Management of business secrets, whether formal trade secrets, confidential information or data requires a pragmatic approach, with a people-centric focus on strategic management across the organisation.
UK Trade Secret Regulations 2018 (Source: https://www.legislation.gov.uk/uksi/2018/597/made) adopt the Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets)
The regulations define (section 2):
“trade secret” means information which:
- is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among, or readily accessible to, persons within the circles that normally deal with the kind of information in question,
- has commercial value because it is secret, and
- has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret;
“trade secret holder” means any person lawfully controlling a trade secret.
Note that there are no specific measures required, other than “reasonable steps under the circumstances… to keep it secret”.
1. Build IP awareness of the basic IP issues
Awareness of IP issues related to the organisation’s business with all team members. This should:
- Make individuals aware of the needs and risks associated with the various forms of IP
- Identify the importance of Open Source licence types, and establish good / bad licence types
- Build awareness of IP and expectations for confidentiality
- Particularly for any contracting staff, clarify the need for confidentiality beyond immediate projects
Take steps to educate employees and contractors about the existence of trade secrets and other confidential information in the business – this does not mean exposing them to the information, but making them aware of different levels of importance and the policies / processes in place to manage them.
Consider locking down sensitive information to a “need to know” basis. Leakage of trade secret information is often “accidental”, and may be because employees don’t know that the information is trade secret.
Consider IT solutions that limit access, but also track and audit access to sensitive information – for software based systems this may be part of version control systems.
As individuals progress in the business it may be appropriate to adjust employee contracts to reflect access to more sensitive information, e.g. extending notice periods from 1 to 3-months for senior employees that will have had access to more sensitive information.
Consider non-compete clauses to reduce the risk of employees moving to direct competitors.
2. Establish an IP register to track IP in the organisation.
This should:
- Include all forms of IP associated with the organisation’s products, services and projects
- Contain both IP created internally and IP imported from external sources
- Track any encumbrances for external IP, e.g. associated licenses
- Categorise IP as core or non-core (and potentially as not-used)
- Link IP to products and services to allow IP disassembly for exit
- Support a culture within the organisation that recognises the value of the IP created
It is important to capture the IP generated in the business, but also important to understand what IP is imported into the business and how those IPs relate to the various products and services developed.
As a minimum requirement an IP register for a software and data-intensive organisation should capture:
- The form of the IP – patent, trade mark, copyright (source code), etc.
- What products or services the IP is linked to and whether its core or non-core
- For internal IP the creator, date of creation, a sensitivity level (public, private, confidential etc)
- For external IP the source (e.g. URL), associated license (license type for Open Source), version number
The information from the IP register can be used to build structured views of the IP.
The register may be filtered and sorted along various fields, but for the purposes of providing a structured view of how the IP supports products and services it may be more helpful to create a linking grid view.
This can be done using pivot tables in Excel or database queries. However, it is created the view should provide the linkages between products/services and the IP, and show which IPs are core, non-core or even unused.
Once the organisation has a structured view of its IP it is able to make better informed decisions on maintaining, sharing and exiting the IP.
An exit strategy either through sale or M&A is likely to require the organisation to identify and manage core vs platform specific IP in order to cleanly separate particular products or services for sale – this is known as the IP disassembly problem. The IP disassembly (IPD) problem is defined as the problem of finding a contractual arrangement for allocation of IP rights and licenses that allows for separating and disintegrating a company, business unit, project entity, resource set, or IP unit in order to enable a transaction, organizational transfer, or dissolution of it. Key to managing the associated risks is having an ex ante structured view of the parent company’s IP for each product and the core / common IP.
3. Establish Internal Processes
Internal processes for the organisation’s internal business:
- People processes: Review employment contracts to ensure the organisation is protecting its own interests. At the same time the organisation should review contracts used with third parties such as contractors, and how people exiting the business is managed.
- Invention disclosure: Standard invention disclosure forms can be found on line. It may be appropriate to identify a process for internal decision making on patent vs trade secret
- Material review process: IP often leaks inadvertently from organisations through activities such as marketing, publications and user manuals. Process for reviewing materials before they are released (particularly where the organisation is working with academics or intermediate research organisations (IROS)) to ensure no confidential information leaks should be established
- Document labelling for trade secret management: Create a document labelling process that identifies confidential material that is to be treated as trade secrets. This might be linked to source control tools or other document management systems (see the trade secret section of this document).
Think about how to use trade secrets to signal the market on the inherent value of those secrets
4. Run an IP roadmapping workshop.
An IP roadmapping will:
- Develop a forward looking, and pro-active roadmap for the organisation’s IP. Similar to general roadmapping tools that are well known within industry, the IP roadmapping tool seeks to establish a strategic framework for IP decision making over a future timeline
- Link the organisation’s IP to its ambition to develop, and exit a series of products over the coming years. Such product launches are likely to have an associated product or technology roadmap. The IP roadmap complements this with a forward looking plan for how the organisations IP can be managed
- Provide the framework for a story of the IP which can be used with investors / partners or other stakeholders to explain the organisation’s approach to IP
Cubicibuc supports clients of all sizes in the identification and development of strategic plans for intellectual property. Our aim is to provide a link between the corporate goals and the operational function of IP.
For more information about how we can help, please get in touch.