Skip to main content

Pamela Passman: 8 Ways to Prevent Cyber Thieves from Stealing Your Secrets

Pamela Passman Create Org
August 12, 2015

It’s not enough to lock up your trade secrets. Companies must be ready to prove they took “reasonable steps” to prevent theft.


Locking the online gate, hiring the best security team, and telling employees not to steal trade secrets is not enough to protect your company’s confidential information. Companies must also take “reasonable steps” to protect their intellectual property, as research into national and international trade secret cases reveals.

In a Conference Board study, 68 percent of multinational firms said trade secret infringement risk was very high in emerging markets, yet only 36 percent said their current approach was effective. Although companies generally have policies in place, they often do not have supporting business processes to ensure protection of intellectual property.

The term “reasonable steps” can seem broad and vague, and companies have implemented various types of trade secret protections — with varying degrees of consistency and comprehensiveness. To provide guidance, we have mapped eight categories of effective trade secret protection to the programs that companies have implemented in winning lawsuits:

1. Implement procedures, not just policies, to establish and document protection.

The first line defense for many companies is non-disclosure and other agreements, which the courts have determined as evidence of “reasonable measures.” But the courts have also cited companies’ overall confidentiality policies as evidence of adequate protections. Companies that adopt specific procedures to implement their confidentiality policies — such as marking sensitive documents as confidential and seeking return of sensitive materials from departing employees — often prevail in lawsuits.

2. Incorporate confidential information protection into physical and IT security system planning.

While it goes without saying that a physical and electronic security are important in protecting trade secrets, government regulations are increasingly insisting upon it. In Japan, courts have examined steps companies have taken on physical and electronic security in determining whether information has been “kept secret” — and thus protected by unfair competition rules.

3. Secure information and departments most at risk for breaches.

Before adopting protection measures, companies need to identify key corporate secrets and assess the level of risk and potential damage. Courts have looked at whether companies have included information in an internal trade secrets registry as evidence of whether it was confidential and whether “reasonable efforts” were taken to maintain confidentiality.

4. Manage supply chain risks.

Litigation over trade secret theft involving suppliers and other third parties has often focused on how a company has managed its exchange of confidential material. Third party non-disclosure agreements have been deemed a reasonable effort of protection, and companies that regularly use them are almost 43 times more likely to prevail, according to one study of U.S. litigation. Other third-party safeguards are vital – suppliers and customers are a common source of trade secret breach.

5. Create a watchdog team responsible for trade secret protection, policy and enforcement.

Who’s guarding your trade secrets? If no one has overall responsibility — or if different departments don’t coordinate their efforts — problems can arise. The ad hoc way some companies protect trade secrets has often pointed to the likelihood that “no one is in charge,” which can lead to inadequate protection.

6. Train employees and vendors.

Inform staff and suppliers about trade secrets and how they should be protected, and provide ongoing training so they know what is expected when handling such information. Although several companies have won theft cases against former employees based, among other things, on evidence of their training procedures, a court dismissed MBL (USA) Corporation’s case against a former employee, finding that the company had failed to inform employees what it “considered confidential.”

7. Continue to monitor trade secrets protection over time.

Protection of trade secrets isn’t just a one-time exercise at the company’s formation or when a new employee gets hired. The courts have praised companies who review non-disclosure agreements and re-sign them annually.

8. Take corrective action when necessary.

Just like other compliance efforts, trade secret policies, procedures and documents should be enforced as needed — and reviewed and updated. The courts have examined corrective actions companies have taken against breaches as one element in deciding whether “reasonable steps” were taken to protect trade secrets.

Rapid Response Needed to Thwart Thieves

International, national and regional laws are converging around elements qualify for protection of trade secrets, so it is vital for companies to understand what “reasonable steps” are and what best practices need to be implemented.

In a world that is experiencing a dramatic rise in cyber theft, a company’s reputation, competitiveness —and even future — depends upon taking the right steps to protect its assets. Isn’t it time your company took “reasonable steps” to protect your company’s trade secrets?

Read CREATe’s white paper on “reasonable steps” recommended to protect trade secrets.


 /><br />
<br />
 <br />
<br />
<em>Pamela Passman is founding President and Chief Executive Officer of the Center for Responsible Enterprise And Trade (</em><br />
<br />
 <br />
<br />
 <br />
<p class=






All views expressed are those of the author.