For some clients, the value of their business lies in the business’ specific data or information, which may or may not be properly categorized as a trade secret. A business’ data is a trade secret as long as it derives independent economic value and is not generally known. This data, which can include a customer list, a special recipe, or a software algorithm, is often the result of long hours and may be the very thing that makes a business profitable. But failing to reasonably maintain the secrecy of the data will leave your client with no recourse if someone else uses the data to your client’s detriment.
With technology constantly evolving, it can be difficult to determine what steps are necessary to reasonably preserve the secrecy of your client’s data and maintain the data’s trade secret status. Even so, you must advise your client to be proactive in securing valuable data with physical and digital barriers. Failing to address privacy and security concerns increases the likelihood that the data will become compromised.
Breached data can be expensive — and sometimes impossible — to retrieve. Your client will be dragged through lengthy litigation to either prove misappropriation or discover that the secrecy of the data was not reasonably preserved. Data can end up in the wrong hands because of insufficient policies and training, viruses, data thieves, breach, or a third-party’s negligence. Because of the many ways data can be accessed and exploited, appropriate measures must be taken to ensure that the secrecy of the data is reasonably preserved.
To do so, you should begin by categorizing your client’s data to ascertain its value and determine whether it’s worth protecting. Next, you must locate the information and determine any risks associated with that location. If the information is contained in a notebook, physical barriers will be key to ensuring security. If the information is stored electronically, both physical and digital barriers are necessary. Physical barriers may include placing information in a locked surveillance room or hiring a guard to prevent unauthorized access. Digital barries can include encryption, virus protection, or access controls.
Finally, your client must limit individual access to the information. Creating an Access Control List (ACL) is a great way to accomplish this. ACLs can be as simple as giving someone a key to the locked room or as complicated as employing software designed to create separate logins. Depending on the method of storage, access controls can limit a user’s ability to read or print information. Your client should also adequately train those that currently have access to the information so that they can prevent unauthorized access.
Failing to reasonably secure the information can lead to misappropriation or lack of trade secret protection, both of which can be economically detrimental to your client’s business. In summary, because of the dangers associated with failing to reasonably preserve the secrecy of valuable data, it is essential that the data is: (1) categorized to determine whether it should be secured; (2) located and that the risks of the location are weighed; and (3) reasonably secured with physical and digital barriers.