Psssst. Can you keep a secret?

published in McAfee & Taft tIPsheet | September 3, 2019

At one time or another, we’ve all been faced with that question. A friend or family member asks if you can keep a secret. A really good secret. Of course I can. I can be trusted. And then you hear the secret. It is in fact a really good secret, and one that you can use to your own benefit. What do you do? We’ve all heard, and mostly likely seen up close and personal, the consequences of failing to keep a personal secret. Though different in scope, the consequences of disclosing a secret in the business world are often far more significant.

Protecting trade secrets

Knowledge, as they say, is power. Secret knowledge, perhaps, gives even greater power. Trade secrets are valuable business assets that can, so long as they are kept secret, provide a competitive edge. Once the secret is lost, the attendant value is also lost. Although there are a number of different definitions for the term trade secret, the short definition below is adequate for this discussion:

A “trade secret” can be any technical, scientific, or business data not generally known to the public. The trade secret must provide an economic value to the owner and must be protected by reasonable efforts to secure the trade secret.

Trade secrets can take the form of customer lists, marketing plans, business methods, production processes, and software algorithms and source code to name a few. It is therefore incumbent upon a business to identify its trade secrets and to put in place policies and procedures to protect those secrets. Those may be, for example, physical barriers with restricted access to certain areas, limited computer access for certain employees, and employment agreements and policy manuals that make the consequences of disclosure crystal clear.

The loss of a trade secret can occur in any number of ways. In the movies, trade secrets are stolen as a result of dark conspiracies, disgruntled employees, and espionage. As an example of life imitating art, just last week a former Uber Technologies Inc. executive was indicted and accused of stealing Google’s self-driving car trade secrets before defecting to Uber. The indictment alleged that the employee downloaded multiple engineering, manufacturing and business files from a secure database related to Google’s custom LiDAR and self-driving car technology. While tales of conspiracy and theft are entertaining, the circumstances under which trade secrets are lost are usually far less interesting.

NDAs: When confidential information needs to be shared

Just like the secret shared by a friend, oftentimes a business has a desire or need to share information with another. The exchange of information may be beneficial to both parties and can be used, for example, to evaluate the possibilities of an ongoing business relationship. In those cases, it is necessary to use a non-disclosure agreement (NDA) and equally necessary to comply with the NDA. A good NDA will include an obligation of nondisclosure with specific restrictions against further disclosure. Restrictions on use of the information for any other purpose than the stated business purpose and access restrictions within the recipient’s business and among its employees should also be included. An NDA will almost always include an obligation to return or destroy original materials containing confidential information once the NDA expires. The foregoing is not an exhaustive list, and an NDA should be tailored to meet the needs of both the recipient and the discloser. The consequences of a failure to use a well-written and well-considered NDA are obvious: the potential loss of a valuable trade secret. But what about a failure to comply with the restrictions on use, or disclosure of information, received in confidence under an NDA?

Lessons learned from trade secret litigation

That scenario was addressed by the U.S. Court of Appeals for the Federal Circuit in a case entitled CardiAQ Valve Technologies, Inc. v. Neovasc Inc. et al, and the result, as one might expect, was harsh. The case was complicated and involved trade secrets, patents and an NDA. The NDA included the following:

Recipient shall not, directly or indirectly, disclose or use the Confidential Information, in whole or in part, for any purpose other than evaluating the proposed business relationship referred to above. Without affecting the generality of the foregoing, Recipient shall not, directly or indirectly, disclose any Confidential Information to any third party, or use the Confidential Information for its own benefit or for the benefit of any third party.

Apparently, in this case the secret was just too good. Neovasc used CardiAQ trade secrets for its own benefit. CardiAQ alleged a breach of the NDA and trade secret misappropriation. The result was a $70 million judgment for trade secret misappropriation, which was enhanced by an additional $21 million because of the nature of the misappropriation.

So what lessons can be learned? Just as you would in your personal life, understand who your business partners are. Conduct due diligence so that you know who it is you are dealing with. Don’t just throw together a form NDA without scrutinizing the provisions, making certain they fit the business purpose. Don’t simply accept an NDA provided by another party without a careful review. And finally, during, and after the expiration of an NDA, make certain as a recipient that you comply with the restrictions on information received from the other party. Although the pull to use that information may be great, the end result can be disastrous.