The purposes of copyright and patents are to publicly distribute and protect intellectual property, while trade secrets are used to privately hold and use IP. While the information security field is naturally cautious of security through obscurity, keeping specific aspects of an organization’s processes and knowledge secret can provide an advantage. To define a trade secret, three items must be present: “the information is not generally known or ascertainable by proper means; the information has economic value; the owner of the secret must use reasonable efforts to maintain secrecy. (Stim, 2001)”
Demonstrating due care and due diligence in guarding an organization’s information systems and informational assets is critical in keeping trade secrets undisclosed, and prosecuting competitors should the secrets by discovered. “The enforcement of trade secret protection is time-consuming and expensive later on. Generally, the proof required consists of a showing that there was an active security program in place that was sufficient to protect the information as confidential (Bosworth & Kabay, 2002).”
There are several ways to protect trade secrets. The information security program and the controls over access (both physical and digital) play a role. Agreements – confidentiality, non-disclosure, and third-party – can also be used to restrict people who have access to the trade secret from communicating it out. The agreements can be used in breach of contract suits to prevent the trade secret from being released or to seek compensation for its release. In addition, the “inevitable disclosure doctrine” can be enacted to prevent employees who have access to sensitive information from leaving for a competitor where that information will naturally be a part of their role.
References:
Bosworth, S., & Kabay, M. E. (2002). Computer Security Handbook, 4th Edition. New York: John Wiley & Sons, Inc.
Stim, R. (2001). Intellectual Property: Patents, Trademarks, and Copyrights, 2nd Edition. Albany: Delmar.