Managing New Trade Secrecy Risks in Global Sourcing: Checklist

This is a checklist of questions every enterprise customer and their service providers should answer before contract negotiations for outsourcing.

1.    What does the enterprise customer do today to identify and protect its trade secrets internally?

a. Identify types of non-public information from all sources that needs to be maintained as non-public.

i.    Securities (risk of liability for securities fraud)
ii.    Financial information (risk of loss of advantage in pricing negotiations; risk of securities liability for failure to comply with Regulation FD or other “fair disclosure” rules)
iii.    Human capital information (governed by labor laws and privacy laws)
iv.    Technical data, such as designs, processes, formulae, manufacturing techniques (risk of loss of patent rights or loss of competitive advantage)
v.    Marketing information (customer names and related business information relating to the enterprise’s customer relationship)
vi.    Sales information (the existence of RFP’s and the contents of offers and other responses to RFP’s)

2.    How much data does the enterprise need to have to accomplish its mission?

a.    Avoid excessive collection and preservation of unencrypted

i.    personally identifiable information (“PII”) of individuals in any business relationship.
ii.    healthcare information.
iii.    credit card information.

b.    Avoid collection of non-public information from third parties who might be under a duty of non-disclosure, or who cannot explain how they legitimately obtained the non-public information.

3.    How does the enterprise ensure that it has the legal right to know the non-public information?

a.    Obtain written confirmation from the disclosing party that it has the authority to make the disclosure.
b.    Identify non-disclosure agreements and categorize the information so that it can be accessed, stored, retained and destroyed in accordance with the non-disclosure agreement.
c.    Limit access by persons having a legitimate “need to know.”
d.    Use the non-public information only as necessary to perform a legal and permitted business activity.
e.    Avoid use of bribery, coercion, theft and other illicit means of acquiring non-confidential information.

4.    How does the enterprise identify and protect the trade secrets of third parties with whom it does business.

a.    Identify source of non-public information.
b.    Identify the duration of any holding period for non-public information under any non-disclosure agreement.

5.    What measures does the enterprise take to train and audit its employees for compliance with trade secrecy policies?
6.    Does the enterprise identify special duties and special risks.

a.    Take special measures to identify, segregate and protect “commercial secrets” or “state secrets” when dealing with a foreign state-owned enterprise (“SOE”)?

7.    How are trade secret rights recognized and enforced under local law?  Are such rights clearly protected, or must a company rely upon contract or criminal prosecution?
8.    What are the best ways to protect trade secrets from a practical viewpoint?

a.    Divide work flows or discrete functions across suppliers, countries and sources to avoid having one person or supplier know too much.
b.    Retain competitive information in-house.
c.    Segregate sales and marketing functions from non-public information in internal technical, financial and human resources departments.

9.    What is the history of trade secret enforcement in the country?

a.    Risk of inadvertent criminal liability, including vicarious liability of senior executives for misdeeds of employees (See China’s Criminal Law, article 219).
b.    Risk of investing in new products or services that cannot be exploited due to misappropriation.
c.    Identify any history of data security breaches and remediation activities.

10.    Does the enterprise customer’s country have a “mutual legal assistance treaty” or other agreement with the service provider’s country to prosecute “cyber-crime”, so that evidence can be exchanged and used in international abuses of trade secrets?
11.    What policies, practices and contractual measures does the service provider take to protect trade secrets?  Are such measures a violation of antitrust law and therefore unenforceable?

For the complete article:

http://www.outsourcing-law.com/2010/04/managing-the-new-trade-secrecy/

Related topics: