CONFIDENTIALITY POLICY AND GUIDELINES
UNIVERSAL TRADING & INVESTMENT CO., INC.
A Massachusetts corporation, incorporated on February 11, 1993.
(Adopted by the ad hoc Executive Committee for review of guidelines)
1. Introduction.
As enterprises increasingly rely on intangible or knowledge-based assets rather than tangible or physical ones for creating and maintaining their competitiveness in the marketplace, their ability to create, deploy and strategically manage such proprietary assets is becoming a crucial factor in business success. Today's business environment has increased the importance of trade secret protection and the development and implementation of information protection practices.
These must address the risks associated with a global marketplace, rapid advances in technology and telecommunications, a mobile, highly-skilled work force, and network strategic business relationships, including extensive outsourcing. Under these circumstances trade secrets are rapidly becoming, in some cases, a choice form of intellectual property protection in the information economy. Machinery and mechanisms were the brainchildren of the Industrial Age and patent law was designed to protect these. In the Information Age, trade secret protection is, in some cases, the most attractive, effective and readily available intellectual property rights.
While the information economy has made trade secrets more important, it has also made them more likely to be stolen. A more mobile workforce, the increased use of contractors and consultants, and increased infrastructure outsourcing all provide opportunities for trade secret information to leave the company's control. Information technology itself contributes to the mobility of information. Increasingly, information is stored in easily copied computer files, and internet connectivity and high-density media such as CD-ROMs make these files easy to transport.
Adequate and effective creation, protection, use and management of trade secrets is the starting point on the road to successfully developing and managing an intellectual property strategy and integrating it into the general business strategy of UTICo.
2. Definitions for Present Guidelines.
A trade secret is commonly defined in broad terms as any information, including but not limited to technical or non-technical data, a formula, pattern, compilation, program, device, method, technique, drawing process, financial data, or a list of actual or potential customers or suppliers that: is sufficiently secret to derive economic value, actual or potential, from the fact that it is not generally known to other persons who could obtain economic value from its disclosure or use; and whose secrecy is achieved thanks to its holder's reasonable efforts.
While it is not possible to precisely define a trade secret, courts often consider a non-exclusive list of factors to determine whether information is, in fact, a trade secret. These factors include: the extent to which the information is known outside the owner's business; the extent to which the information is known by employees and others involved in the owner's business; the extent of measures taken by the owner to guard the secrecy of the information; the value of the information to the owner and to its competitors; the amount of effort or money contributed by the owner to develop the information; and the ease or difficulty with which the information could be properly acquired or duplicated by others.
3. The Existence of Trade and Consulting Secrets and Confidential Information.
The subject matter of a trade secret must, as its name implies, be kept secret. Persons other than the owner may know of the secret. However, confidential disclosure to employees or others bound to secrecy will not destroy the status of the trade secret. A substantial element of secrecy must exist. Information generally known to the public or inside a particular industry is not typically afforded trade secret protection. While secrecy need not to be absolute, it must be sufficient to confer actual or potential economic advantage on one who possesses the information. Thus the requirement of secrecy is satisfied if it would be difficult or costly for others to acquire and exploit the information without resorting to some form of wrongful conduct.
Trade secret protection has been extended to a wide spectrum of information. While trade secrets are often equated with processes or product development, services can also constitute trade secrets provided they meet the abovementioned requirements. Even negative information, so-called "negative know-how", such as research options that have been explored and found worthless, can be a trade secret.
The following are a few sample categories: data compilations, briefs, consulting reports and papers, designs, drawings; valuable business information such as business strategies, methods of doing business and marketing plans, for example a company's plan to launch a new product; costs and price information; information about research and development activities; algorithms and processes that are implemented in computer programs, and the computer programs themselves; manufacturing technology or repair processes and techniques; document tracking processes; schedules, manuals.
A trade secret may be made up of a combination of characteristics and components, each of which by itself is in the public domain, but where the unified process, design and operation of such characteristics or components provides a competitive advantage.
Although trade secrets may elude precise definition, they are nevertheless valuable property. However, as the US Supreme Court recognized, once secrecy is lost, the property interest is destroyed forever.
4. Protection of Confidential Information.
Contrary to patents, trade secrets are protected without registration, trade secrets are protected without any procedural formalities. Consequently, a trade secret can be protected for an unlimited period of time. Moreover, it does not/may not cost anything.
Nevertheless, trade secret protection is limited. A trade secret holder is only protected from the unauthorized disclosure and use of the trade secret by others and from another person obtaining the trade secret by improper means. Indeed, it is illicit to acquire another's trade secret if one knows or has reason to know that the trade secret has been acquired by improper means. Improper means include theft, bribery, misrepresentation, breach or induced breach of a duty to maintain secrecy, or espionage by electronic or other means. Reverse engineering or independent derivations alone are not considered improper means. Reverse engineering is the determination of someone else's trade secret information via examination and testing of publicly available information.
Depending on the legal system, the protection of trade secrets either forms part of the general concept of protection against unfair competition or is based on specific provisions or case law on the protection of confidential information. It should be pointed out that there was a noticeable movement towards increased trade secret protection in many countries of the world during the 1990's and a surprising uniformity in the treatment of trade secrets. Trade secret theft now constitutes a crime in many countries.
In the U.S., many aspects of the doctrinal development of the law of trade secrets in the United States came from England. Trade secret laws are state granted rights. Nearly all states have adopted the Uniform Trade Secret Act (UTSA). The UTSA allows recovery of plaintiff's actual losses and the amount by which the defendant has unjustly benefited from misappropriation. Damages may include lost profits and the costs associated with repairing the damage to one's business. Exemplary (e.g. punitive) damages can be recovered in exceptional cases. Injunctions are also available. Under the Economic Espionage Act of 1996 (codified in part at 18 U.S.C. § 1831, et seq.), the theft of trade secrets is now a federal criminal offence.
5. Protection Measures to Be Taken.
The holder of a trade secret must take measures to protect and maintain its confidentiality. Typical measures to protect trade secrets include agreements with licensees and financial partners, nondisclosure agreements with employees during and after employment, warnings or notices on written materials, and physical security measures such as periodic security checks, closed-circuit monitors, and restricted access to computers and classified areas.
Taking steps to protect trade secrets from theft makes good business sense for several reasons. Preventing misappropriation from the outset is the most cost-effective way of enforcing trade secrets.
As there is no government registration in any country of the world, the cost of protecting trade secrets is largely the cost of putting in place an information security and protection policy and program in the company in addition to the cost of monitoring, surveillance, audit and legal measures against insiders or outsiders who breach or try to breach the security system.
An enterprise-wide security and protection program is an essential requirement for the protection of trade secrets. A basic step in developing such a policy and program is to identify and prioritize business secrets based on their value and sensitivity in an on-going and continuous process. An effective corporate program requires the continuous classification of new trade secrets and the de-classification of stale secrets that no longer have economic value.
Nondisclosure agreements (also referred to as confidentiality agreements) are one of the best and most powerful tools in which confidential information is protected by trade secret owners.
Under the law of many countries, however, employees owe confidentiality to their employer even without such agreements. Thus, no contract is required to impose trade secret liability. Generally, employees are under an implied duty not to use trade secrets that they acquire during their employment in a manner adverse to the employer. However, this implied duty only arises when the employee knows or should know given the circumstances that the employer intends the information to be kept confidential. The duty to maintain confidentiality generally continues, at least for a certain period of time, even after the employee has left the job in question.
Nevertheless, a well-prepared non-disclosure contract is a must. As a matter of practice, though, employee nondisclosure agreements are a very useful part of any information protection program because they enhance protectability in litigation by giving a basis for asserting misappropriation, and they provide notice to the employees that trade secrets are considered an important asset of the company.
Nondisclosure agreements constitute, therefore, a cheap and effective technique for controlling employee misconduct, and should be used with vendors, contractors, prospective or temporary staff, interns, visitors, non-employees working on site and customers at virtually all levels of the enterprise whenever disclosing confidential information.
A good nondisclosure agreement is detailed and direct, and limits post-employment restrictions in time and geographical scope.
A good policy provides that physical access to a trade secret document repository or to a manufacturing or research and development facility requires a security pass. A good way to block physical access to trade secret material is to separate this information from other non-proprietary information keeping it in a locked filing cabinet. Access to such information has to be limited to key personnel and should be disclosed only on a need-to-know basis.
Physical restrictions, especially regarding visitors and other outsiders, which limit access to organization facilities and to areas containing valuable proprietary information, especially trade secrets, are essential.
6. Security in the Electronic Environment.
The advent of the fully networked enterprise where intranets, extranets and the Internet are all used to gain competitive advantage has significantly increased the importance of integrating digital and information systems security measures into the security program. Protective measures must include efforts to identify and safeguard digital intellectual assets inside the networked enterprise.
However, given the speed and propagation of information, internal security measures must be supported by an external monitoring and surveillance function. Thus cybersecurity is expensive. Thus cybersecurity is expensive. For detailed information on and the installation of key and encrypted computer data accesses as well as antivirus software, so-called "red team attacks" and the protection of e-mail communication, IT professionals should be consulted.
