Managing the New “Trade Secrecy” Risks in Global Sourcing: Criminal Theft, Criminal Negligence, Espionage, Bribery, Antitrust and Cross-Border Law Enforcement
April 30, 2010 by Bierce & Kenerson, P.C.
Trade secrecy risks arise whenever an enterprise shares confidential business information with a supplier, service provider, joint venturer or customer. Trade secrecy protection measures should be planned and implemented through appropriate non-disclosure covenants by the third party and possibly even its employees and others in the value chain. Current trade secrecy are reflected in three seemingly disparate events: the Rio Tinto employee economic espionage and bribery case in China, the U.S. Department of Justice’s investigation into the anticompetitive use of non-competition covenants (“non-competes”) by high-tech companies and the Algerian-U.S. Mutual Legal Assistance Treaty (“MLAT”).
These three current events suggest that both enterprise customers and their service providers take a second look at their current practices for protecting trade secrets. At the end of this article, we offer a series of questions that need answers before any kind of outsourcing – indeed, any cross-border data flow — can take place. Such questions offer a basic refresher course, with “James Bond-compliant” updates, on challenges of trade secret protections in global operations.
I. The Current Context of Trade Secrets at Risk
Item #1: Bribery and Espionage in China (the Rio Tinto employee case). On March 28, 2010, China convicted a local sales employee of a British-Australian mining company named Stern Hu, a Chinese-born Australian citizen, and other Chinese-resident employees of Rio Tinto (but not Rio Tinto itself) of bribery and theft of trade secrets relating to price negotiations of iron ore for sale to Chinese state-owned companies. The trial was conducted largely in secret. Rio Tinto had previously rejected an investment offer from Chinalco that involved some Australian national security issues. Some analysts suggested the case was a political retaliation for that rejection and an abuse of judicial authority. Others suggested that the case leaves open the question of whether there was any rule of law or was this merely the use of judicial power to punish foreign business that used aggressive means of driving hard bargains. The case attracted global attention to the concept in Chinese law that identifies non-public commercial information of a Chinese state-owned enterprise as a “state secret.” Rio Tinto initially defended the employees but then said they had acted outside the scope of their operations and authority. The employees were convicted and sentenced to 7 to 14 years in prison plus financial penalties.
On March 25, 2010, China’s State-Owned Assets Supervision and Administration Commission issued regulations on commercial secrets, but did not disclose them until the Rio Tinto employee verdict. Those regulations remain somewhat vague, leaving foreign companies (and Chinese companies that are not state-owned enterprises, or “SOE’s”) to interpret them at their peril. See www.outsourcing-law.com/jurisdictions/countries/china.
Item #2: Anti-Terrorism and Cybercrimes under a Mutual Legal Assistance Treaty. On April 7, 2010, the U.S. and Algeria signed a mutual legal assistance treaty to combat international crime and terrorism. According to the press release:
The mutual legal assistance treaty, or MLAT, will be an effective tool in the investigation and prosecution of terrorism, cybercrime, white collar offenses and other crimes. Among other tools, the treaty will help law enforcement officials from the two countries obtain testimonies and statements; retrieve evidence, including bank and business records; provide information and records from governmental departments or agencies; and provide a means of inviting individuals to testify in a requesting country.
The U.S. has approximately 50 such MLAT’s. Such agreements could be used to enforce criminal prosecutions of misappropriation of trade secrets, assuming such misappropriation is a criminal act in the relevant jurisdictions. The press release announcing the MLAT did not link to any copy of the treaty, and the Justice Department website does not publish a copy either. Interested parties will need to do some further investigation then in how such a treaty might be used to enforce trade secret protections.
Item #3: Hiring Practices by Global Services Providers. Now, enterprise customers have to be worried about the legality of hiring practices – at least in the United States – of their outsourcing service providers. Since July 2009, the U.S. Department of Justice has been investigating the hiring practices of Google, Intel, IBM, Apple and IAC/InterActiveCorp., according to the Wall Street Journal and other news reports in April 2010. The reports claim that the U.S. Government could challenge, or chill, the use of non-competition covenants in industries, such as high-tech, where innovation drives comparative advantage and non-competes might constitute illegal collusion on cost management, thereby depriving knowledge workers of a market for their skills. The investigation appears inspired by cases where innovators are hired away and the former employer seeks to enforce a non-competition covenant, particularly where the new employer claims that the litigation lacks a valid legal basis and thus is anticompetitive. (Such a case happened in 2005 when Google hired a Microsoft engineer in China, and Google claimed that Chinese law did not permit enforcement in China of a non-competition covenant). Enterprise customers should now be concerned with compliance by their service providers with antitrust concerns.
II. The Law of Trade Secrecy
All these recent events underscore the need for prudent trade secrecy practices in the global supply chain. Trade secrets are now at risk due to potential civil and criminal espionage, bribery, cybercrime, and antitrust prohibitions on abusive and illegal anticompetitive practices. Further, the area of trade secrecy is now engulfed in national security and public policy considerations, underscoring the importance of a stable political environment for assuring the predictability of legal rights and enforcement actions in the various jurisdictions where trade secrets are shared and used in an outsourcing business relationship.
Trade Secrets. It is a best practice in outsourcing contracts, to protect the enterprise customer’s trade secrets. The customer wants to know how this is done. Such protections can be applied to individual employees under non-disclosure agreements and maybe even non-competition covenants. NDA’s are generally enforceable but are generally construed in a manner to avoid depriving an employee (or service provider) of “general skill and knowledge” in the industry.
NDA’s are essential to enable any outsourcing, resourcing (retro sourcing back in-house) and transfer sourcing (to a new service provider on expiration or termination). As a matter of public policy under national laws, NDA’s are critical. The WTO protections of trade secrets are not very strong, based instead on non-secret intellectual property rights such as patents, trademarks and copyrights.
Non-Competition Covenants. Non-compete covenants are unenforceable in California as a matter of law and possibly in the BPO provider’s service delivery jurisdiction. Non-competes deprive employees of a right to be hired by competitors. They are unenforceable in some jurisdictions, and where enforceable they must be limited to reasonable scope in time, territory and subject matter. Employers can make the arguments, in an antitrust context, that non-competition covenants:
- are not anti-competitive in practice;
- do not deny employees the right to find work in non-competitive companies;
- are widespread across industries and countries; and
- are used by companies across many industries to maintain good business relationships by promoting exchanges of information across the full spectrum of personnel (not just through a narrow channel, like a chaperone of trade secrets), and as a result collaboration between technology-based companies is promoted by such practices.
An antitrust enforcer might argue that non-compete agreements distort access by skilled workers to mobility and job choice, thus depressing competition for skilled workers and depressing wages.
Risk Management: Knowing Your Service Provider’s Hiring Practices. Based on this antitrust activity, enterprise customers should investigate the employment practices of their service providers to understand clearly the contractual framework and legal enforceability of employment practices in the relevant jurisdictions. The legal framework for protecting trade secrets, or allowing them to be disclosed to the local government without judicial review with open adversarial procedure, should also be explored and fully appreciated. Thus, trade secrecy risks should be assessed in the selection of service providers, the scoping of the functions to be outsourced and the use of encryption and decryption before data transfers.
Compliance: Knowing Yourself and the Law. These recent events raise questions that compliance officers and legal departments, as well as product managers and CEO’s, should answer before any kind of outsourcing takes place:
1. What does the enterprise customer do today to identify and protect its trade secrets internally?
a. Identify types of non-public information from all sources that needs to be maintained as non-public.
i. Securities (risk of liability for securities fraud)
ii. Financial information (risk of loss of advantage in pricing negotiations; risk of securities liability for failure to comply with Regulation FD or other “fair disclosure” rules)
iii. Human capital information (governed by labor laws and privacy laws)
iv. Technical data, such as designs, processes, formulae, manufacturing techniques (risk of loss of patent rights or loss of competitive advantage)
v. Marketing information (customer names and related business information relating to the enterprise’s customer relationship)
vi. Sales information (the existence of RFP’s and the contents of offers and other responses to RFP’s)
2. How much data does the enterprise need to have to accomplish its mission?
a. Avoid excessive collection and preservation of unencrypted
i. personally identifiable information (“PII”) of individuals in any business relationship.
ii. healthcare information.
iii. credit card information.
b. Avoid collection of non-public information from third parties who might be under a duty of non-disclosure, or who cannot explain how they legitimately obtained the non-public information.
3. How does the enterprise ensure that it has the legal right to know the non-public information?
a. Obtain written confirmation from the disclosing party that it has the authority to make the disclosure.
b. Identify non-disclosure agreements and categorize the information so that it can be accessed, stored, retained and destroyed in accordance with the non-disclosure agreement.
c. Limit access by persons having a legitimate “need to know.”
d. Use the non-public information only as necessary to perform a legal and permitted business activity.
e. Avoid use of bribery, coercion, theft and other illicit means of acquiring non-confidential information.
4. How does the enterprise identify and protect the trade secrets of third parties with whom it does business.
a. Identify source of non-public information.
b. Identify the duration of any holding period for non-public information under any non-disclosure agreement.
5. What measures does the enterprise take to train and audit its employees for compliance with trade secrecy policies?
6. Does the enterprise identify special duties and special risks.
a. Take special measures to identify, segregate and protect “commercial secrets” or “state secrets” when dealing with a foreign state-owned enterprise (“SOE”)?
7. How are trade secret rights recognized and enforced under local law? Are such rights clearly protected, or must a company rely upon contract or criminal prosecution?
8. What are the best ways to protect trade secrets from a practical viewpoint?
a. Divide work flows or discrete functions across suppliers, countries and sources to avoid having one person or supplier know too much.
b. Retain competitive information in-house.
c. Segregate sales and marketing functions from non-public information in internal technical, financial and human resources departments.
9. What is the history of trade secret enforcement in the country?
a. Risk of inadvertent criminal liability, including vicarious liability of senior executives for misdeeds of employees (See China’s Criminal Law, article 219).
b. Risk of investing in new products or services that cannot be exploited due to misappropriation.
c. Identify any history of data security breaches and remediation activities.
10. Does the enterprise customer’s country have a “mutual legal assistance treaty” or other agreement with the service provider’s country to prosecute “cyber-crime”, so that evidence can be exchanged and used in international abuses of trade secrets?
11. What policies, practices and contractual measures does the service provider take to protect trade secrets? Are such measures a violation of antitrust law and therefore unenforceable?
Related topics:
- Discovery and disclosure of confidential information in litigation
- Trade secrets in Outsourcing
- Chinese Regulations on Commercial Secrets
Outsourcing Law & Business Journal™: April 2010
April 29, 2010 by Bierce & Kenerson, P.C.
OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events.
Insights by Bierce & Kenerson, P.C., Editors. www.biercekenerson.com
Editor’s Note:
Three recent events conspired to produce our article about trade secrecy risks in this month’s newsletter; they were the conviction of a Rio Tinto employee in China, the signing of a mutual legal assistance treaty between the U.S. and Algeria, and the on-going investigations of hiring practices of tech companies, using non-competition covenants, by the U.S. Dept. of Justice. As a result, we are providing you with a checklist of questions that you need answers to before your company shares confidential business information during the course of contract negotiations. Read on…
Vol. 10, No. 4 (April 2010)
_______________________________
1. Managing the New “Trade Secrecy” Risks in Global Sourcing: Criminal Theft, Criminal Negligence, Espionage, Bribery, Antitrust and Cross-Border Law Enforcement. Trade secrecy risks arise whenever an enterprise shares confidential business information with a supplier, service provider, joint venturer or customer. Trade secrecy protection measures should be planned and implemented through appropriate non-disclosure covenants by the third party and possibly even its employees and others in the value chain. Current trade secrecy are reflected in three seemingly disparate events: the Rio Tinto employee economic espionage and bribery case in China, the U.S. Department of Justice’s investigation into the anticompetitive use of non-competition covenants (“non-competes”) by high-tech companies and the Algerian-U.S. Mutual Legal Assistance Treaty (“MLAT”).
These three current events suggest that both enterprise customers and their service providers take a second look at their current practices for protecting trade secrets. At the end of this article, we offer a series of questions that need answers before any kind of outsourcing – indeed, any cross-border data flow — can take place. Such questions offer a basic refresher course, with “James Bond-compliant” updates, on challenges of trade secret protections in global operations. For more on trade secrets, go to http://www.outsourcing-law.com/2010/04/managing-the-new-trade-secrecy/
2. Trade Secrets. Chinese Criminal Law, Article 219, imposes criminal liability for improper conduct relating to “commercial secrets.” The Criminal Law has only a vague definition of “commercial secrets.”….On March 25, 2010, the State-owned Assets Supervision and Administration Commission (“SASAC”) adopted regulations on commercial secrets applicable to approximately 120 state-owned enterprises (“SOE’s”)….The regulations were announced on April 26, 2010, shortly after the convictions of certain Rio Tinto employees of bribery and theft of commercial secrets. For the complete article, go to http://www.outsourcing-law.com/2010/04/trade-secrets/
3. Humor.
MLAT, n. (1) mutual legal assistance treaty; (2) milk-flavored coffee latte; (3) multi-legal aptititude test.
Trade secret management, n. (1) Hear no evil, see no evil, speak no evil; (2) keeping secret how you keep your secrets.
SOE, n. (1) state-owned enterprise; (2) social oriented environmenta; (3) sorry out of energy.
4. Conferences.
May 10-12, IQPC’s 7th Annual HR Shared Services and Outsourcing Summit, Chicago, Illinois. This event will be a gathering for corporate HR & shared services executives from companies across North America to exchange ideas, develop new partnerships and discuss the latest tools, technologies and strategies being employed in the profession to enhance departmental efficiencies and propel corporate growth. The event will focus on the most current topics in the HR shared services industry including metrics, automation, outsourcing, globalization, compensation & rewards, benefits and an overall focus on the new strategic role of HR shared services.how to tackle change management, analyze current and future projects and further develop the instrumental key areas within HR shared services. Visit their website at http://www.hrssoutsourcing.com/Event.aspx?id=270796 to register and get more information.
May 17-19, IQPC presents its Information Retention & E-Disclosure Management Summit, London, UK. This is Europe’s premier event in this field, designed to help you steer your organisation successfully through lawsuits and regulatory inquiries. Topics include:
- Fast track your understanding of the Civil Litigation Costs Review: Hear directly from Lord Justice Jackson and engage in debate with our acclaimed international Judge’s panel
- Develop a legally defensible and technically sound Information Retention policy with a multidisciplinary approach with insights from Debra Logan of Gartner plus Pfizer, and Kleinwort Benson
- Reduce risk, cost, time and complexity of eDisclosure with critical updates on advances in technology
- Ensure compliance by sanity checking your strategy with the FSA and ICO
For more information, visit their website at http://www.informationretention.co.uk/Event.aspx?id=262244i
June 6-8, 4th Annual IQPC Shared Services Exchange™, Austin, Texas, United States, an elite event for shared services executives who are looking to develop new strategy, solve challenges and source partners that will allow them to create efficiency and drive more value out of their shared services centers.
This event will continue IQPC Exchange’s ongoing tradition of offering cutting-edge, strategic networking and learning opportunities for senior level shared services executives, combining conference sessions, one-on-one business meetings and numerous networking functions to allow executives to speak with their peers. With pre-scheduled one-on-one advisory meetings and personalized itineraries, the Share Services Exchange™ provides the opportunity to create an agenda that directly reflect the goals and initiatives of participating executives.
To request a complimentary delegate invitation or for information on solution provider packages, please contact: exchange@iqpc.com, call 1-866-296-4580 or visit their website at http://www.sharedservicesexchange.com/
July 14-16, 2010. IQPC Presents Shared Services for Finance and Accounting, Chicago, Illinois. The SSFA 2010 Summit brings together leading financial shared services experts to network, benchmark and learn through keynote presentations, interactive roundtables, case studies and discussion panels. This program will help you improve internal accounting processes, maximize your efficiency with less resources, make smarter sourcing decisions, and drive continuous value through your financial services. For more information, visit http://www.sharedservicesfa.com/Event.aspx?id=314126
September 26-28, 2010. IQPC Shared Services Exchange™ Event, 2nd Annual, to be held in The Hague, Netherlands. Shared Service Centres have long been seen as the cost saving centre of HR, Finance & Accounting and IT processes, but with changing employment trends and global challenges facing organisations, how can SSC’s continually offer service value?
Unlike typical conferences, the Shared Services Exchange™ , which will be co-located with the Corporate Finance Exchange™, focuses on networking, strategic conference sessions and one-on-one meetings with solution providers. The Exchange invites strategic decision makers to take a step back from their current operations, see what strategies and solutions others are adopting, develop new partnerships and make investment choices that deliver innovative solutions and benefits to their businesses.
To request your complimentary delegate invitation or for information on solution provider packages, please contact: exchangeinfo@iqpc.com, call +44 (0) 207 368 9709, or visit their website at http://www.sharedservicesexchange.co.uk/Event.aspx?id=263014
******************************************
FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: wbierce@biercekenerson.com The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: wbierce@biercekenerson.com . Edited by Bierce & Kenerson, P.C. Copyright (c) 2010, Outsourcing Law Global LLC. All rights reserved. Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.
Trade Secrets
April 29, 2010 by Bierce & Kenerson, P.C.
Chinese Criminal Law, Article 219, imposes criminal liability for improper conduct relating to “commercial secrets.” The Criminal Law has only a vague definition of “commercial secrets.” Conduct is criminally improper if one:
o Obtains a commercial secret by stealing, luring, coercion, bribery or other improper means,
o Uses or allows another to use a commercial secret obtained by such improper means,
o Discloses commercial secrets in violation of a non-disclosure agreement (“NDA”) or against the request of the rightful holder of the commercial secret, or
o Obtains, uses or discloses a commercial secret that one should have known (or actually knew) was improperly obtained.
On March 25, 2010, the State-owned Assets Supervision and Administration Commission (“SASAC”) adopted regulations on commercial secrets applicable to approximately 120 state-owned enterprises (“SOE’s”). SOE’s dominate many sectors of the Chinese economy, including iron and steel, which are politically sensitive. Foreign companies and non-SOE’s should thus regard “commercial secrets” of SOE’s as if they were “state secrets” impacting “national security.” The regulations were announced on April 26, 2010, shortly after the convictions of certain Rio Tinto employees of bribery and theft of commercial secrets.
Under the SASAC regulations, “commercial secrets” cover management methods and business models and include:
”management information like strategic plans, management methods, business models, reform and stock market listing, M&A and restructuring, property transactions, financial information, investment decisions and financing, production plans, purchase and sale, resource reserves, client information, bidding information and technical information like designs, programs, product specifications, production techniques, production methods, and technical know-how etc.”
The SASAC regulations require SOE’s to separate “core commercial secrets” (that can last forever) from “standard commercial secrets” (that have a limited useful life as secrets). Under the regulations, SOE’s must set a sunset period for expiration of any claim to “commercial secret” status of “standard commercial secrets.”
As of late March 2010, China’s legislature was reviewing proposed amendments to the Law on Guarding State Secrets that would impose direct obligations on telecommunications carriers and Internet hosting providers. Reuters referred to the China Daily (on April 27, 2010), as stating that, under the draft, “a State secret is defined as information concerning national security and interests that, if released, would harm the country’s security and interests.”
The Chinese legal system adopts a unique approach to protection and enforcement of rights in “commercial secrets” and “state secrets”:
o The State expressly demands that all commercial secrets be disclosable to the State from telecommunications carriers and Internet hosting providers. (While this may occur in other countries including the United States, the U.S. procedure includes judicial review.)
o Enforcement is done through the criminal process.
o Company management can be vicariously liable for the criminal acts of employees.
o “Commercial secrets” of SOE’s can be deemed to be “state secrets,” and thus protected by national security interests and breach may result in potentially severe criminal prosecution, particularly if the “commercial secrets” were obtained by bribery.
This approach suggests that caution is still required before a foreign company considers establishment and operation of captive service centers and outsourcing of business processes and knowledge processes in China, particularly involving the use of any company-confidential information that supports competitive advantage. It also suggests that private Chinese enterprises should adopt the same geographical diversification model that the Indian BPO providers have adopted to avoid dependency on one legal regime that remains “sui generis”.
Related reading: