To protect trade secrets, a company firstly needs to know where the risks (issues) are so that they can cure the problems with the right solutions. Following our last article (on knowing your risks), which addressed the possibility of trade secrets leakage through employee mobility (internal) and co
Before analyzing, I’d like to ask the readers to think about this question first: “What are the most important trade secrets of my company? What kinds of secrets are off limits for leaking to competitors? What kinds of secrets are the ones I would love to take with me when I leave the company?” If you have the answers (let’s call such answers “Information A”), then, continue to ask yourself, “Which department/system of the company is Information A mainly located? The R&D department? The sales department? Others?” Let’s assume that Information A is mainly stored in Department X. Then here comes the key point of this article: Ask yourself again: 1. Can the employees in Department X use storage devices such as USB disks? 2. Can they use cell phones with photographic capabilities? 3. Can they use cloud storage? 4. Can they use emails with attachments? 5. Can they download social media, cloud apps, etc.? 6. Can they bring in their own personal laptops? 7. Can they print at will? 8. Does Department X allow visitation by customers at will (or without applying for visitation first)?
■Trade secrets protection mainly guards against honest mistake
The eight questions (scenarios) above are all leakage channels commonly seen in judicial practice. Some people may wonder if these are the only ones. Of course not. As the saying goes, "A good god is one feet tall, but an evil god is ten feet tall (evil always tries to outplay good)," for people who have the will and the smarts, there are countless ways for them to accomplish it. So here comes a reminder: To protect trade secrets is mainly to prevent honest mistakes by employees and supplier.
What does this mean? Let me explain it: According to my experience in past cases, in 70% of the cases, leakage by employees were caused by honest mistake. Let’s take Information A as an example of confidential information again. The way the company manages Information A may not have let its employees know that Information A is confidential information at all. For example, the company does not show care about Information A; there is no mark of “confidential information” on Information A; there is no control over the electronic copies of Information A in the company’s file systems, allowing all departments access to Information A; hard copies of Information A can be randomly place on an employee’s desk (not placed behind a lock); no one cares if Information A is brought home by employees; although employees training continues to emphasize the importance of confidentiality, but no one has ever mentioned that Information A is confidential.
This way of management will result in: If an employee does not clearly know Information A is the company’s confidential information, one day when the employee terminates, according to human nature, what would he do? He would probably take everything he is allowed to, as long as the object is not mentioned by the company as something that needs to be returned (or for which there is no clear hand-over procedures). Under this type of management, is it the company’s mishap in management? Or the employee’s “intentional” act? Or simply the employee’s honest mistake? The answer seems obvious.
About the protection (management) of trade secrets, we will address it in another article. For now, let’s go back to the means of trade secrets leakage. Think again: The eight common means (problems) of leakage above, do you answer yes or no? If you answer “yes” to any of the questions above, you are at risk of trade secrets leakage.
■Trade secrets leakage prevention starts from making an inventory of trade secrets.
Some may say: Managing a company isn’t that easy! If you place so many restrictions on employees, making them not able to use USBs, print, email, take documents home for overtime, etc., is such sacrifice in operation efficiency worth this risk that you don’t even know if it will occur? Here, I’ll share my opinions first: The management of trade secrets protection does not call for “leak proofness”, but should be “customized” and “reasonable” according to the type of industry and company culture and, at the same time, take into consideration the balance between thorough implementation of the system and the company’s operation efficiency.
Up to now, we’ve generally introduced: internal risks (at the stages of an employee’s arrival, employment, and termination), external risks (i.e., external suppliers), and risks from a company’s internal control (that is, the means of leakage mentioned briefly in this article). Now, please answer this question: “What is the foundational cause that leads to the risks above?” Is it unstoppable human nature? Or is it because the company does not implement its policies thoroughly and thus make its employees not clear on what to do? Different reasons result in differences in management measures. Nevertheless, regardless of the reasons, the author believes a key reason is: The company never conducted a thorough “inventory of trade secrets.”
Therefore, at the end of this article, I would recommend those companies resolving to protect/manage their trade secrets, after reading these two articles on risks, to start with an inventory of their trade secrets first.
This article was published in the Expert’s Commentary Column of the Commercial Times. https://www.ctee.com.tw/news/20240319700088-439901