On
Mar 13, 2020 Bill C-4 on CUSMA (Canada-US-Mexico trade Agreement) received
Royal Assent. The Criminal Code will now include new section 391 on trade
secrets:
Under
this new section, a trade secret is defined as:
"any
information that (a) is not generally known in the trade or business that uses
or may use that information; (b) has economic value from not being generally
known; and (c) is the subject of efforts that are reasonable under the
circumstances to maintain its secrecy.”
Two
types of offences are outlined in section 391:
“(1) Everyone
commits an offence who, by deceit, falsehood or other fraudulent means,
knowingly obtains a trade secret or communicates or makes available a trade
secret.
…
(2) Everyone
commits an offence who knowingly obtains a trade secret or communicates or
makes available a trade secret knowing that it was obtained by the commission
of an offence under subsection (1).”
Under
the new proposed section 391. anyone who commits an offence referred to in
subsection (1) or (2) above is guilty of a criminal offence punishable by jail
time up to 14 years.
This new
development strengthens trade secret protection in Canada. With this in mind, companies should seek to improve their processes and practices to take advantage of this strengthened protection.
Previously, I wrote blog posts on reducing IP flight risk, and trade secrets and cybersecurity. IP flight
risk reduction comprises three steps:
(1) Instituting an “IP aware” mindset within the company via an IP policy.
(2) Securing the company’s trade secret ownership.
(3) Running periodic mining or discovery sessions.
In this
blog post I will describe how to implement step 1. With
regard to trade secrets, a company’s IP policy should firstly prompt the
employee to proactively consider whether a valuable trade secret is being
created.
The
policy should then explain the processes necessary to identify and secure the
trade secret. Good identification results in better tracking and securing of
relevant trade secrets, and results in more complete coverage. The
following questions should be part of the identification process:
a.
High-level description of the trade secret?
b.
Who created the trade secret?
c.
When was the trade secret?
d.
Which products is the trade secret associated
with?
e.
What is the value of the trade secret to the
organization?
Once the trade secret has been identified, it should also be entered
within a database or register along with the above information for tracking
purposes.
After identification, the trade secret needs to be secured.
Firstly, the policy must describe how to prioritize trade secrets based on the
value of the trade secret to the organization. Important trade secrets will
require a higher level of protection.
Part of this process includes determining the level of access to
the trade secret of parties internal and external to the organization. Internal
access is regulated based on the value of the trade secret. For example, only
certain people should have permanent access to the trade secret. Some may be
given temporary access to the trade secret as needed.
With regard to external access, the first step is to determine
whether access should even be granted to the trade secret. If it is granted,
the IP policy should outline how external access should be granted, and how the
granting of external access should be tracked. This includes:
- Non-disclosure agreements and clauses which must be included in engagement agreements,
- Due diligence to ensure that the external party will adequately protect the trade secret, and
- Ongoing reviews of processes in place for keeping the trade secret confidential.
Finally, the IP policy should identify the key people for
implementation of the processes described above. It is best to establish a
cross-functional team with representation from those who can ensure that trade
secret protection policies are being followed.
No comments:
Post a Comment