About the author: PJ Kee is an associate at the Jones Walker law firm in New Orleans. He and a few colleagues recently launched Trade Secret Insider, which chronicles legal insights on trade secrets, non-competes, computer fraud and confidential data theft. This article was originally posted on tradesecretsinsider.com.
PricewaterhouseCoopers LLP (PwC) and the Center for Responsible Enterprise and Trade (CREATe.org) collaborated to access the economic impact of trade secret theft. Their recently published Report estimates that trade secret theft accounts for nearly 1-3% of the US GDP. This impact highlights that companies should focus on tightening internal safeguards to protect trade secrets information. The Report offers a helpful framework for doing so, as well as highlights the significant value that trade secret audits can offer.
The first steps in a trade secret audit will assist with identifying what are the company’s trade secrets and where those secrets are vulnerable. These are the fundamental questions—and ones that the Report underscore.
A company strategy to mitigate losses from trade secret theft, the Report advises, must first identify and inventory the company’s trade secrets:
Our collective experiences indicate that many companies fail to effectively manage their trade secret portfolios for multiple reasons, including a lack of consensus on what assets actually constitute the portfolio. … To best protect those trade secrets whose theft would cause the most harm, companies should first document, locate and inventory their trade secrets. This first step gathers key stakeholders—senior executives, business unit leaders, corporate functional leaders—to inventory the trade secrets maintained by the company.
Next, companies must locate the risks and vulnerability, both within and outside the company. The first step is to determine who are the ”threat actors”:
Operating in today’s global marketplace exposes companies to unique and varied threat actors. As such, management must understand the scope of the company’s operating environment (e.g., office locations, sales/marketplace footprint, supply chain, product/ service mix, key personnel, and growth strategies) in context of the potential threat actors seeking to engage in illicit activity to adversely impact the company. Assessing the risk posed by individual threat actors within this construct, the probability that they will attempt to steal a company’s trade secrets, and the severity of such an event, is critical to determining which trade secrets merit the highest level of protection and enables management to implement more effective protective measures.
The second step is to access how these threat actors can potentially compromise trade secrets:
[C]ompanies must proactively identify potential internal vulnerabilities in their policies, procedures and controls, as well as their reliance on suppliers and other business partners, and take steps to mitigate any exposure resulting from these weaknesses. These vulnerabilities can range from a lack of training on information security to employees using software without routinely checking for updates, to a highly valuable trade secret stored on an unsecured server with broad access within the company, to a lack of awareness among employees of where trade secrets are kept.
A trade secret audit with experienced counsel will help companies navigate through this process. It will also help them determine the best individualized way to respond to the vulnerabilities they face. As the Report insists, developing a trade secret strategy and ensuring that those secrets are protected should be viewed as an up-front investment, rather than a cost. Especially given the increasing and costly rise of trade secret theft.