Monday, May 4, 2020

Strengthening trade secret protection in Canada: Part 1

On Mar 13, 2020 Bill C-4 on CUSMA (Canada-US-Mexico trade Agreement) received Royal Assent. The Criminal Code will now include new section 391 on trade secrets:


Under this new section, a trade secret is defined as:

"any information that (a) is not generally known in the trade or business that uses or may use that information; (b) has economic value from not being generally known; and (c) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”

Two types of offences are outlined in section 391:

“(1) Everyone commits an offence who, by deceit, falsehood or other fraudulent means, knowingly obtains a trade secret or communicates or makes available a trade secret.
(2) Everyone commits an offence who knowingly obtains a trade secret or communicates or makes available a trade secret knowing that it was obtained by the commission of an offence under subsection (1).”

Under the new proposed section 391. anyone who commits an offence referred to in subsection (1) or (2) above is guilty of a criminal offence punishable by jail time up to 14 years.

This new development strengthens trade secret protection in Canada. With this in mind, companies should seek to improve their processes and practices to take advantage of this strengthened protection. 

Previously, I wrote blog posts on reducing IP flight risk, and trade secrets and cybersecurity. IP flight risk reduction comprises three steps:

(1) Instituting an “IP aware” mindset within the company via an IP policy.
(2) Securing the company’s trade secret ownership.
(3) Running periodic mining or discovery sessions.

In this blog post I will describe how to implement step 1. With regard to trade secrets, a company’s IP policy should firstly prompt the employee to proactively consider whether a valuable trade secret is being created.
The policy should then explain the processes necessary to identify and secure the trade secret. Good identification results in better tracking and securing of relevant trade secrets, and results in more complete coverage. The following questions should be part of the identification process:

a.       High-level description of the trade secret?
b.       Who created the trade secret?
c.       When was the trade secret?
d.       Which products is the trade secret associated with?
e.       What is the value of the trade secret to the organization?

Once the trade secret has been identified, it should also be entered within a database or register along with the above information for tracking purposes.
After identification, the trade secret needs to be secured. Firstly, the policy must describe how to prioritize trade secrets based on the value of the trade secret to the organization. Important trade secrets will require a higher level of protection.
Part of this process includes determining the level of access to the trade secret of parties internal and external to the organization. Internal access is regulated based on the value of the trade secret. For example, only certain people should have permanent access to the trade secret. Some may be given temporary access to the trade secret as needed.
With regard to external access, the first step is to determine whether access should even be granted to the trade secret. If it is granted, the IP policy should outline how external access should be granted, and how the granting of external access should be tracked. This includes:

-   Non-disclosure agreements and clauses which must be included in engagement agreements,
-   Due diligence to ensure that the external party will adequately protect the trade secret, and
-   Ongoing reviews of processes in place for keeping the trade secret confidential.

Finally, the IP policy should identify the key people for implementation of the processes described above. It is best to establish a cross-functional team with representation from those who can ensure that trade secret protection policies are being followed.

No comments:

Post a Comment