Trade secrets are valuable rights. They are cheaper than certain IP rights as they require no registration, and, aside from R&D, do not incur significant costs at the outset, compared to a patent portfolio. Further, provided they are properly protected, they can survive beyond the 20 years of a patent's life. However, all too often, reports surface of the theft of trade secrets and other confidential information, particularly with national borders becoming increasingly less of a barrier to the threat of cyberattacks. On 9 June, the Trade Secrets Directive took effect, with the aim of harmonising trade secret protection across the EU, and increasing enforcement possibilities, thereby encouraging cross-border collaboration in research and development projects.
The UK has long been considered a favourable and robust jurisdiction to enforce trade secrets by way of breach of confidence actions under the common law. Indeed, many had thought the UK would decide not to introduce specific laws to implement the Directive. However, following a consultation, the Government decided that there were certain aspects which did require specific legislation and so the Trade Secrets (Enforcement, etc) Regulations 2018 also came into force on 9 June.
Whilst it may not become clear for some time how precisely the Regulations will change (if at all) the UK Courts' existing approach to trade secrets disputes, there are a number of aspects of the Regulations worth noting for businesses seeking to protect their trade secrets (potentially one of their most lucrative assets).
In particular, the Regulations introduce a new statutory definition of a 'trade secret'. A trade secret must:
- be secret in the sense that it is not generally known or readily accessible to persons within the circles that normally deal with that kind of information;
- have commercial value because it is secret; and
- have been subject to reasonable steps under the circumstances to keep it secret.
Whilst the Government considered that the Directive's definition was consistent with that in the UK case law, it concluded it was necessary, on legal certainty grounds, to set out the Directive's definition in the Regulations. However, the new definition does appear to be narrower than that applied by the English courts when considering cases of misuse of confidential information under the common law, where the assessment is whether the information has the "necessary quality of confidence". The definition of trade secret in the Regulations appears to put a greater onus on those in control of such information, i.e. to ensure that they take reasonable steps to keep the information secret.
Owners of trade secrets should think carefully about how they might demonstrate, should the need arise to protect their rights before a Court, that they have taken 'reasonable steps'. As a starting point, for example, a company should consider what trade secrets it owns and create an inventory, including details of the steps taken to ensure the secrecy of the information. Equally, devising a detailed action plan, to implement if and when a trade secret is misappropriated, is crucial. Inaction could lead to permanent loss of a valuable asset.
The Courts must now reconcile the considerable existing guidance on misuse of confidential information with the Directive and the Regulations. The question of whether the acquisition, use or disclosure of a trade secret is unlawful under the Regulations will be determined by reference to the principles of the law of confidence. Further, where there is wider protection available to a trade secret holder under the law of confidence, that wider protection may be available in addition to, or as an alternative, to the remedies available under the Regulations.
The Regulations will continue to apply in the UK post-Brexit, unless and until they are revised by Parliament. However, as with many other areas of harmonised EU laws, it is likely that businesses will not wish to be subject to divergent regimes once the UK has left the EU.