On 9 June 2018 the UK implemented the EU Trade Secrets Directive, designed to ensure that all organisations throughout the member states have at least a bare minimum level of protection for their confidential information. But what does this mean for UK businesses and what do they now need to do to ensure their secrets are legally protected?
Trade secrets can range from customer and client details to prospective management reshuffles; from innovative software to tailored manufacturing methods. However, their legal definition is slightly more complicated.
Previously, the UK has dealt with the misuse of confidential information under common law, through what has been a comprehensive set of principles. However, as part of an attempt by the EU to harmonise legislation around trade secrets across its member states, the Directive on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure was introduced. This means that the UK now has a statutory definition for trade secrets.
Under the new directive, the definition of a protected trade secret is that it is not generally known or readily accessible to others who normally deal with the same types of information, it has commercial value because it is a secret, and the organisation or individual has taken “reasonable steps” to keep it secret.
This vastly expands the level of protection which many EU member states offer their businesses. However, for UK companies this is actually a slightly narrower definition than our case law has established, wherein it is not legally necessary to take the “reasonable steps” to keep the information secret or show it has commercial value.
However, organisations shouldn’t have reason to worry – the new regulations will run parallel to the common law, and claims can still be made under both. What this does mean is that UK companies trading across the EU will be able to operate knowing that there is a legal framework in place to stop their secrets being stolen.
The best thing that businesses can do at this stage is to ensure that internal processes are up to scratch and make sure that “reasonable steps” are being taken to protect their secrets. This keeps all options open and means that claims could potentially be made on the grounds of both the common law and the new regulations.
One “reasonable step” to take might be to only disclose trade secrets under strict confidence, or perhaps even under contractual obligations, such as non-disclosure agreements. Another might be to conduct audits and keep an accurate register of secrets, although the information within this would need to be kept brief, so as to not to disclose them in the register itself.
Staff education and training will be key from the outset. Confidentiality agreements in employment contracts should be suitably robust to safeguard against distribution of sensitive information both during and following staff members’ employment within the company. It is similarly important to introduce and set out comprehensive policies for how trade secrets should be handled and managed internally. This could include guidelines for how information should be marked, stored, encrypted and distributed when necessary, while also setting out strategies around potentially hazardous situations, such as the printing of documents. For larger companies, it might be worth appointing a team specifically to oversee processes around trade secrets.
While every employee will need to do their part and take on a share of the responsibility when it comes to protecting confidential information, there are still certain departments which will be most at risk, given their line of work. These include, for example, any research and development (R&D) departments, where development work can lead to patentable inventions or registered designs.
If the worst should happen, and an organisation’s trade secrets are acquired unlawfully or misappropriated, the best thing they can do is act as quickly as possible. If the breach is discovered early enough then it may still be possible to put in a request for an immediate injunction. If a company receives knowledge of the possibility of a breach of information, then a pre-emptive injunction could block the guilty party from making the information public.
If this approach is not possible, and information has already made its way into the public domain, then the company can still look to bring an injunction against the organisation or individual who has spilledthe secret. However, once information is public it is no longer possible to make it private once more. Therefore, by far the most important aspect of the entire process is that organisations ensure that their security procedures are in place and the secrets do not get exploited in the first place.
While the implementation of the EU Trade Secrets Directive may be most consequential for multi-national organisations working across the EU, its advent in the UK is the perfect time for all businesses nationwide to review their processes and ensure that they are protected no matter what future challenges may arise. This way organisations can be assured that they are in the best position to protect their trade secrets, knowing that both new and pre-existing laws will be at their disposal should a breach occur.