EU Trade Secrets Directive puts onus on firms to protect company information

EU Trade Secrets Directive puts onus on firms to protect company information

92

Organisations are being urged to review their processes around dealing with sensitive business information – or risk losing the right to have it treated as confidential by the courts.

James Pressley, associate solicitor at Kirwans law firm, has issued the warning ahead of June 9, the date by which the EU Trade Secrets Directive – which was introduced in 2016 to provide a more cohesive approach to trade secrets across EU member states – must be implemented into UK law.

From that date on, a failure by businesses to take what the directive terms ‘reasonable steps’ to protect their trade secrets could result in a court refusing to punish those who reveal commercially sensitive information to others.

James said: “The introduction of the EU Trade Secrets Directive means it is more important than ever for businesses to review the way they protect commercially sensitive information.”

According to the UK common law definition of a trade secret: ‘Confidential information is protected when a person acquires information he knows, or ought to know, is fairly and reasonably to be regarded as confidential’.

However, the EU Directive’s definition of a trade secret is that it is ‘secret in the sense that it is not generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question’.

There are two other ways in which the directive defines a trade secret, and they are if [the secret] ‘has commercial value because it is secret’ and if it ‘has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret’.

“The upshot of this,” said James, “is that businesses have to ensure they have taken ‘reasonable steps’ to protect their trade secrets, which can include anything from a product design to their own business plans.

“As this comes hot on the heels of the introduction of GDPR, most people are now familiar with the need to carefully store and handle data, but there are additional steps that all organisations should take to protect that information to prevent it from being wrongfully used.

“If businesses are unable to demonstrate that they have taken these reasonable steps, they will find it much more difficult to bring a case under the Trade Secrets Directive.

“That said, the UK common law of confidence still exists and presumably could still be used to bring a case, but it will still be the case under both existing UK law and the Trade Secrets Directive that the biggest hurdle in trade secrets cases is obtaining evidence of misuse.”

According to James, these are the key actions businesses need to take to protect their trade secrets:

1) Ensure that the other party signs a Non-Disclosure Agreement before any trade secrets are shared with them;

2) Make sure all your commercial contracts with third parties contain confidentiality clauses;

3) In particular, make sure all your employment contracts contain confidentiality clauses;

4) Monitor your employees for compliance, provided that you do so within the applicable data protection laws;

5) Provide training for employees on the importance of trade secrets and how they should be protected;

6) Ensure additional protection steps are taken when confidential information leaves the workplace, for example, employees working from home;

7) Audit what confidential information you hold, who has access to it and how it is protected.