Trade secrets are growing in importance for IP. Because of the continued acceleration of digital, the enforceability of non-compete agreements, and confusion over patentable subject matter, trade secrets are now a topic commanding more attention. There’s a widespread belief in the legal community that managing trade secrets is complicated and risky.
In this post, I hope to convince you that doing nothing is riskier, and that getting started with trade secrets is much easier than it seems.
My initial exposure to the world of Trade Secrets came through my prior in-house experience. A former employer decided we needed a trade secrets strategy, and it fell on me to figure it out. A lot of our valuable intellectual assets — models, data, and other “soft IP” — were not patentable, or at least not ideal candidates for patenting due to barriers like challenges in detecting use. We realized that to protect them, we needed to take trade secrets seriously.
Why in-house IP attorneys can be reluctant to embrace trade secrets
Patenting benefits from government-provided rules and practice guidelines for virtually every step of the process, so attorney's have a reasonable degree of certainty they are doing the right things. With trade secrets, there are no rules and only a few laws that provide limited guidance. And patent attorneys are so conditioned to looking to official guidance for everything that it might not occur to them that they can write their own rules to fill in the gaps.
I’ve also heard attorneys express fears that trade secrecy is riskier than doing nothing. They say, “If I call one thing a trade secret, but miss another important knowledge asset, and that non-designated asset gets stolen, am I in trouble because we didn’t call the stolen asset a trade secret?” I get it — it’s exactly issues like this that make us nervous, especially if we have litigators giving us advice. But doing nothing is actually more dangerous than the risk of missing an asset.
For the record, the legal standard is “reasonable measures.” The law doesn't say you have to be perfect, the law says you’ve just got to be in the game trying. Of course individual facts matter, but you will likely not qualify for trade secret protection if you do nothing. Doing nothing because you’re worried about missing important assets runs the risk of none of your assets being a trade secret — don’t let this fear dictate your behavior. I submit that the better question is: how do we identify and protect our important trade secrets, while also implementing enterprise-level controls to maximize the chances that missed assets will still be recognized as trade secrets?
I hope you see that being afraid of breaking things and doing things badly is not a good excuse to ignore trade secrets altogether.
The two fact patterns and one surprise I learned from deep-diving on trade secrets
When tasked with implementing trade secrets, I realized there is little statutory law or regulation. So I learned by immersing myself in case law. Two findings emerged. First, there are several fact patterns that recur over and over. The two that most stood out, their frequency suggesting I needed to take them seriously, were employee theft and third party misappropriation. Learn more about these risks in the guide linked below, The Six Guiding Principles to Managing Trade Secrets.
My second finding was that trade secrets are fragile, and protection is really about risk management. Unlike a patent that is generally secure for the duration of its life, a trade secret can be lost anytime. If information becomes public or the owner no longer takes reasonable measures to keep it a secret, trade secret protection may be lost forever. And the risks that can lead to loss of protection are usually operational, not legal. Consider the example of an insurance company with a key policy-pricing algorithm as a trade secret. The company maintains a website where users shop for policies, and the algorithm runs under the hood to deliver attractive pricing for the customer and company. What are the risks of that algorithm becoming public and thereby losing protection? One risk could be if the algorithm is not obscured: maybe competitors can observe the website and reverse engineer the algorithm. Or maybe, the risk is that competitors can directly access the code, i.e. there’s operational risk.
To address the operational aspects of trade secrets, I partnered with risk management colleagues who educated me about the many ways a company can design controls to prevent undesired outcomes. Through that experience, I realized that trade secrecy is more a business exercise than a legal one. Patenting is almost entirely a legal exercise: the inventor spends some time teaching the attorney about the invention, but then the attorney goes away and handles most of the process. It’s the opposite with trade secrets. The attorney needs to teach and guide the business, but the business has to carry the water. The Six Principles of Managing Trade Secrets discusses this concept as well.
Working with the business and leadership to make trade secrets happen
The Six Principles of Managing Trade Secrets guide provides a high-level architecture for a conversation between IP counsel and company leadership, and the beginnings of a trade secrets program. Every company will need to make this framework work for them, however. Adapting it will depend on things like your company’s risk tolerance and decision making style.
Along with these guiding principles, which are derived from case law and risk management best practices, there’s one more early callout IP should make to leadership: IP success metrics. Many patent attorneys are measured by patent volume. So part of any successful trade secrets strategy will be convincing leadership that patent quantity isn’t the only metric that matters.
I hope this provides the motivation and information you need to start getting to work on trade secrets. There’s no doubt you already understand their importance. Learning to manage trade secrets effectively does require doing new things and convincing the business to join you on the journey, but it can be done — with the help of basic information management principles, case law, and a strong partnership with the business.