Going Beyond the Contract: Building a Trade Secret Protection Culture

By Craig Moss

For many companies in every industry, a digital transformation is underway, as they seek to develop a competitive advantage through new digital innovations and rely more heavily on digital data. This digital transformation is creating an enormous amount of new confidential information – much that should be considered and protected as trade secrets. It is thus increasingly important for companies to build a systematic, effective culture of protecting trade secrets – well beyond mere document marking and non-disclosure agreements.

Going Beyond the Contract

The creation of more trade secrets in digital form is one factor that has accelerated the trend towards companies using trade secret protection as a more common intellectual property strategy. The increase in digital activity makes trade secret protection more difficult, however, as digital assets are easier to copy and move. Effective protection can be even more difficult because trade secrets often need to be shared with third parties in the normal course of business – contract manufacturers, R&D centers, resellers, joint venture partners, and the like.

While there are important legal protections in place for confidential information that can be classified as trade secrets, effective trade secret protection needs to go beyond merely having non-disclosure contracts (NDAs) in place. To qualify confidential information as a trade secret, it must provide the company with a competitive advantage because it is secret, and the company must be able to demonstrate it took “reasonable efforts” to keep the information secret.

Recent cases show that courts are specifically looking at the presence and maturity of a trade secret protection program in defining “reasonable efforts”. Companies need to go beyond the mere identification and marking of trade secrets and the signing of NDAs to establish a systematic way to protect trade secrets. This is needed both to protect your own trade secrets as well as trade secrets you receive from a third party. If a problem arises you need to be able to clearly link the incident to bad intent, and not to sloppy management. 

Building Blocks of a Trade Secret Protection Program

For companies to implement a well-integrated trade secret protection strategy, they should start by evaluating the inherent risk and the residual risk related to the loss or compromise of their trade secrets. Inherent risk is the level of risk posed by the situation assuming no controls are in place.  What are your most valuable trade secrets that need to be protected?  How attractive are the trade secrets to others?  Who has access to them in the normal course of business?  How bad would it be if they were lost? As you develop a more mature trade secret protection program and implement appropriate controls, you reduce the inherent risks to an acceptable residual risk level.

Part of an effective trade secret protection program is also understanding and setting the acceptable level of residual risk for certain trade secrets. Realistically, some of your trade secrets are more valuable than others. You need to prioritize what to protect and how to do so, because you cannot protect everything equally well at an affordable cost.

Building a Culture of Trade Secret Protection

Given today’s digital business environment and cybersecurity concerns, an effective trade secret protection program must orchestrate people, process and technology. The goal is to build a culture where employees and relevant third parties respect and protect trade secrets. Building the culture requires that people understand the importance of trade secret protection and what they need to do, and commit to changing their behavior as needed.

But getting people to change their behavior is difficult; it requires more than announcing a new policy. To get people to change their behavior and adapt to new processes, the new processes need to be practical. If you push out processes and technology that are not practical for people or not understood, you are likely to create a “work-around” culture. Of course, technology safeguards also play a key role in trade secret protection, but creating a culture of trade secret protection can provide much more effective protection. Just as you cannot rely on contracts alone, you cannot protect trade secrets with technology alone.

The best way to make sure that your program is practical is to get input from all of the functional areas in your company while you are building the program. Ask the sales department if the proposed trade secret protection processes will slow them down too much. Check with the HR department about the practicality of the process for onboarding and offboarding employees. Work with the supply chain department to make sure that the proposed processes will not disrupt work with third parties. Keep in mind that it is typically these kinds of departments that are using the trade secrets in their work and their interactions with third parties, and are where problems can be likely to arise.

Reaching out to get cross-functional input in the program design phase has an enormous added advantage. It will accelerate adoption across your company because the department leaders have already considered and approved the changes. They can each become champions in their department to help build awareness of and commitment to the protection of your trade secrets.

Training is also a key part of building awareness and commitment. But to change employee behavior, the training needs to be supplemented by short, frequent communications to reinforce the message. The goal is to guide them to develop good habits, and there should be a tipping point. When enough people change their behavior, it becomes the accepted way to do things. At that point you can trust that people know the importance of protecting trade secrets and you can trust that they have integrated trade secret protection into their day-to-day behavior.

When you have built a sustainable culture of trade secret protection, it should be clear to all—even if problems do arise on occasion—that you have taken the necessary “reasonable steps” to protect your trade secrets!


Craig Moss is the Executive Vice President of Ethisphere, and Chair, IP Protection in the Supply Chain Standard, of the Licensing Executives Society.