(as published by Law360)
As we find ourselves halfway through 2025, now is a perfect time to thoroughly evaluate your company’s trade secret portfolio, and to reassess how your company protects confidential information and trade secrets.
Trade secret innovations, processes and data are not static, but rather evolve over time as business needs, situations and competitors change. New trade secrets that were developed over the past year — and beyond — should be evaluated to ensure that they are being handled appropriately by your organization.
Just as every vehicle needs annual inspections and oil changes, your company's valuable trade secrets should undergo regular inspections and tuneups, such as revisions to policies and security procedures.
To make these tuneups easier, follow these key steps to ensure that your trade secret portfolio is adequately protected.
1. Take inventory and make a list of your trade secrets.
A trade secret inventory should be maintained in a way that does not jeopardize the secrecy of the information in the inventory, and trade secrets should be catalogued and secured. Be sure to clearly document ownership of trade secrets by the company, e.g., identify employment agreement provisions, and obtain signed confirmations of ownership transfer from those who developed the trade secrets.
2. Assign a value level based on the trade secret's value to your business.
Ask yourself, “What happens to your business if this trade secret ends up in the hands of X competitor?” Choose three to five security levels and assign them to your trade secrets based on the value to the business. The necessary safeguards to protect a trade secret will vary case by case, based on the value and nature of the subject matter to be protected.
3. Mark confidential documents.
Label materials containing confidential information as “confidential” or “confidential-trade secret.” Label at least the first page and preferably all pages of documents.
4. Identify where trade secrets are stored, who has access, internally and externally, and implement safe storage procedures.
Based on the value level you assigned in Step 2, evaluate whether each storage method is appropriate. More valuable confidential information, such as trade secrets, should be stored in a manner that is highly secure.
Physical Storage
Copies of confidential material should be properly stored in areas of limited access, or in locked storage, when not in immediate use. They should not be left on desks. White boards or other displays containing confidential information should be erased before leaving a meeting.
Computer Systems
Measures should be taken to protect computer systems storing or allowing access to confidential information. Safeguards, e.g., firewalls, password protection, etc., should be put in place to minimize the risk of intrusion to the computer systems over a network, and to limit access to authorized individuals. Trade secrets, if stored in a computer system, should be stored in encrypted format.
Laptops, Tablets, Phones, Thumb Drives, Etc.
All computing devices must be password protected and locked when not in use. No employee should share a password with anyone else. Software may be utilized that monitors for suspicious activity — such software can track transfer of information, e.g., to a thumb drive, monitor for unusual print jobs, etc.
5. Limit access to confidential information.
Access to confidential information should be limited to employees with a direct need to know. If a broader distribution is desirable for internal communication, condensed versions should be used, from which sensitive information has been removed. More restrictive procedures may be appropriate for trade secrets, particularly those having the highest value to the company.
6. Verify employees are under an obligation to keep information confidential and to assign all intellectual property to the company.
Before a person is given access to confidential information — especially trade secrets — they must sign an agreement with a confidentiality provision. This includes all individuals, including but not limited to employees, contractors and third parties such as manufacturers, partners, etc. Signing a confidentiality agreement after confidential information has already been exchanged should be assumed to be an inadequate substitute for signing the agreement in advance.
Establish an employee education program to clarify the required treatment of confidential information and trade secrets. Educate your employees that any subject matter marked confidential is highly sensitive, and that they should treat it as they would their own personal information, like their Social Security number. Periodically remind employees of their confidentiality obligations.
7. Keep confidential information safe from visitors and when the information travels, and evaluate before publishing
All company visitors should be required to sign in at reception and to wear visitor badges. Records should be maintained regarding who visited, what organization they are from, and the time of their visit. Visitors should be escorted at all times, and must not take photographs without advance permission from the escorting employees.
If a photograph is to be taken, the escorting employees should ensure the photograph captures only specific approved subject matter and does not capture any confidential information. Visitors should sign confidentiality agreements prior to the visit. After meetings with outside entities, employees should prepare and circulate a memorandum or minutes describing what information was shared and reiterating confidentiality obligations.
Meetings with other parties to discuss confidential information should only occur after a suitable confidentiality agreement is in place. Prior to the start of the meeting, remind the parties that any information disclosed or discussed at the meeting is subject to the confidentiality provisions of the agreement. Access to the meeting should be limited to authorized individuals.
At the conclusion of the meeting, circulate memoranda or meeting minutes outlining what information was disclosed and indicating that such information is confidential and subject to the confidentiality provisions.
Avoid storing sensitive confidential information on electronic devices when traveling across international borders.
Prior to publishing information or making it publicly available in any form, whether in an article, at a trade show, during an interview, or in a press release or grant proposal, approval for the publication or public disclosure must be obtained from the company's management. The company's management should review all information planned to be disclosed prior to dissemination.
8. Verify offboarding procedures, including exit interviews and access removal.
Make sure appropriate procedures are in place for departing employees and contractors. Ensure that electronic devices are returned and the departing individual’s access to the company’s computer system is deactivated. Conduct exit interviews with departing employees to ensure they understand their obligation of confidentiality and have not retained confidential materials.
Conclusion
In conclusion, use the midyear mark as a time to annually evaluate your company’s valuable trade secrets and confidential information, how they have evolved and whether current safeguards are adequate.