1

Preserving Competitive Edge

Workplace Tools for Preserving and Protecting Trade SecretsFebruary 9, 2015

BY ANDRE CASTAYBERT

CASTAYBERT PLLC

CO-CHAIR OF TRADE SECRETS SUBCOMMITTEE NYSBA IP SECTION

What is the economic impact of trade secret theft to U.S. companies?

The loss of trade secret information impacts a large percentage of businesses, and causes significant monetary damage.

2

1-ASIS/PwC “Trends in Proprietary Information Loss Survey,” 20072-ASIS/PwC “Trends in Proprietary Information Loss Survey,” 19993-ASIS/PwC “Trends in Proprietary Information Loss Survey,” 2002

4-Center for Responsible Enterprise and Trade “Trade Secret Theft – Managing the Growing Threat in Supply Chains,” 2012

1, 2, 3: Surveys polled CEOs of Fortune 1000 companies and US Chamber of Commerce members

% of Companies Reporting Lost Trade

Secrets1

63%

Average Damage – Manufacturing Sector2

$50 Million(per incident)

Estimate of Total Losses3

$53-59 Billion

Avg. Cost Incurred When a Business Partner Exploits Its

Access to Data4

$362,269(incurred by companies

per incident)

What is the economic impact of trade secret theft to U.S. companies?

Trade secrets provide a competitive advantage

For many companies, intangible assets, including trade secrets, are the most valuable assets they hold.

And some sources say the ratio has shifted from 80/20 tangible to intangible in 1975 to 20/80 in 2013

3

4

What is the economic impact of trade secret theft to U.S. companies?

Estimates of trade secret theft range from 1-3% of the GDP of the United States and other advanced industrial economies*

U.S. Senators Coons and Hatch: Estimate $160 to $480 billion lost to trade secrets theft in U.S. each year

*CREATe and PWC: “Economic Impact of Trade Secret Theft: A framework for companies to safegaurss trade secrets and mitigate potential threats

5

What is a Trade Secret?The UTSA Definition of Trade Secret

The Uniform Trade Secret Act enacted by all states and DC, except New York and

Massachusetts, defines a trade secret as:

information, including a formula, pattern, compilation, program, device, method, technique,

or process

that derives independent economic value, actual or potential, from not being generally

known to, or readily ascertainable through appropriate means, by other persons who might

obtain economic value from its disclosure or use; and

is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

R&D

Lab tests

Prototypes

Project research

Recipe development

Strategy

Manufacturing

Processes

Equipment

Recipes

Marketing

Advertising plans

Consumer surveys

Product Pipeline

Strategy

Sales

Incentive plans

Customer contact lists

Sales promotions

Strategy

Financial

Finance plans

Financial projections

Quarterly results

Negative know-how

Formulations solutions that did

not work

HR

Org. charts

Compensation plans

Severance plans

6

Examples of Trade Secret Information

Most losses do not occur by theft. In fact, most losses occur through simple carelessness. The most common mistakes that contribute to loss of trade secrets include:

Failure to incorporate or emphasize trade secret protection in the hiring process

Failure to limit distribution of sensitive information on a “need to know” basis

Failure to follow existing policies and procedures

Lack of communication with employees regarding the importance of trade secret protection

Failure to perform exit interviews and remind departing Employees of their confidentiality obligations

7

How Are Trade Secret Rights Lost?

8

Framework for Companies to Safeguard Trade Secrets and Mitigate Potential Threats

Identify

Document

Educate

Assess

Secure

9

Identify Trade Secrets Identify, locate, and inventory those trade secrets whose theft would cause the most harm

Build a cross-functional team of key stakeholders to define the company’s trade secrets Compliance and legal counsel Chief information security officer/ IT Business unit leaders and corporate function leaders Human Resources

Categories of trade secrets Product information: new hardware designs; updates of existing products Research & Development: basic or applied research Critical and unique business processes: inventory/distribution; manufacturing processes; business models Sensitive business information: M&A plans; market research; customer lists; info on key suppliers; corporate strategy IT systems and applications: system architecture designs; source code; algorithms

10

Questions to Ask What is the company’s competitive advantage?

What is unique about the product or process?

What confidential information would competitors want to know?

What would you consider the most important trade secrets?

11

Identify and Assess Threats and Vulnerabilities

To determine which trade secrets merit the highest protection, and to implement more effective protective measures, you need to identify and assess the potential threats.

12

Potential Threat Actors Malicious insiders

Current employees Lack of training Inadvertence (publication, disposal of assets, oversharing) Beware social media Beware disgruntled employees

Former employees Employee mobility Home computers Thumb drives

13

Potential Threat ActorsCompetitors

New employees from competitors Disgruntled employees who go to competitors Competitive intelligence programs and market research spies

14

Potential Threat Actors Suppliers, consultants, and customers

Access to your site Working with competitors Encouraging your competition Loose lips

15

Potential Threat Actors

Nation states and places of business Transnational organized crime Hacktivists

16

Identify Threat and Vulnerabilities

Which trade secrets are most vulnerable?

Who is a threat?

What is the probability of a theft?

How severe would the impact be if stolen?

What policies, procedures, and controls exist to mitigate theft?

17

Identify and Rank the Threat

How significantly would the company’s reputation be impacted by theft?

How critical is the trade secret to the fundamental operation of the business?

How core is the trade secret the company’s corporate culture?

Is the trade secret especially unique in the industry?

How valuable would the trade secret be to competitors?

How important is the trade secret to current or projected revenue?

18

Document trade secrets and efforts to preserve them Document the nature of the trade secret

Document the company’s investments in the trade secret

Document the steps taken to preserve the trade secret and to maintain confidentiality Written company policies and procedures Employee manuals Confidentiality and NDA provisions in employee, supplier, consultant, and agreements Onboarding interviews with confidentiality instructions Office access and computer access policies and protections Visitor sign-in, sign-out, badges and identification Password policies

19

Educate Start from the time you onboard new employees

Distribution trade secret policies and procedures and obtain acknowledgements

Trade secret training

Consistent communication and reminders

Education and reminders for departing employees

20

Protecting Trade Secrets Limit access to trade secret materials on a need-to-know basis. Locked filing cabinets with

limited access

Create secure passwords for computer-stored trade secret information

Consider shredding (rather than throwing away) documents containing trade secrets

Obliterate or wipe clean (rather than merely deleting) any trade secret information contained

on computer hard drives

21

Protecting Trade Secrets

Require all employees with access to confidential company information to sign confidentiality agreements Have clear written policies that leave no doubt that any access and use of company information, for purposes other than company business is strictly prohibited and have employees acknowledge receiving copies Send out regular reminders of the policies and require acknowledgment of receipt. Beware: Under many federal and state laws, employees have privacy rights in their personal information, even if it is stored on company computers

22

Protecting Trade Secrets Companies should safeguard proprietary information by:

conducting entrance and exit interviews with employees; educating managers and HR sources professionals regarding the company-owned items

that employees must return upon departure communicating the company’s policies regarding the monitoring of employees’ electronic

devices and communications to employees disabling employees’ access to company and computer networks at the time of departure creating a culture of compliance and confidentiality where employees recognize the value

of protecting trade secrets; and sharing best practices within their industries to protect valuable business data

23

Practical Measures: BYOD Policies

In light of identified risks to trade secrets portfolio, implement BYOD policy or require

employees to use company-issued devices?

Different policies for different levels of employees?

If adopt BYOD policy:

Specify which devices are permitted

Provide clear restrictions regarding use and transfer of company data

Explain when company gets access to device and data

Incorporate into exit interview process

Explain investigation, incident remote wiping procedures

Address personal data/privacy concerns consistent with applicable law

24

Practical MeasuresExit Interviews Identify the trade secret and confidential information the employee accessed or used.

Question the departing employee:

Ask employee why he is leaving

Ask employee what his new position will be

Check employee’s computer activities and work activities in advance of the meeting

Ensure that all company property, hardware, and devices have been returned, including e-mail

and cloud data, and social media accounts

25

Practical MeasuresExit Interviews

Ensure that arrangements are made to have all company data removed from any personal devices

Disable access to company computer networks

Make sure to obtain user names and passwords for all company social media accounts

Inform the employee of continuing obligation under agreements with the Company

Consider letter to new employer and employee with reminder of continuing obligations

Consider having departing employee’s emails preserved and electronic devices forensically imaged as

appropriate

Consider using an exit interview certification

26

Practical MeasuresPost-Termination Investigation

Interview employee’s co-workers; gauge whether employees are hearing about employee in the

marketplace

Examine employee’s email activity

Conduct a forensic investigation of employee’s computer activities

Examine and analyze badge records and access logs

Examine phone records

Check employee’s social media accounts as appropriate

27

Prepared by Andre Castaybert Esq.

CASTAYBERT PLLC 830 Third Avenue, 5th floor New York, N.Y. 10022 WWW.accounsel.com If you would like a copy of this presentation, please email Andre at: acastaybert@ac-counsel.com