It’s 10:00 PM: Do You Know Where Your Secrets Are?

By James Pooley
October 27, 2020

“When thinking of trade secret management, don’t fall prey to the notion that you have to identify everything that could prove useful to the business. Even a hardware store doing inventory doesn’t count individual nails.”

In the wake of urban unrest in the early 1960s, local governments imposed nightly youth curfews, and a Massachusetts legislator suggested that all radio and television stations begin their 10:00 evening programming with an announcement: “It’s 10:00 PM. Do you know where your children are?” The phrase was quickly picked up across the country and became a common (and sometimes mocked) cultural artifact of the era.

The idea that parents need to be reminded of their responsibility for their children’s safety and well-being may seem quaint or silly. But parents can get distracted, and there’s little harm in prompting someone to pay attention to a risky circumstance.

For modern business, if you can indulge the metaphor, we may think of data assets as the children of the enterprise, at least in the sense that valuable information is vulnerable to loss or compromise. Reminding companies of the need to be vigilant makes a lot of sense.

The SEC Speaks

That is exactly what the Securities and Exchange Commission has tried to do with its December 2019 Guidance on “Intellectual Property and Technology Risks Associated with International Business Operations.” Although specifically directed at public companies, the advice is equally applicable to private corporations and startups, since management always has a fiduciary obligation to care for corporate assets.

The document begins with an observation applicable to almost every business. “The increased reliance on technology, coupled with a shift in the composition of many companies’ assets from traditional brick-and-mortar assets towards intangible ones, may expose companies to material risks of theft of proprietary technology and other intellectual property, including technical data, business processes, data sets or other sensitive information.”

These risks, the SEC points out, are particularly acute when doing business in foreign countries or dealing with foreign partners. However, the underlying concern is comparable for many domestic transactions, where information has to be shared with others in order to extract value from it. We might expect that the SEC will at some point broaden its guidance accordingly.

[[Advertisement]]

Keeping Track of Secrets is Hard

In the meantime, having been reminded that it’s a dangerous world out there and that our trade secrets need careful monitoring, how do we even begin to think about it? In other words, how do we know what secrets we have in the first place? And since we’re talking about any competitively useful information, how do we get our arms around the potentially millions of bits of it that help drive the success of any single company?

This is where the parent/child metaphor becomes a bit challenging to apply. Measured against most of the rest of nature, humans tend to have just a few offspring, making it relatively easy to keep track of them. The most fecund of invertebrates, the ocean sunfish, can produce 300 million eggs at a time, although only a tiny fraction of them are fertilized. But consider the African driver ant, where a single queen can lay 3 to 4 million eggs a month, most of which actually hatch. How can she possibly know where they are, no matter what time of day it is?

Let’s leave this fascinating metaphor by recognizing that businesses don’t need to specify each discrete piece of data, but only the ones that matter, what we often refer to as the “crown jewels.” When thinking of trade secret management, don’t fall prey to the notion that you have to identify everything that could prove useful to the business. Even a hardware store doing inventory doesn’t count individual nails. You can count all of your patents, but not all of your secrets – at least not comprehensively.

In an earlier article, we looked at a process of risk analysis to inform a company’s trade secret program, balancing value, threats and mitigation options. That process naturally begins with understanding the dimensions of the property that you’re dealing with. So how do you do that?

Cataloging Secrets Unlocks Their Value

A number of tools have appeared in recent years to help companies create a secure “catalog” of secrets. For example, “WIPO Proof,” offered by the World Intellectual Property Organization, provides the ability to time stamp a file to later prove its existence, using blockchain technology. Other services add forms and checklists to enable a company to sort its secrets by priority. But I believe that the most promising emerging methodology consists of a guided process for creating a flexible catalog that describes assets sufficiently to communicate real value, but without disclosing them.

One example of this approach is the Trade Secret Registry. (Disclosure: I have helped to design this system.) Assets of the “crown jewel” variety are defined through a descriptive label tagged permanently to a file that contains the details and remains undisclosed. Relative values are established in a way that does not compromise future litigation. Room is provided for additions and modifications that reflect product lifecycle management.

Ideally, a trade secret catalog should establish the basis not just for informed decisions about access and other risks, but also about unlocking the value of the asset through internal development or other commercialization. We are past the time when the classical corporate patent committee passed innovations only for patenting, leaving trade secrets on the scrap pile. Now, systems for tracking secrets need to enable proactive management to be sure that commercial value is realized.

One dimension of these more robust systems is the ability to bring previously nebulous trade secret information into a category of “recognized” assets that can be insured and also used as collateral for loans. Specifically, companies that certify the integrity of the cataloging process can also act as intermediaries to procure insurance against trade secret loss or liability. And they can deploy the same assets to procure non-dilutive debt financing.

Do you know where your trade secrets are? Finding out may put you ahead of the next SEC bulletin. And it may actually be easier than tracking your own kids.

 

Image Source: Deposit Photos
Vector ID:157321784
Copyright:Noedelhap 

The Author

James Pooley

James Pooley is a former Deputy Director of the World Intellectual Property Organization (WIPO). Having returned to Silicon Valley, Mr. Pooley established a private law practice where he specializes in trade secret litigation, counseling and strategy.

For more than 45 years, Jim has represented clients in high-stakes patent and trade secret disputes. His broad litigation experience, combined with his service as an international diplomat and business executive, make him uniquely qualified to serve as advisor, co-counsel or expert in trade secret matters. Jim testified before the Senate Judiciary Committee on the Defend Trade Secrets Act, and worked with congressional staff on the legislation. His most recent book is Secrets: Managing Information Assets in the Age of Cyberespionage, available here.

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author as of the time of publication and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com. Read more.

Discuss this

There are currently 1 Comment comments. Join the discussion.

  1. Thomas DILLON October 28, 2020 5:29 am

    Very interesting. I am wondering what kind of evidential output the Trade Secret Registry can produce for litigation purposes? Engineers tend to think that because time-stamps are valid from an engineering perspective, they must be “evidence”. But it is not quite so easy.

Post a Comment

Respectfully add to the discussion.

Name *
Email *
Website