The Reality of Trade Secret Protection

Daniel Roffman , Shannon Murphy , Steve Grimes


June 1, 2019

trade secrets intellectual property protection

Intellectual property-intensive industries comprise more than half of U.S. exports, totaling $840 billion in annual revenues, but many companies struggle to effectively prevent the theft or misappropriation of their trade secrets.

A recent Bloomberg survey provided a snapshot of how companies of varying sizes allocate responsibility for trade secret theft protection, measures they currently have in place and their perception of the risk. It also shed light on current attitudes toward the importance of trade secret investigations and identified opportunities for improvement. While the survey revealed that the majority of companies perceive protecting trade secrets as a “high” or “very high” priority, most respondents indicated that their companies face impediments to doing so effectively.
Sworn to Secrecy: Protecting Trade Secrets and Intellectual Property
Despite their impact on the American economy, trade secrets are not memorialized with an official document from the government like other types of intellectual property such as patents, copyrights and trademarks. Rather, trade secrets are defined by what information a company chooses to protect. For this reason, taking reasonable steps to maintain the secrecy of information is critical to protecting trade secrets. Read more on trade secret protection from the June issue of Risk Management.

One-third of respondents indicated that their company has had trade secrets stolen or misappropriated in the past 10 years, and about 70% believe that their organization’s risk of trade secret theft is going to increase in the next five years, primarily driven by advancements in technology.

Respondents from smaller companies were statistically more likely to say that their companies had not had trade secrets stolen in the past 10 years, while those from larger companies were more likely to not know whether they have had trade secrets stolen.

In addition, 21% of respondents said that no one at their companies has responsibility for protecting trade secrets—a startling figure given the significant risk of theft. Fifty-seven percent of respondents indicated that the primary responsibility for protecting trade secrets falls with the legal department. While this may be logical, ownership within the legal group can be insufficient because other groups like IT, security or HR must implement the necessary technology, policies and protocols. Corporations should ensure they are aligning these groups and collaborating across stakeholders and with outside experts to bridge the gap.

Only 13% indicated that their companies are well-prepared to protect their secrets, while the majority identified impediments to doing so. Among respondents from companies with more than 1,000 employees, 46% said a lack of awareness that a theft has occurred is the biggest impediment to preventing trade secret loss. Another 20% cited lack of affirmative steps to adequately limit access to IP. Other top barriers included insufficient or non-existent investigation protocols when theft is suspected and obtaining a legal remedy in the event of theft.

Respondents indicated that the most effective measures for protecting IP are technical and physical security measures, including passwords, encryption and data access limitations. Confidentiality or non-disclosure agreements and policies also ranked high as common steps taken to mitigate the risks. These findings were particularly interesting as they are often the types of measures assumed to be sufficiently implemented and, thus, can create a false comfort that trade secrets are being protected.

Very few respondents said that internal investigations are an effective measure to prevent trade secret theft, suggesting that theft will happen regardless of whether follow-up investigations occur, though larger companies were significantly more likely to do so. Investigations can be critical in identifying important facts of a misappropriation case and providing the evidence a company needs to pursue legal action. Particularly if they end in disciplinary action, litigation or a criminal referral, investigations can also send a strong message to employees that the company takes trade secret theft seriously.

Trade secret theft often occurs around or in conjunction with an employee leaving a company. In fact, numerous reports have cited that up to 69% of organizations have suffered significant data loss from employees who took information resources with them when they resigned or were fired. A Symantec study found that 50% of employees admit to keeping confidential data after leaving a company and 40% plan to use that information at their new job. Despite these risks, 20% of the respondents in the Bloomberg survey indicated they do not have HR procedures related to trade secret protection for when an employee is terminated or resigns.

Despite the significant damage IP theft can leave in its wake, only 24% of respondents from large companies indicated that their board or senior executives are involved in safeguarding trade secrets. This presents another area for improvement as board and C-level buy-in can provide legal teams with the resources and executive-level guidance to effectively address these risks.

Protection of trade secrets and remedial action in the event of misappropriation are critical to a company’s long-term success. In-house counsel should collaborate with corporate leadership, internal stakeholders and outside experts to develop a holistic trade secret management playbook that combines physical and technological security, information governance, access controls and on-boarding/off-boarding procedures. These steps, which can and should be tailored to each company’s risk tolerance and business needs, should be implemented alongside a proactive response plan that allows prompt investigation when suspected theft occurs.
Daniel Roffman is a senior managing director in the computer forensics practice at FTI Consulting.
Shannon Murphy is a partner at Winston & Strawn LLP and a member of the firm’s global privacy and data security task force.
Steve Grimes is a partner and registered foreign attorney in Winston & Strawn LLP’s Hong Kong office, where he leads the firm’s Asia litigation practice.