Out of all potential sources of a company’s value, tangible or intangible, trade secrets are often the most valuable.
While the theft of trade secrets is nothing new, it is an ongoing and growing problem that leads to over $300 billion in annual losses according to the Commission on the Theft of American Intellectual Property. According to a Bloomberg survey, about 70% of organizations believe the risk of a trade secret being stolen will increase over the next five years.
You don’t have to search very hard to find examples of companies battling each other in court over this issue.
Take for example this story about University of California’s lawsuit against major retailers for selling imported light bulbs that the university claims are based on an invention of one of its research faculty. The attorney representing the university claims the retailers needs to pay royalties for using the designs.
Despite the importance of protecting trade secrets, it doesn’t appear to be a top priority for executives and boards. The same Bloomberg surveys reveals only 24% of large companies’ board or senior executives are directly involved in protecting trade secrets.
What is a trade secret?
Unlike patents, trademarks, and copyrights, trade secrets do not receive any sort of official certificate or designation from a state or federal government agency in the U.S.
Although a trade secret can consist of “all forms and types of financial, business, scientific, technical, economic, or engineering information” according to the U.S. Defend Trade Secrets Act, this information only qualifies for legal protection if “…(a) the owner thereof has taken reasonable measures to keep such information secret; and (b) the information derives independent economic value, actual or potential, from not being generally known to…”
In other words, just because a company has some information it deems confidential doesn’t mean it’s a trade secret. Both the U.S. Defend Trade Secrets Act and similar laws at the state-level are clear that an owner must take “reasonable measures to keep such information secret” in order for it to qualify for legal protection.
How are trade secrets stolen and what companies can do to protect their information?
In the same Bloomberg survey cited earlier, one-third of respondents claimed trade secrets had been stolen or misappropriated in the last 10 years. Going forward, these companies believe technology advancements will be a primary driver of this type of theft.
There are several ways trade secrets can be stolen, including:
Employees – this is by far the single biggest source of trade secret theft. More often than not though, trade secrets are not intentionally stolen to cause harm to the company. An employee for example may leave a company, and while he didn’t take any tangible information, he may disclose a “trade secret” in his role at a new company.
To prevent this, companies should be clear on what constitutes a trade secret and mandate that employees sign a non-disclosure agreement if they will have access to this information. Only grant access to those with a critical need.
New employees should be trained on properly handling trade secrets. Employees leaving the company should complete an exit interview, during which they are reminded of their obligation to not disclose any trade secrets.
One distinction needs to be made – an employee cannot forget their experience, and they should have no problem with leveraging it in future positions in other organizations. As an example, to support my clients during consulting engagements, I’m always tapping into knowledge and experience from my days of establishing an ERM process for a large Florida property insurance company. However, I never disclose the contents of conversations with executives or information not publicly available.
In the end, we can’t expect to completely erase someone’s memory…to do that, they will need to gaze into a neuralyzer from the movie Men in Black. I doubt anyone has one of these!
Physical Theft – Another source of trade secret theft is a company’s physical premises. Some companies have very stringent security at their facilities while others simply lock a door. Buildings should be secure enough to not allow someone to walk in off the street and take something. (You would be amazed at how often this happens.)
To prevent this type of theft, companies should understand where trade secrets physically reside and take reasonable but appropriate action. Are there areas of the building where access should be restricted? Can someone peek through a ground floor window and see conceptual drawings for a new product on a whiteboard? And don’t forget about the use of drones. Drones now give people and organizations the ability to see into windows above ground level, so if you are doing “top secret” work on a higher floor, don’t assume you are protected from physical theft.
Data breaches, hacks, etc. – Any company, large or small, is going to take steps to protect its IT systems. Many of these steps will protect trade secrets and other information by default. Larger companies with dedicated IT staff can monitor the information coming and going through its systems and look for any suspicious activity.
Employees should be required to have strong passwords and change them at least a couple of times a year. Also, employees should be trained on the importance of IT security and how to spot phishing schemes, especially being ultra-cautious about clicking on links to external sites.
In addition to these in-house measures, companies who operate in a foreign country will need to clearly understand relevant laws and adjust accordingly.
Finding the right balance in protecting trade secrets
The methods for protecting trade secrets outlined in the previous section – employee policies, physical security, and IT security – represent a very traditional approach to managing this risk. These actions typically occur in a silo and focus on the immediate problem.
However, not all companies will need to do the same things to protect their trade secrets – there’s no one-size-fits-all approach. Like ERM in general, what is reasonable for a Fortune 500 company will not be reasonable for a small local company with only a handful of employees. Each company has its own unique culture, so any measures have to take this into account.
Considering escalating theft of trade secrets, there’s no doubt companies need to take an active role in managing this threat.
With that said, a company also has to draw the line on where it may be overprotecting its trade secrets.
We often hear stories about companies who are too lax, but it is just as common for companies to be overzealous too – in some cases, to their detriment.
As Norman Marks explains in his new book Making Sense of Technology Risk:
…organizations don’t succeed and add value by managing risk. They do so by setting and then executing on strategies and objectives through intelligent and informed decisions.
In the case of trade secrets, companies must assess the situation of information disclosure – what would truly be detrimental to the company. There may be a lot of information that should not be disclosed, but will it make or break the company?
Also, if trade secrets do get out, how much are you willing to spend to remedy the situation?
Although it’s not a trade secret case per se, a good example is current litigation between T-Mobile and insurance startup Lemonade. The cell phone carrier claims it has a trademark on a certain shade of pink the startup is using in its marketing materials. Is paying an army of lawyers over a color really the best use of T-Mobile’s resources? What opportunities is T-Mobile missing out on because it’s diverting time and resources to this issue?
Available materials on trade secrets and intellectual property do a great job of helping us understand this threat. Norman Marks’ commentary on technology risk has a saying that applies to this situation. Here is my paraphrase: Published information helps us understand the situation. The hard part is translating the information into supporting the overall organization, its achievement of objectives, or helping management make intelligent and informed decisions.
The tendency to dive right in and address every conceivable threat to your company’s trade secrets is certainly understandable – after all, people have worked hard on things like this!
However, in light of time, financial, and other constraints, choices have to be made. Is it really worth pursuing a trade secret thief at the expense of investing in product development, employee training, and other actions to help the company succeed?
In some cases, the answer will be yes, and in others, an emphatic no!
How does your company prioritize its protection of trade secrets?
Has your company ever sustained damage because of a trade secret theft?
I invite you to share your thoughts and experiences on this important topic. Leave a comment below or join the conversation on LinkedIn.
Contact me today to discuss your company’s challenges with prioritizing pursuit of opportunities versus managing risks.