IT breaches can prompt loss of trade secret protection

Every Thursday we provide a thorough overview of IT security issues, pointing out that a data breach can expose a company to all sorts of problems: bad publicity, civil liability, and damage to internal networking systems that could set back a company’s operations for weeks. We should note one other: according to CSO’s Michael Overly, “poor security practices can result in a loss of trade secret protection for a business’ most valuable information.” As those who have taken intellectual property courses will recall, a trade secret remains such only if the company takes reasonable efforts to protect it. (One classic case involves a competitor who flew a plane over his rival’s factory.) In one example provided by Overly, a business sued another after the latter used its customer lists and pricing information. The victim claimed these were trade secrets, but lost in court because it had failed to take what the court considered sufficient means of protecting that data.

In that case, the business made a number of critical mistakes: it failed to require customers to sign confidentiality agreements; allowed customers to transfer software between one another without restriction; technicians failed to change default passwords; and a software bug permitted access to the system without a password — a problem the company was aware of but failed to fix. “Do not post trade secret information in publicly accessible places like the Internet,” recommends Overly, pointing to product user guides as a classic case of trade secret exposure. “Unless access to the guides is subject to the acceptance of an on-line license or non-disclosure agreement, trade secret protection may be lost.” Businesses should, of course, consult closely with their attorneys when adopting any of these recommendations.