If a trade secret seems like the best approach, then to obtain and keep a trade secret three criteria must be met. The first element of the criteria is that it really is a “secret” as shown in the “Element 1 of a Trade Secret” figure. The second element is that the secret is “valuable” as shown in the “Element 2 of a Trade Secret” figure. The third element or criteria for a trade secret is that it has been protected from disclosure to others. This is described in the “Element 3 of a Trade Secret” figure.
Corporate internal procedures should also protect the company’s secret know-how. To do this internal corporate procedures must be instituted to establish a legal relationship with employees before the first day of work, during their employment, and after they leave. These generally can be categorized as prophylactic measures that are standardized and used for all employees. Another category of preventive measures aims to sure that corporations are protected against unsavory activity and inappropriate behavior. This is important in the company’s dealings with its suppliers and customers.
For companies interested in creating and maintaining sensitive information confidential in order that someday it can be formally converted into trade secrets, they should at a minimum have in place the following security measures to minimize the chance that any potential trade secret information is made public:
Premises Security: Visitors should sign in and be escorted, and leave their phone cameras behind. Access to especially sensitive areas should be controlled. Data rich computer displays and sensitive documents should be located in private spaces and locked away when not in use. Classification: Information contained in documents, including electronic files, should be designed designated where appropriate as confidential. Remember that information should be available for access only to those who need it. Process security: Robust password controls for appropriate access into parts of the system. Firewalls. Encryption on mobile devices. Contracts: Employees should sign confidentiality and invention assignment agreements. Outsiders should be allowed access to sensitive areas only under confidentiality agreements. Education: Employees, including executive should be trained on basic information security.
When it can be afforded, program should be extended with these elements:
Rules: Publish clear, simple but comprehensive rules and policies covering information security. Responsibilities: Delegate clear responsibilities and tasks below the primary manager; elevate overall management responsibility to a higher level. Preparedness: Make information security part of a specific business continuity and emergency response plan. Review: Establish and implement regular reviews of the program, to ensure that it has appropriate coverage and management.
For larger businesses, or those with higher information risk, do the above plus:
Full-blown security policies and procedures: These include social media and email use policies. Comprehensive systems for managing security: These include planning, reviewing, and improving the systems along with accountability. Confidentiality agreements (NDA): Utilize NDA’s and third party due diligence for collaboration and outsourcing management. More robust protection systems: These include stronger encryption and incursion detection tools for networks. More extensive education of the workforce.
Throughout the process, no matter this is size or resources, carefully consider:
Protection of personal identifying information: This is subject to many laws and regulations designed to protect individual privacy and security. Relation to other corporate compliance programs: Consider opportunities for management efficiency. International issues: How do your risks and available mitigation strategies vary according to the markets in which you operate? Changing Priorities: The value of information changes frequently; are you setting your priorities to focus on today’s most important data? Attitude and cooperation: Is your plan taken seriously by all areas of the business? Other silos of resistance to cooperation? Divide and allocate access to secret information: Send only lowered value data into high risk countries. Separate steps in a production process to occur in different places. Premix ingredients or prepare critical parts in secure locations. Separate teams and managers according to various parts of a process. Rotate managers.