On 9 June 2018, the UK’s Trade Secrets (Enforcement, etc.) Regulations 2018 (the Regulations) implemented into UK law the 8 June 2016 EU Directive on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure ((EU) 2016/943) (the Directive).
The Directive aims to harmonise the approach to trade secrets across the EU, which has been inconsistent between member states, with some providing a high level of protection for confidential information and others none at all. The Directive ensures businesses benefit from a minimum standard of protection against the misuse of their trade secrets by preventing the unlawful acquisition, use or disclosure of trade secrets, and banning any dealings in goods which result from trade secrets theft.
UK common law regime a gold standard for trade secrets
The Directive is a minimal harmonising legislation, which means that member states are free to grant a higher level of protection for trade secrets, provided that they ensure at least the same minimum standards as set out in the Directive.
This is important for the UK, because it already offers well-established legal protection for trade secrets through a combination of common law doctrines, statute and court rules, and the UK law of confidence has long been considered as one of the gold standards of Europe in this area.
The Regulations have been carefully drafted to codify the law in a manner consistent with the Directive – as is the UK’s obligation for so long as it is a member of the EU – but without significant variations from the current common law position under UK law. The result appears to be two regimes running in parallel with one another, with areas of potential overlap. Only time will tell how this works in practice, and Sarah Turner of Hogan Lovells suggests that, in many respects, business is likely to continue as usual in the UK (see Trade Secrets Directive in practice: business as usual?). Subject to any policy change, the Regulations will remain in force post-Brexit.
New definition of Trade Secret: businesses to take “reasonable steps”
Practical Law’s Practice note, Overview of know-how and technical assistance sets out the key changes brought about by the Regulations, the most interesting of which, and perhaps of the most practical consequence for businesses, is the new definition of Trade Secret.
Over the years, the UK Courts have developed a definition of Trade Secret which focuses on the way in which the information has been shared, protecting secrets that have been imparted in circumstances of confidence.
The Regulations’ new definition of Trade Secret shifts the emphasis onto the way in which the person lawfully in control of the information has protected it, requiring them to have taken “reasonable steps” to keep it secret.
There is no definition of “reasonable steps”, and we are unlikely to see any useful guidance until it is tested by the courts. In the meantime, businesses should assume as proactive an approach as possible to safeguarding their trade secrets, which could include anything from customer and supplier information to details of industrial processes, operating procedures and business methods; from recipes, code and formulae to financial information and pricing data – so any information that is of commercial value to the business and not yet in the public domain.
Practical tips for businesses
Depending on the type of business and information, a proactive approach might involve doing some or all of the following:
- Audit: conduct a thorough audit and compile a log of all trade secrets held and used by the business, flagging in particular the most valuable secrets, and clearly labelling the log itself as confidential.
- Label: identify trade secrets by labelling documents, and any envelopes, discs or memory sticks containing them, as confidential.
- Restrict: limit access to trade secrets by carefully selecting recipients on email distribution lists and attendees at meetings, preventing access to certain information outside of office premises, only making confidential information available in a limited number of hard copies and, insofar as possible, controlling the filing or destruction of those copies once used.
- Secure: protect trade secrets by encrypting files or adopting highly secure passwords that are changed regularly and disclosed on a very limited basis.
- Educate: impose a three-line whip on all employees to attend regular and vigorous training sessions in relation to business confidentiality and security policies, and ensure employees understand their duties and the terms of their employment contracts in relation to intellectual property created during the course of their employment.
The more of these steps that are followed, the more likely a business will be to satisfy the Regulations’ requirement that it takes “reasonable steps” to keep its information secret, putting it within the protective scope of the new legislation. Any information that does not come within this new, potentially narrower, definition of Trade Secrets may still find protection under the common law doctrine of breach of confidence, and victims of a breach can always bring a claim under both regimes if in doubt.
It is clear, though, that the more proactive a business is at protecting its trade secrets, the more able it will be to succeed in bringing a claim under both the Regulations and the common law; or, better still, the less likely it will be to suffer a breach in the first place.
Useful Practical Law resources
For more on the Directive and the Regulations, see:
- Article, Trade Secrets Directive in practice: business as usual?
- Practice note, Overview of know-how and technical assistance
- Practice note, Protecting confidential information: overview
- Trade Secrets (Enforcement, etc.) Regulations 2018 laid before Parliament
- Trade secrets: Directive (EU) 2016/943 published in Official Journal