Tips on trade secret protection:
First, inventory all trade secret materials. This includes identifying the “secret sauce” of your company’s business, as well as design and other internal documents that may embody secret details. The company should then unambiguously mark these materials before transferring them to the vendor for cloud storage.
Second, fully vet the vendor. This means performing due diligence and investigating the vendor’s physical and virtual security practices, track record, and recent intrusion testing results, among other things. Ask the important questions: Does the provider have extensive security measures to protect against hackers? Does the provider encrypt highly sensitive data? Is proprietary information segregated from other data? How up-to-date is the vendor’s backup and recovery system? Does the vendor have robust data deletion procedures? In short, the provider should be established, reliable and reputable.
Third, require the vendor to sign a confidentiality agreement. This confirms the vendor knows it is hosting trade secret information. Be wary of provisions in the TOS that disclaim this responsibility.
Last, consider negotiating service level agreements (SLAs) and audit rights. Customized SLAs may better align a company’s expectations with those of the vendor, while providing a clear picture for evaluating the vendor’s performance, and audit rights will ensure that the vendor is complying with advertised security policies.
From Andrea Gothing at InsideCounsel
Note that step 1 is consistent with state court decisions requiring specificity in the scope of what is
a trade secret.
A would-be plaintiff in a trade secrets dispute must recognize that one of the first questions that both the court and the defending party will demand to have answered is “what is the trade secret?
This is explicit in California which requires the party claiming trade secret misappropriation to identify the trade secret with specificity before conducting discovery relating to the trade secret claim. Cal. Civ. Proc. Code §2019.210.
Also, MSCI Inc. v. Jacobs, No. 651451/2011, 2012 NY Misc. LEXIS 1852 (Sup. Ct. N.Y. Co. April 20, 2012)