?

Businesses should review their processes around dealing with confidential information – or risk losing the right to have it treated as such.

Key actions:

1. Understand and structure your sensitive, confidential information.

• Identify what information is confidential and falling within the scope of the Regulations;
• Review existing confidentiality procedures/ policies to ensure they are adequate and train employees on an ongoing basis;
• Develop and implement procedures for marking, segregating and storing confidential information; and
• Structure internal processes on a need-to-know basis and consider binding those with access to confidential information by appropriate non-disclosure agreements.

2. Monitor and control your secrets

• Monitor and document compliance with internal policies;
• Consider and review confidentiality and usage clauses in contracts with employees and external business partners;
• Track the flow of confidential information to (and from) external business partners, customers and suppliers; and
• Ensure internal IT security protocols are adequate and that necessary encryption and access controls are in place – particularly on mobile devices.

We regularly advise businesses on the steps which can be taken to protect their trade secrets and other intellectual property rights and mitigate the risks of these being compromised. If this is something which you think your business could benefit from, please do not hesitate to get in touch with our team.

Related News, Insights & Events