Preserving Competitive Edge Workplace Tools for Preserving and Protecting Trade Secrets February 9, 2015 By Andre castaybert Castaybert pllc Co-CHAIR Of trade secrets Subcommittee NYSBA ip section

What is the economic impact of trade secret theft to U.S. companies? The loss of trade secret information impacts a large percentage of businesses, and causes significant monetary damage. Estimate of Total Losses3 Average Damage – Manufacturing Sector2 % of Companies Reporting Lost Trade Secrets1 Avg. Cost Incurred When a Business Partner Exploits Its Access to Data4 63% $50 Million (per incident) $53-59 Billion $362,269 (incurred by companies per incident) 1-ASIS/PwC “Trends in Proprietary Information Loss Survey,” 2007 2-ASIS/PwC “Trends in Proprietary Information Loss Survey,” 1999 3-ASIS/PwC “Trends in Proprietary Information Loss Survey,” 2002 4-Center for Responsible Enterprise and Trade “Trade Secret Theft – Managing the Growing Threat in Supply Chains,” 2012 1, 2, 3: Surveys polled CEOs of Fortune 1000 companies and US Chamber of Commerce members

What is the economic impact of trade secret theft to U.S. companies? Trade secrets provide a competitive advantage For many companies, intangible assets, including trade secrets, are the most valuable assets they hold. And some sources say the ratio has shifted from 80/20 tangible to intangible in 1975 to 20/80 in 2013

What is the economic impact of trade secret theft to U.S. companies? Estimates of trade secret theft range from 1-3% of the GDP of the United States and other advanced industrial economies* U.S. Senators Coons and Hatch: Estimate $160 to $480 billion lost to trade secrets theft in U.S. each year *CREATe and PWC: “Economic Impact of Trade Secret Theft: A framework for companies to safegaurss trade secrets and mitigate potential threats

What is a Trade Secret? The UTSA Definition of Trade Secret The Uniform Trade Secret Act enacted by all states and DC, except New York and Massachusetts, defines a trade secret as: information, including a formula, pattern, compilation, program, device, method, technique, or process that derives independent economic value, actual or potential, from not being generally known to, or readily ascertainable through appropriate means, by other persons who might obtain economic value from its disclosure or use; and is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

Examples of Trade Secret Information R&D Lab tests Prototypes Project research Recipe development Strategy Manufacturing Processes Equipment Recipes Marketing Advertising plans Consumer surveys Product Pipeline Sales Incentive plans Customer contact lists Sales promotions Financial Finance plans Financial projections Quarterly results Negative know-how Formulations solutions that did not work HR Org. charts Compensation plans Severance plans

How Are Trade Secret Rights Lost? Most losses do not occur by theft. In fact, most losses occur through simple carelessness. The most common mistakes that contribute to loss of trade secrets include: Failure to incorporate or emphasize trade secret protection in the hiring process Failure to limit distribution of sensitive information on a “need to know” basis Failure to follow existing policies and procedures Lack of communication with employees regarding the importance of trade secret protection Failure to perform exit interviews and remind departing Employees of their confidentiality obligations

Framework for Companies to Safeguard Trade Secrets and Mitigate Potential Threats Identify Document Educate Assess Secure

Identify Trade Secrets Identify, locate, and inventory those trade secrets whose theft would cause the most harm Build a cross-functional team of key stakeholders to define the company’s trade secrets Compliance and legal counsel Chief information security officer/ IT Business unit leaders and corporate function leaders Human Resources Categories of trade secrets Product information: new hardware designs; updates of existing products Research & Development: basic or applied research Critical and unique business processes: inventory/distribution; manufacturing processes; business models Sensitive business information: M&A plans; market research; customer lists; info on key suppliers; corporate strategy IT systems and applications: system architecture designs; source code; algorithms

Questions to Ask What is the company’s competitive advantage? What is unique about the product or process? What confidential information would competitors want to know? What would you consider the most important trade secrets?

Identify and Assess Threats and Vulnerabilities To determine which trade secrets merit the highest protection, and to implement more effective protective measures, you need to identify and assess the potential threats.

Potential Threat Actors Malicious insiders Current employees Lack of training Inadvertence (publication, disposal of assets, oversharing) Beware social media Beware disgruntled employees Former employees Employee mobility Home computers Thumb drives

Potential Threat Actors Competitors New employees from competitors Disgruntled employees who go to competitors Competitive intelligence programs and market research spies

Potential Threat Actors Suppliers, consultants, and customers Access to your site Working with competitors Encouraging your competition Loose lips

Potential Threat Actors Nation states and places of business Transnational organized crime Hacktivists

Identify Threat and Vulnerabilities Which trade secrets are most vulnerable? Who is a threat? What is the probability of a theft? How severe would the impact be if stolen? What policies, procedures, and controls exist to mitigate theft?

Identify and Rank the Threat How significantly would the company’s reputation be impacted by theft? How critical is the trade secret to the fundamental operation of the business? How core is the trade secret the company’s corporate culture? Is the trade secret especially unique in the industry? How valuable would the trade secret be to competitors? How important is the trade secret to current or projected revenue?

Document trade secrets and efforts to preserve them Document the nature of the trade secret Document the company’s investments in the trade secret Document the steps taken to preserve the trade secret and to maintain confidentiality Written company policies and procedures Employee manuals Confidentiality and NDA provisions in employee, supplier, consultant, and agreements Onboarding interviews with confidentiality instructions Office access and computer access policies and protections Visitor sign-in, sign-out, badges and identification Password policies

Educate Start from the time you onboard new employees Distribution trade secret policies and procedures and obtain acknowledgements Trade secret training Consistent communication and reminders Education and reminders for departing employees

Protecting Trade Secrets Limit access to trade secret materials on a need-to-know basis. Locked filing cabinets with limited access Create secure passwords for computer-stored trade secret information Consider shredding (rather than throwing away) documents containing trade secrets Obliterate or wipe clean (rather than merely deleting) any trade secret information contained on computer hard drives

Protecting Trade Secrets Require all employees with access to confidential company information to sign confidentiality agreements Have clear written policies that leave no doubt that any access and use of company information, for purposes other than company business is strictly prohibited and have employees acknowledge receiving copies Send out regular reminders of the policies and require acknowledgment of receipt. Beware: Under many federal and state laws, employees have privacy rights in their personal information, even if it is stored on company computers

Protecting Trade Secrets Companies should safeguard proprietary information by: conducting entrance and exit interviews with employees; educating managers and HR sources professionals regarding the company-owned items that employees must return upon departure communicating the company’s policies regarding the monitoring of employees’ electronic devices and communications to employees disabling employees’ access to company and computer networks at the time of departure creating a culture of compliance and confidentiality where employees recognize the value of protecting trade secrets; and sharing best practices within their industries to protect valuable business data

Practical Measures: BYOD Policies In light of identified risks to trade secrets portfolio, implement BYOD policy or require employees to use company-issued devices? Different policies for different levels of employees? If adopt BYOD policy: Specify which devices are permitted Provide clear restrictions regarding use and transfer of company data Explain when company gets access to device and data Incorporate into exit interview process Explain investigation, incident remote wiping procedures Address personal data/privacy concerns consistent with applicable law

Practical Measures Exit Interviews Identify the trade secret and confidential information the employee accessed or used. Question the departing employee: Ask employee why he is leaving Ask employee what his new position will be Check employee’s computer activities and work activities in advance of the meeting Ensure that all company property, hardware, and devices have been returned, including e-mail and cloud data, and social media accounts

Practical Measures Exit Interviews Ensure that arrangements are made to have all company data removed from any personal devices Disable access to company computer networks Make sure to obtain user names and passwords for all company social media accounts Inform the employee of continuing obligation under agreements with the Company Consider letter to new employer and employee with reminder of continuing obligations Consider having departing employee’s emails preserved and electronic devices forensically imaged as appropriate Consider using an exit interview certification

Practical Measures Post-Termination Investigation Interview employee’s co-workers; gauge whether employees are hearing about employee in the marketplace Examine employee’s email activity Conduct a forensic investigation of employee’s computer activities Examine and analyze badge records and access logs Examine phone records Check employee’s social media accounts as appropriate

Prepared by Andre Castaybert Esq. CASTAYBERT PLLC 830 Third Avenue, 5th floor New York, N.Y. 10022 WWW.accounsel.com If you would like a copy of this presentation, please email Andre at: acastaybert@ac-counsel.com