When providingcompanies with education and training on trade secret protection, I often find therisk of trade secret leakage truly quite high. As a simple example, I often askthe audience: "Now, imagine you sitting in front of your office desk. Pickingup a document in front of you, you ask yourself: 'Is this our company's tradesecret?’” If you can't answer the question or are unsure, I will then ask,"If you don't know what your company's trade secret is, what's the pointof signing a non-disclosure agreement? And even if there are work rules thatstipulate an employee’s confidentiality obligations, it doesn't seem to meananything either?"

■Internal Risk I:

Theemployees are not aware of the company's trade secrets.

Becauseof this, in judicial practice, breaching employees often testify in court that,“the company never told me this document is the company’s trade secret;” “mydepartment head even told me to bring this document home for overtime. If it wereimportant, would the company let me bring it home?” Although such argumentsseem crafty, they do show the company’s insufficient protection of tradesecrets. Specifically, a company often loses its case because of the followingreason. For example, Company X sues Employee A for taking the customer listwith him when he left the company. During the investigation, Company X wasoften challenged: although the company did sign a confidentiality agreementwith A, but the terms in the agreement were general terms; they were not clear.Simply put, if the company did not state in terms of the employment contractthat customer lists were within the scope of the confidential information to beprotected, would employees know by signing the employment contract that theywere obliged to protect “customer lists”?

Inaddition, although Company X did provide training, but the training materialsand test questions mostly talked about general concepts. There was no mentionthat customer lists were trade secrets. Moreover, if this customer list was soimportant, why wasn’t it marked “confidential” or something similar, or placedbehind a lock? Instead, even janitors or other employees could just pick upthis document and leave. Lastly, when Employee A left his job, if this documentwas so important, why wasn’t it mentioned?

■Internal Risk II:

If anemployee took something they should not have taken when they left their formeremployer, you might be in trouble too.

TakeEngineer A as an example: He left his position at Company Y to assume a similarrole at Company X. Subsequently, Company Y discovered that A had illegallydownloaded confidential information onto a portable drive. Given thecompetitive relationship between Company Y and Company X, Company Y wouldlikely opt to sue both A and Company X. To mitigate liability, Company X mustdemonstrate that it "has taken all reasonable precautions to prevent theoffense." Whether the likelihood of exemption from liability is high ornot, it's crucial for companies to recognize that, based on the rationale andprecedents outlined in Intellectual Property and Commercial Court Judgment109-Xing-Zhi-Shang-Chong-Su-Zi No. 4, escaping unscathed from such situationsis challenging. (Refer to another article by the author in the Commercial Timestitled "Turns Out That Recruiting Employees May Also Violate the TradeSecrets Act" for further details.)

■External Risks:

ExternalManagement

Thinkof the following examples to see if your company is exposed to such tradesecrets risks: 1. The materials provided by your supplier is found to haveinfringed the intellectual property rights of others. Will your company be suedas well? 2. Your company uses an OEM, but the OEM’s management is poor andtheir employees have insufficient awareness of confidentiality. 3. A jointlydeveloped a product with B but terminated the collaboration for some reason.Later, A found that the colleagues in the R&D department were stillsecretly using the confidential information provided by B prior to thetermination of collaboration.

Fromthe examples above, one can see that, in a collaborative relationship between acompany and its external sources (including suppliers, companies outsourced,R&D partners, OEMs, etc.), there still exist risks that the company cannotcontrol but needs to rely on a good management system of the external source.

Inthis article, we listed some common internal and external risks regarding tradesecrets for companies that have not thought about such issues to conduct risksidentification first. The next step is risk control and management. This partinvolves a key step in trade secrets protection: reasonable protectionmeasures. Before I explain it in future articles, I would like to have youthink about a few questions first: 1. What is the true meaning of reasonableprotection? Is it simply copying protection measures you can find online? 2.What is the purpose of these measures? Is it about making it leak-proof or isit just to remind your employees? 3.What kind of protection measures areconsidered “reasonable”? Is it simply copying the best template, regardless of ifit affects your business operations? 4. Is it about simply establishing asystem and not focusing on actual implementation? Is it just to meet your boss’sor the competent authority’s requirements?

Thisarticle was published in the Expert’s Commentary Column of the CommercialTimes. https://www.ctee.com.tw/news/20240304700088-439901

‍