;

How to protect core secrets in the supply chain?

Published on 30 Nov 2021 | 9 min read
Risk assessment and control measures on trade secrets

As trade secrets become increasingly important in business competition, enterprises are suffering from endless emerging issues, from research and development achievements leakage, technical secrets pilferage , to theft of new product designs or clone of moulds, leakage of customer list and confidential information leakage by former employees. In contrast with patent protection, trade secret calls for protective measures taken by right holders instead of public disclosure in exchange for  a certain amount of years of monopoly by state protection, and once disclosed by reverse engineering or leaked because of infringements, right holders will lose the monopoly permanently and irreversibly. Quite a lot of enterprises worldwide have suffered a huge loss, bankruptcy, and even a total shutdown because of trade secrets leakage. Though right holders, faced with trade secrets infringements, can resort to litigation redeeming some losses, they can be more proactive and pay greater attention to pre-relief measures of trade secrets to safeguard their core strengths, which is a matter of survival nowadays.  

Based on our experience with providing trade secrets protection consultancy for the local Chinese suppliers of a multinational enterprise, this article introduces the risks of trade secrets leakage in business management and proactive and specific measures to prevent the leakage, so that enterprises can stay proactive in trade secrets management and maintain competitiveness.

The represented enterprise, Company A—a multinational footwear company with its huge investment in human resources, materials and finance, would do a yearly release of new footwear models after R & D and had built itself as a world-renowned hot brand embodying fashion and quality. In a March,  Company A discovered two of its summer sandals, which were to be officially released globally in July of that year, were being sold in Thai market as counterfeit products, depriving the genuine products their market entry opportunity. Company A's legal counsel realized this was more than the infringement of counterfeit trademarks,  yet worse, its market leading edge—trade secrets were leaked, and there would be more irreparable losses if no measures taken against this.

Trade secrets are mainly leaked via internal employees, external personnel, and former employee in violation of a NDA. To find out leakage source in the supply chain  and prevent more leakages of  new footwear designs, entrusted by Company A's legal counsel, we carried out a three-phase work for four consecutive years covering 1) risk assessment, 2) risk control, and 3) tracking and improvement on protection measures. For Company A’s main Chinese suppliers, we assessed the risks of trade secrets, built trade secrets protection systems, provided confidentiality training for employee, assisted in trade secrets management and control, and provided investigation, evidence collection and enforcement services, which significantly reduced trade secrets leakage risks in upstream and downstream of the supply chain and achieved a satisfactory result.

 

1. Risk Assessment of Trade Secrets in Supply Chain

Re Company A’s new products, research and development, mould setting, sample production, material preparation, pre-release advertisement, mass production, transportation, wholesale and retail  were achieved by a complex network of supply chain consisting of R&D departments, suppliers, and distributors located in different countries around the world. New footwear were mainly designed by designers from R&D departments in Europe and the US, then moulded, prototyped, and produced by suppliers in China.

Trade secrets management in the supply chain depends greatly on its weakest link.

New footwear design was a trade secret unknown to the public from the time it was designed to the time of pre-market promotion or mass production. The new design during this period included several stages as follows:

At these stages, all employees of the suppliers involved were secret-related personnel, and anyone could be a source of leakage. However, the purpose of trade secrets protection is neither aiming for perfection nor objectively possible, instead is to take appropriate protective measures for the weak links to minimize the risk of trade secrets leakage.

Representing Company A as an IP attorney, our first work was to assess all the suppliers involved in the development stage of the new footwear, including the mould factory, shoe factory, plastic injection moulding factory, and the whole shoe assembly factory, and made a comprehensive inspection and evaluation of their current situations about trade secrets management. We reviewed their trade secrets rules and systems and confidentiality agreements, paid onsite visits to their offices and production sites and talked with relevant employee and secret-related personnel to identify all the weak links  along the information flow in the development stage. By implementing these measures, we diagnosed the risks of leakage faced by the suppliers and the loopholes in trade secrets protection, and classified the risks into three levels: high, medium, and low so that we could develop a risk solution plan based on the specific situation of each factory to get the maximum protection of trade secrets.

Inspection and assessment included but not limited to:

  • Existing trade secrets rules and systems of the suppliers, contracts and confidential agreements with Company A, labor contracts, employee handbook, confidential agreements for secret-related employees, confidential clauses of subcontracting contracts, and other relevant documents.
  • Lists of all secret-related suppliers and its employees, and their job descriptions.
  • Circulation of design drawings.
  • Control of sample development: quantity of sample at all stages including shoe mould, trial samples and confirmed samples, confidentiality labels, lending, and destruction records, etc.
  • Control of mould’s development: circulation, storage, and lending.
  • Physical security: access control, surveillance, the physical isolation of the R&D department from other departments, the physical isolation of confidential documents, USB, camera, cell phone control, etc.
  • Computer system security: network structure, internal and external access control, network equipment security configuration, user accounts, permission setting on trade secrets, encryption settings, computer maintenance, disposal of obsolete computers, etc.
  • Relevant staff interviews: executives, R&D staff, HR, IT, security, sample development staff, mass production line staff, warehouse manager, mould manager, etc.

 

2. Risk Control of Trade Secrets in Supply Chain

After risk assessment of suppliers' trade secrets, we diagnosed the major weak links and provided suggestions as follows:

a. Confidentiality System and Confidentiality Unit

Our assessment found that most factories did not have any trade secrets management system while a few had some sporadic requirements regarding trade secrets protection in different regulatory documents or contracts: a. these requirements were all vague and general lacking  specific contents, definitions and scopes, which would bring potential difficulties for the enterprises seeking remedy afterwards; b. labour contracts between some factories and employees only included the non-compete clauses but no confidentiality provisions; c. there was no additional confidentiality agreement for secret-related personnel apart from the general confidentiality clauses stipulated in labour contracts; d. most enterprises did not set up special units or personnel responsible for trade secrets management and the management lacked related knowledge and expertise and had not received any confidentiality training.

We suggested that enterprises attach great importance to their own and right holders’ trade secrets protection, be aware of the serious consequences of the leakage, and the urgency for enterprises to establish a systematic confidentiality system in line with the actual situation. Confidentiality rules and regulations should be comprehensive, standardised, and practical, and updated timely with changing situations. Enterprises may hire professional attorneys to assist building a comprehensive confidentiality system: a. drafting confidentiality agreements based on the scope of confidentiality and the level of personnel involved, confirming the scope of confidentiality, confidentiality period and liabilities of violating confidentiality obligations; b. drafting non-compete agreements stipulating former employee shall not work in any competitive peer companies or start their own businesses engaging in any competitive business activities in a certain period of time and specifying the legal liabilities for damages and other related damages; c. setting up a confidentiality unit to implement the confidentiality system; d. getting supervised and inspected by professionals or external attorneys regularly to get precautions in advance, prevent leakage and make sure the burden of proof fulfilled  in the legal remedy after the leakage.

b. Confidentiality Awareness

During staff interviews, we identified an urgent need of confidentiality awareness. Enterprises in the supply chain mainly focused on ramping up production and improving efficiency for greater benefits while all secret-related personnel from executives to the workers on the production line had thin confidentiality awareness despite the signed confidentiality agreements when they got the job.  Our interviews disclosed the following major risks of leakage: a. R & D staff may exchange sensitive information with other internal or external personnel; b. some design drawings and moulds were lent out and returned without records; c. some IT did not install any confidentiality settings on the laptops of secret-related personnel; d. and design drawings were sent and received without encryption settings, and etc.

Strengthening staff's confidentiality awareness is the root of enterprises’ trade secrets protection. Enterprise should have regular confidentiality trainings organized by Confidentiality Unit to enhance confidentiality awareness and make sure staff maintaining a high degree of sensitivity and vigilance to confidential information at work by practising  ‘No Nosing-around’ and abide by professional ethics to lower the risks of leakage.

After conducting risk assessment, I, as the external attorney provided trade secrets management training for relevant personnel of the suppliers. The training covered a comprehensive introduction to trade secrets protection including the importance of trade secrets to the survival and development of enterprises, China's laws and regulations over trade secrets, disclosure of legal consequences infringing trade secrets via case analysis, burden of proof on right holders, leakage channels and protective measures, and empowered all participants with a clear understanding of trade secrets and liabilities of leakage.

c. Physical Security

Physical isolation is the most basic measure to protect trade secrets. Our risk assessment found that most of Company A’s suppliers did hire professional securities and set up physical isolation such as access control and surveillance for offices, production lines and warehouses. However, there was no comprehensive confidentiality system over trade secrets or any confidentiality units to protect trade secrets in relation to drawings, development samples, materials, moulds, cell phones, cameras, computers, etc. Some enterprises even did not have any measure thereof and purely managed all trade secrets by trusting staff integrity, leaving them many loopholes to be worked on.

Our professional solution was that physical protection measures should cover the whole life cycle of trade secrets, from generation, continuation to destruction. For all carriers of trade secrets and in all aspects encompassing generation, use, preservation, transfer, disposal, and destruction, there should be assigned professionals to take effective physical protection measures to minimise risks of leakage.

c. Computer System Security

Rapid development of computer and network technology also brings plenty of problems and security risks in computer information systems. Chinese enterprises have suffered from frequent leakage and theft via computer systems in recent years, and undergone irreparable losses. Strengthening computer system security and prevention management has become the top priority in protecting trade secrets.

In our case, after reviewing suppliers’  computer information system management system and spot checking computers and laptops of secret-related  personnel from offices and production lines, many risks of leakage were identified. We then proposed they should update the management system and strengthen management at the executive level to control the risk of leakage to a minimum. Our proposed measures included:

  • Developing a computer security management system and establishing a computer registration system managed by an assigned administrator applying the rule of Registration and Recordal—user bearing responsibility.
  • Setting physical isolation from the international Internet for secret-related computers, and confirming to the code—Surfing without confidential information and vice-versa.
  • Setting passwords and screen protection passwords for secret-related computers.
  • Encrypting confidential information.
  • Strengthening confidentiality management of storage media and establishing a registration rule for the use of storage media (such as floppy disks, USB disks, CD-ROMs, removable hard disks, etc.) managed by an assigned administrator.
  • Dismantling the hard disk and transferring and deleting all confidential information before any maintenance, and supervising and recording the whole maintenance process with both security and maintenance personnel’s presences.
  • Conducting physical destruction for all scrap secret-related computers by assigned employee.
  • Forbidding any instalment employee self-purchased software to prevent attack of Trojan horses, virus programs, and any hidden danger of network security caused by the backdoors of the software.

 

3. Tracking and Improvement on Protection Measures

After issuing a detailed risk assessment report for each supplier and providing solution proposals with specific confidentiality measures, we made annual or biannual visits to the suppliers to inspect their implementation and the improvement on trade secrets, check the measures taken against all weak links and re-evaluate and make  further suggestions accordingly to ensure their trade secrets protection were in place and got strengthened. My work also enabled Company A to have more confidence for its Chinese suppliers especially when it came to the new product release.

 

Conclusion

According to the data from China Judgments Online, the plaintiff's success rate of civil cases of trade secrets is substantially low. The main reason is the plaintiff cannot prove the core and scope of its trade secrets, reasonable confidentiality measures taken over their rights, the infringing activities implemented by the defendant and the damage caused. This indicates that enterprises failing to keep records of evidence and duly protect trade secrets shall not be legally protected. Nevertheless, trade secrets are the most crucial intangible assets of enterprises, over which a sound trade secrets protection system should be proactively established and implemented to win enterprises leading edges in fierce competition, rather than resorting to attorneys with post-leakage remedies claiming for compensation or criminal liabilities against the infringers.

30% Complete
Principal, General Branch Office Manager
+86 20 8559 8098
Principal, General Branch Office Manager
+86 20 8559 8098
;