In 2016 the EU adopted the Trade Secrets Directive, which has been implemented into UK law this month by the Trade Secrets (Enforcement, etc.) Regulations 2018. The Directive aims to harmonise the law in this area to ensure that a minimum standard of protection exists across the EU.

Trade secrets: why protect them?

Trade secrets can be the lifeblood of any business. Ranging from key recipe ingredients, such as the secret composition and ingredients in IRN-BRU ®, to unpatented software algorithms which control how we shop on Amazon ®. Unlike other forms of IP protection they cost nothing to protect and can last forever if kept confidential. Yet, in spite of their undeniable value, their protection has varied significantly across Europe and has been far less progressive than the protection of other IP rights. Increasingly often, leakage or theft of confidential information and trade secrets has hit the headlines causing irreparable damage to the businesses concerned.

What is changing?

Although trade secrets and confidential information protection previously existed in the UK, through the common law, this lacked clarity and cohesion. The Regulations will unify the previously fragmented regime and provide legal certainty for dealing with the unlawful acquisition, use or disclosure of trade secrets across the UK. It might be hoped that this should encourage cross-border project collaboration and increase enforcement possibilities, when needed.

As the existing UK law on trade secrets is largely reflected in the substance of the Directive, the Regulations mainly focus on the procedural issues associated with implementation. There is a new focus on the steps a business must take to ensure that its confidential information remains a ‘trade secret’.

New definition of trade secret

The Directive begins by setting out a new, uniform definition of a trade secret.

Information will be considered a trade secret if it:

  • Is secret in the sense that it is not generally known among, or readily accessible to, persons within the circles that normally deal with this kind of information;
  • Has commercial value because it is secret; and
  • Has been subject to reasonable steps (under the circumstances) to keep it secret by the person lawfully in control of the information.

A greater onus is put on those in control of such information to ensure that they take reasonable steps to keep it secret. Intention is no longer enough – active protective measures require to be taken.

What is considered ‘reasonable’ by the courts is not defined and is likely to depend, at least in part, on the business in question and the nature of the information.

New remedies available

The Regulations also introduce a number of new remedies which can be obtained from the courts where a business’ trade secret is compromised. These include:

  • Orders to stop the unlawful acquisition, use or disclosure of a trade secret, as well as measures to maintain the secrecy of trade secrets when they are the subject of a matter in court;
  • Interim measures for seizure and delivery up of suspected infringing goods before a final judgment has been made; and
  • Provisions allowing for financial compensation to be awarded instead of a final interdict/injunction.

Limitation periods

Limitation periods for businesses to raise legal action for an alleged breach of confidence have also been set by the Regulations – five years for Scotland and six years for the rest of the UK.  These would have applied previously.

What does this mean for UK businesses?

The Directive enhances legal protections across the EU but it also introduces stricter requirements to benefit from these protections and businesses must take steps to prepare for these.

As a result of the new uniform definition of ‘trade secret’, European businesses have to actively protect their confidential information and prove this in the event of a dispute. They are encouraged to review their processes around dealing with confidential information – or risk losing the right to have it treated as such.

Key actions:

1. Understand and structure your sensitive, confidential information.

  • Identify what information is confidential and falling within the Directive’s scope;
  • Review existing confidentiality procedures/ policies to ensure they are adequate and train employees on an ongoing basis;
  • Develop and implement procedures for marking, segregating and storing confidential information; and
  • Structure internal processes on a need-to-know basis and consider binding those with access to confidential information by appropriate non-disclosure agreements.

2. Monitor and control your secrets.

  • Monitor and document compliance with internal policies;
  • Consider and review confidentiality and usage clauses in contracts with employees and external business partners;
  • Track the flow of confidential information to (and from) external business partners, customers and suppliers; and
  • *Ensure internal IT security protocols are adequate and that necessary encryption and access controls are in place – particularly on mobile devices.

We regularly advise businesses on the steps which can be taken to protect their trade secrets and other intellectual property rights and mitigate the risks of these being compromised. If this is something which you think your business could benefit from, please do not hesitate to get in touch on the contact details noted below.