Just because information is sufficiently sensitive and valuable that it can qualify as a “trade secret” does not mean that it will qualify unless the owner of the information takes adequate steps to protect its secrecy.
In a recent decision, Judge John J. Tharp, Jr., of the U.S. District Court for the Northern District of Illinois explained that “there are two basic elements to the analysis” of whether information qualifies as a “trade secret”: (1) the information “must have been sufficiently secret to impart economic value because of its relative secrecy” and (2) the owner “must have made reasonable efforts to maintain the secrecy of the information” (internal quotation marks omitted).[1]
According to Judge Tharp, some of those “reasonable efforts” that a company can take to maintain the secrecy of its information include:
- using non-disclosure and confidentiality agreements with employees;
- enacting a policy regarding the confidentiality of business information that is more detailed than a mere “vague, generalized admonition about not discussing [company] business outside of work”;
- training “employees as to their obligation to keep certain categories of information confidential”;
- asking departing employees whether they possess any confidential company information, and, if they do, instructing them to return or delete it;
- adequately training IT personnel about data security practices;
- restricting access to sensitive information on a need-to-know basis; and
- as appropriate, labelling documents “proprietary” or “confidential.”
As Judge Tharp made clear, companies that fail to institute reasonable measures to protect sensitive information do so at their own peril.
[1] Abrasic 90 Inc. v. Weldcote Metals, Inc., No. 1:18-cv-05376 (N.D. Ill. Mar. 3, 2019) at 11.