2. summarizes some of the practical steps that a company can take to protect trade
secrets.
• Developing an effective plan is not unduly expensive, time consuming or
distracting. Moreover, the loss of a trade secret to a competitor or the public
domain can be devastating. TSPP are good investments in light of the risks of not
having one. Bear in mind that even in some very competitive industries or with
some companies whose products include very proprietary technology, the need to
protect trade secrets with anything other than rudimentary protection will not
always be apparent to corporate decision-makers. Both inside counsel and outside
firms should be proactive in advising clients to consider adopting an appropriately
solid TSPP.
• For companies that are possible candidates for sale or outside investment, one of
the first things that well-informed buyers, investment banks, venture capital firms
or private equity firms look at is whether there is a comprehensive trade secret
protection plan in place. The absence of one can lead to a substantial devaluation
of a company, whereas the presence of a strong plan can increase the stated value.
II. Phases for Implementation of Trade Secret Protection Plan
• One size does not necessarily fit all. TSPPs can be elaborate or relatively simple.
There is no need for a company with a relatively low risk profile to invest in an
elaborate TSPP. However, few if any companies have no trade secrets worthy of
protection. (Ironically, information may not qualify as a trade secret under
common statutory definitions if the company doesn’t take reasonable steps to
protect the secrecy of the information in the first place. Note the circularity of the
risk.)
• The appropriate scale for your company’s TSPP will need to account for the
following factors, among others, all of which affect the risk profile of the
company:
o Degree of competition within the industry segment
o Whether the industry segment can support multiple players within a given
geographical area
o Presence of particularly aggressive or predatory players in the industry
segment
o Tendency of key employees (particularly those in management, sales or
R&D) to make moves within the industry
o Presence of rapidly escalating technology
2
3. o Past instances of employee defections from the company
o Discontent within the employee base
o Heavy involvement of subcontractors, consultants and third parties in the
company’s business
o Presence of actual and potential intellectual property rights in the business
A. Trade Secret and Confidential Information Audit
EXAMPLE 2: Marvelous Mattress Company (“MMC”) is a family owned company that designs
mattresses specifically for use by mid-tier motel and hotel chains. MMC’s claim to fame is that
their mattresses incorporate certain “technology” that make their mattresses notably more
comfortable than the mattresses that are economically feasible for mid-tier motel and hotel
chains. MMC has a long history of obtaining patents on its mattress technology in order to keep
competitors from honing in on its business. MMC’s long-time CEO and Founder, Mitchell
Moberly, now age 75, has a philosophy that he doesn’t believe in contracts and paperwork.
Therefore, MMC’s business relationships as well as its relationships with employees are handled
on a “hand-shake” basis only. MMC has a loyal basis of employees and low turnover because
the employees are treated well and compensated generously. Moberly believes that his legal
dollars are best spent on promptly seeking patent protection for all new mattress innovations
developed by MMC and the numerous consultants it engages. One of the newest technologies
developed by MMC and one of its leading consultants is a software program that allows a hotel
operator to assess and manage its inventory of mattresses based on a variety of criteria. This is
MMC’s first foray outside of technology associated with the mattress itself. You are outside
counsel to MMC. You read a compelling article about the increasing importance of companies
having a good trade secret protection program. Problem is, you have to convince Mitchell “No
Paperwork” Mobley. He seems to feel that the patent protection for the current products is all
that is needed to protect the company adequately. Do you agree? Do you see any value to the
company investing in any measures to protect the confidentiality of technology that is no longer
current (some of which may be still under patent protection and some of which are no longer
covered by patents)?
• The first step in developing the TSPP is to compile a list of all actual and potential
trade secrets associated with the business. Remember that "trade secrets" should
be regarded in the broadest sense possible and should include all of the items
listed in the first bullet of this Outline. Don’t think of trade secrets in terms of
just information or data or even inventions. Anything that is proprietary or unique
to a company could likely embody trade secrets. For example, relationships are
worthy of protection because in some instances it could be argued that those
relationships are, in essence, trade secrets.
3
4. • Counsel should be involved in this process since counsel will likely be more
attuned and sensitized to what might be proprietary. Trade secrets can be subtle
and many of the most valuable trade secrets are also intangible.
• A reliable list of trade secrets requires interviews with key employees, consultants
and others in the business, both from the management, sales and marketing and
research and development sectors.
• An adjunct to the development of the TSPP is to create a plan for registering and
protecting all intellectual property suitable for such protection. That is not
formally a part of the TSPP but is a separate step that should be promptly taken by
the company if it already hasn’t been taken.
B. Review and Revision of Company Contracts
EXAMPLE 3: You are one of the founders of a small start up company that is developing
software and related services for clients in the securities brokerage industry. You are also the
company’s only lawyer. Your company has great ideas and a few very talented R&D personnel,
but you need some strategic muscle to develop your company’s products in such a manner that
the large companies that would be your best customers take note of you. You engage McKenzie
to provide you with strategic consulting services. You are reading through the standard
McKenzie Client Services Agreement and you run across the following provision tacked on to the
end of the confidentiality section of the Agreement:
Nothing in this Client Services Agreement, however, prevents McKenzie from using
knowledge, retained in intangible form in the unaided memories of its employees,
contractors or representatives, as a result of provision of services to Client.
How would you react to this provision?
• Your company should review all of its standard contracting procedures and
contract forms with counsel to ensure that they enhance the company's protection
of its trade secrets. The laws constantly change and form agreements that are not
updated and fine-tuned in accordance with changes in the laws are risky.
Moreover, most companies’ business operations and their industries are subject to
change, sometimes very abrupt change. Our perception is that at least 85% of the
commercial contracts and agreements in place with high risk companies are B
grade or lower and some of those were prepared by big name law firms.
• All employees in many companies, including the most senior employees, should
sign a comprehensive agreement (which doesn’t necessarily mean a long
agreement) that includes confidentiality, invention assignment, and no conflict of
interest provisions. Certain classes of competitively sensitive employees should
have restrictive covenants in their agreement, limiting their ability to compete
with the company, solicit the company's customers and prospects and to solicit the
company's employees. Those covenants should apply during and for a reasonable
time after the employee’s employment. Remember that in many situations much
4
5. competitive harm is done by a defecting employee prior to his or her leaving the
current employment. Such restrictive covenants are subject to a complex maze of
case law and sometimes statutory law that is beyond the focus of this Outline.
However, in selecting your company’s trade secrets counsel, you should look for
firms with broad experience not only in the core issues associated with trade
secret and confidential information protection, but who are also experienced in
various areas of competition law, both from a drafting and prevention standpoint
as well as a dispute resolution and litigation standpoint. Having a strong IP
practice is also essential given the cross-over of issues among the related areas of
trade secret law, competition law and IP law.
• All consultants and independent contractors should be under contract with the
company. Those contracts need to be vetted carefully to ensure that the company
owns all work product and technology developed by the contractors and
consultants. Otherwise ownership of that work product and technology, in some
instances, resides with the consultant or contractor. Loss of trade secrets to
consultants and third parties is an every day risk for companies that haven’t
protected themselves adequately. The reality is that many of those consultants are
in the business of aggregating, at least at a high level, the knowledge that they
gain in individual consulting relationships and parlaying that into additional work.
• Important classes of contracts include the agreements that cover the company's
provision of services and products to its customers. A company should always do
this under a contract, and preferably its own form of agreement. Simple purchase
orders or statements of work are not sufficient unless they are tied into a
comprehensive commercial agreement.
• An important class of contracts are those between the company and "strategic
partners" or joint venture partners or joint developers. These agreements can be
treacherous if they do not clearly and fairly allocate IP rights between the parties
(and they often don't). Joint ownership is a concept that is fair sounding but is
largely unworkable in the real world and should be avoided.
• A standard, simple, multi-purpose non-disclosure agreement should be used in all
instances where the company is in discussions with a potential business partner, a
potential key employee, potential customers, where there is any risk that any
confidential information is going to be discussed or provided or where the other
party is given a tour of or access to the company premises. This is not offensive. It
is good sense.
C. Corporate Policy/Employee Policies
• Employees should be cognizant of the importance company wide of protecting
trade secrets. The roll-out of the TSPP should be a visible, informative process
and should be a team effort and commitment.
5
6. • The employee manual should have a section devoted to the TSPP and written in
“plain English” and not legalese.
• As noted above, employees should be under contract with the company to protect
trade secrets and to refrain from unfairly competing with the company.
• The company should police violations of the TSPP by employees and should take
firm and definitive action against violations.
• A corporate officer should be designated to deal specifically with TSPP matters.
Often this is the Chief Information Officer or Chief Technology Officer. It can
also be someone in the legal department or the HR department.
• The company should consider appointing a "neutral" officer to receive reports
(anonymous if preferred) of potential misuse of trade secrets or competitive
misconduct.
6
7. D. Internet, Intranet and IT Based Protections
• The company’s IT infrastructure poses high risks of trade secret misuse, theft or
inadvertent loss. The IT infrastructure often contains digitized information about
critical products, services, client relationships and financial data. Often sensitive
client data (entrusted by clients to a company) resides on the infrastructure.
• The risks to a company are exacerbated if the company’s website is “interactive”
and is designed to allow customers to access information about their accounts and
the company’s products and services.
• The company should include appropriate notices and disclaimers on its website as
well as on all "public-facing" marketing and sales materials that describe the
company and its products. The notices should be focused on noting intellectual
property rights of the company, and any disclaimers associated with use of the
website or information on it. If the company’s website is co-branded with
customers’ trademarks, then the risks are compounded.
• Client specific Intranets are highly useful features for customers, but present great
risks of loss of both company trade secrets as well as client information and data.
• Does your company use off-site servers for the storage of important data or
documents? Does it own those offsite servers or does it rent space from a hosting
company? If the answer is “yes” to either of these questions, then understand that
the risk of loss of trade secrets is higher.
• Does your company have a disaster recovery and business continuity plan in
place? These are typically third party products and services that can be fairly
reasonable in price but offer great protection in the event of loss of data on the
system or in the event of any disaster involving the company’s IT system.
Increasingly, sophisticated customers are demanding evidence of a service or
product vendor’s disaster recovery and business continuity systems.
• Has your company adopted a privacy policy that is tailored to the kinds of
customer information that might be provided through its website? Where is that
policy posted?
7
8. E. Physical Protections
• While many trade secrets are intangible by their very nature, there are always
physical repositories for trade secrets. Some companies invest substantially in
elaborate data protection systems but fail to implement some of most obvious
protections relating to physical protection of files, PCs, servers, etc.
• The company should review all of its facilities to ensure that unauthorized persons
do not have physical access to confidential data or information or systems.
Remember that a person’s status as an authorized employee can change on a
moment’s notice. Your company should have a clearly defined plan of action to
restrict someone whose authorization to access the IT system, files, programs
lapses.
• Company servers and PCs that host confidential client and company information
should not be readily accessible to unauthorized persons.
• The company should have a system in place that monitors electronically who
accesses the IT system, for what purpose and when. This feature should not be
de-activated by anyone for any reason.
• If the company has third party consultants or contractors on site or accessing the
IT system, the need for physical protections is heightened.
• Tangible physical embodiments of confidential or proprietary information should
be duly marked as confidential and should be stored in secure areas.
8
9. FORM CONFIDENTIALITY AGREEMENT
[bilateral]
_____________________________________________________________________
This Confidentiality Agreement is between [Company] (“[Company]”) and the party identified on the signature page
as “SECOND PARTY.” [Company] and Second Party are referred to together as the “Parties.”
III. Background
A. The Parties are contemplating a business transaction, relationship or an exchange of information (the
“Relationship”), which may be briefly described on the next page of this Agreement. The term “Relationship”
is intended to cover both the preliminary discussions of the Relationship as well as the Relationship itself, if it is
consummated. The Relationship may simply be a visit by one of the Parties to the facilities of the other Party or
a presentation.
B. The Parties may wish to share confidential and proprietary information with one another, and in order to protect
that information they have agreed to enter into this Agreement.
C. For purposes of this Agreement, the “Receiving Party” refers to the party who is in receipt of or comes to
know confidential information of the other Party (the “Disclosing Party”).
In consideration of the right to enter into discussions regarding the Relationship and to be privy to confidential
information of one another, the Parties, intending to be legally bound, agree as follows:
1. Non-Disclosure Obligation. The Receiving Party agrees not to disclose, communicate, transfer, give, sell,
license or lease any Confidential Information (as defined below) of the Disclosing Party to any person or entity
other than the employees of the Receiving Party who need to have such information in order to fulfill the
Receiving Party’s obligations or rights in connection with the Relationship. The Receiving Party may use the
Disclosing Party’s Confidential Information for the sole purpose of fulfilling the Receiving Party’s obligations
or exercising the Receiving Party’s express rights in connection with the Relationship. “Confidential
Information” of the Disclosing Party is non-public or proprietary information or data of the Disclosing Party
and its business, products, technology, customers and clients, regardless of the form of the information or data
(e.g. written, oral or electronic). “Confidential Information” also includes any trade secrets and intellectual
property (e.g. patents, copyrights, trademarks) of the Disclosing Party.
2. Duration of Obligation. The Parties shall be bound by their non-disclosure and non-use obligations under this
Agreement for the duration of the Relationship and for two (2) years after the termination of the Relationship or
discussions regarding the Relationship if it is not consummated or the cessation of activities between the
Parties. However, that with respect to any Confidential Information that constitutes a “Trade Secret” under
[Georgia] law, the Parties’ obligations shall last for as long as such information continues to meet the definition
of Trade Secret. The Parties intend for the rights and obligations of the Parties under this Agreement to exist
independently of rights and obligations imposed under applicable law. The Parties do not intend for any of the
terms of this Agreement to limit or eliminate broader rights available under applicable law with respect to the
protection of confidential or proprietary information or Trade Secrets.
3. Ancillary Obligations. The Receiving Party shall ensure that all employees to whom it communicates the
Disclosing Party’s Confidential Information understand fully the confidentiality obligations of the Receiving
Party with respect to such information. The Receiving Party shall promptly notify the Disclosing Party of any
unauthorized use or disclosure of the Confidential Information of the Disclosing Party, and Receiving Party
shall diligently assist Disclosing Party in minimizing the scope and impact of such unauthorized use or
disclosure. The Receiving Party shall promptly return any of the Disclosing Party’s Confidential Information
upon the request of the Disclosing Party, including any copies or extracts of such Confidential Information.
9
10. 4. Miscellaneous. This Agreement shall be governed by the laws of the State of [Georgia]. Any legal action
relating to this Agreement shall be conducted in the state or federal courts of [Georgia]. This Agreement shall
be binding on and inure to the benefit of the Parties, their successors and assigns. This Agreement contains the
entire agreement of the Parties with respect to its subject matter, and it supersedes all prior agreements or
understandings with respect to its subject matter. This Agreement may be legally modified or amended only by
a written amendment signed by both Parties. This Agreement may be superseded by other non-disclosure
provisions if the Parties agree to proceed with the Relationship. Any work product or deliverables (documents,
proposals, prototypes, code or others) produced in connection with the Relationship shall be owned solely by
[Company], and in the case of works of authorship such as software as “work made for hire,” and the Second
Party shall take all necessary action to convey all rights to [Company]. In providing information to the
Receiving Party, the Disclosing Party shall not be deemed to be making any representations, express or implied,
as to the information’s adequacy, sufficiency or freedom from error of any kind. Nothing in this Agreement
shall grant any express or implied right, title, interest or license in or to the Confidential Information of the
Disclosing Party other than the conditional right to use such information for purposes of the Relationship. The
rights of the Receiving Party to use the Confidential Information of the Disclosing Party may not be assigned to
a third party without the Disclosing Party’s prior written consent.
EFFECTIVE DATE OF AGREEMENT
DESCRIPTION OF RELATIONSHIP OR TRANSACTION (optional)
SIGNATURES
[Company]
Authorized signature
Printed name
Title
SECOND PARTY
Full legal name
Authorized signature
Printed name
Title
10