In 2016 the EU adopted the Trade Secrets Directive, which has now been implemented into UK law by the Trade Secrets (Enforcement, etc.) Regulations 2018. The Directive aims to harmonise the law in this area to ensure that a minimum standard of protection exists across the EU. This will have a direct impact on businesses across the technology industry, from start-ups to established players.
Trade secrets: Why Protect Them?
Trade secrets can be the lifeblood of any business, ranging from key recipe ingredients, such as the secret composition and ingredients in IRN-BRU ®, to unpatented software algorithms which control how we shop on Amazon ®. Unlike other forms of IP protection they cost nothing to protect and can last forever if kept confidential.
Yet, in spite of their undeniable value, their protection has varied significantly across Europe and has been far less progressive than the protection of other IP rights.
Increasingly often, leakage or theft of confidential information and trade secrets has hit the headlines causing irreparable damage to the businesses concerned.
What is Changing?
Although trade secrets and confidential information protection previously existed in the UK, through the common law, this lacked clarity and cohesion. The Regulations will unify the previously fragmented regime and provide legal certainty for dealing with the unlawful acquisition, use or disclosure of trade secrets across the UK. It might be hoped that this should encourage cross-border project collaboration and increase enforcement possibilities, when needed.
As the existing UK law on trade secrets is largely reflected in the substance of the Directive, the Regulations mainly focus on the procedural issues associated with implementation. There is a new focus on the steps a business must take to ensure that its confidential information remains a ‘trade secret’.
New Definition of Trade Secret
The Directive begins by setting out a new, uniform definition of a trade secret. Information will be considered a trade secret if it
- Is secret in the sense that it is not generally known among, or readily accessible to, persons within the circles that normally deal with this kind of information;
- Has commercial value because it is secret; and
- Has been subject to reasonable steps (under the circumstances) to keep it secret by the person lawfully in control of the information.
A greater onus is put on those in control of such information to ensure that they take reasonable steps to keep it secret. Intention is no longer enough – active protective measures require to be taken.
What is considered ‘reasonable’ by the courts is not defined and is likely to depend, at least in part, on the business in question and the nature of the information.
New Remedies Available
The Regulations also introduce a number of new remedies which can be obtained from the courts where a business’ trade secret is compromised.
- Orders to stop the unlawful acquisition, use or disclosure of a trade secret, as well as measures to maintain the secrecy of trade secrets when they are the subject of a matter in court;
- Interim measures for seizure and delivery up of suspected infringing goods before a final judgment has been made; and
- Provisions allowing for financial compensation to be awarded instead of a final interdict/injunction.
Limitation periods for businesses to raise legal action for an alleged breach of confidence have also been set by the Regulations – five years for Scotland and six years for the rest of the UK. These would have applied previously.
What Does this Mean for UK Businesses?
The Directive enhances legal protections across the EU but it also introduces stricter requirements to benefit from these protections and businesses must take steps to prepare for these.
As a result of the new uniform definition of ‘trade secret’, European businesses have to actively protect their confidential information and prove this in the event of a dispute. They are encouraged to review their processes around dealing with confidential information – or risk losing the right to have it treated as such.
1. Understand and structure your sensitive, confidential information.
- Identify what information is confidential and falling within the Directive’s scope;
Review existing confidentiality procedures/ policies to ensure they are adequate and train employees on an ongoing basis;
- Develop and implement procedures for marking, segregating and storing confidential information; and
- Structure internal processes on a need-to-know basis and consider binding those with access to confidential information by appropriate non-disclosure agreements.
2. Monitor and control your secrets.
- Monitor and document compliance with internal policies;
- Consider and review confidentiality and usage clauses in contracts with employees and external business partners;
- Track the flow of confidential information to (and from) external business partners, customers and suppliers; and
- Ensure internal IT security protocols are adequate and that necessary encryption and access controls are in place – particularly on mobile devices.
Consider what trade secrets you have within your business. Have you taken any steps to protect them and other intellectual property rights you have and mitigate the risks of these being compromised? If not then now is the time do so.
If you’d like to discuss this and how we could help, please do not hesitate to get in touch.