Trade secrets are a crucial intangible asset for business entities and a potent weapon in market competition. The degree to which a business manages its trade secrets reflects its overall management proficiency and is critical for highlighting core competitive strengths. Protecting trade secrets has become a focal point for senior executives, a fact underscored by our firsthand research.
Addressing risk identification, formulating protective mechanisms, and classifying and hardening trade secret metadata is imperative. However, there needs to be more certainty concerning how management mechanisms, processes, and systems can be efficiently interconnected. This article, presented in two parts, considers theory and practice to provide insights that businesses looking to protect their trade secrets effectively can use.
In the previous article, we explored potential points and scenarios where trade secrets can be compromised. Building upon this foundation, the current article offers recommendations focused on three areas: (1) the classification of trade secret data, (2) the hardening of such, and (3) the cultivation of employee awareness.
1. Determination of Classification Levels for Trade Secret Metadata
Trade secrets are produced and play a role in a dynamic environment, and their essential nature is technological. For instance, information generated by R&D personnel during development projects constitutes the evidentiary basis of trade secrets. Therefore, it is confidential information. In the course of technological and product development, some information may be disclosed in the second phase when used in external communications and client-required details. This stage can include equipment installation parameters, power consumption, and performance metrics.
In short, based on patent planning needs, technological secrets obtained through reverse engineering typically need to undergo protection. In other words, among the original confidential information, any information that does not need to be disclosed externally and does not require patent protection remains within the scope of a business’s trade secrets. The intermediate process from generating confidential information to completing a patent application may take some time, during which all information remains subject to trade secret protection. A critical concept in identifying protected assets is ‘trade secret metadata’.
Given the large volume of trade secrets a business must manage, it is crucial to determine the classification levels for this area of intellectual property. The same principles apply to everyday management: not everything needs to be managed, and not everything is managed the same way. For example, some project leaders may deem all confidential information highly classified, resulting in substantial management costs. In contrast, hierarchical management of trade secrets can be a preferable strategy for maximizing efficiency.
Notably, not everyone in a project needs to have the ability to identify trade secrets or assume corresponding responsibilities. A more effective approach is to have the head of R&D coordinate the classification levels. Defining classification levels is complex. The challenge lies in assigning levels to different types of trade secrets using a unified classification system. This process involves various methodologies, such as technology and product structure analysis or comparative analysis of strengths and weaknesses versus competitors. It also requires a comprehensive understanding of the products and their core selling points. Evaluation can be quantified using a scoring system, which requires a collective discussion and decision involving technical personnel and product managers from the company as well as patent and technology analysts from professional organizations.
For example, in the mentioned customer debugging scenario, customer service personnel can establish set trade secret metadata, with classification levels determined by the intrinsic value of each item. Content that addresses common issues or provides significant insights for product iteration is classified as ‘Confidential’, while routine case problems are classified as ‘Ordinary Trade Secrets’.
In the field of chip R&D, the core knowledge is typically held by leading international enterprises. If a chip testing equipment supplier invests in R&D for years, develops a unique testing solution that enhances accuracy and responsiveness, and improves testing efficiency, this should be classified as a ‘Top Secret’ level trade secret. The media that contains this knowledge (such as paper drawings or digitized blueprints), the various data and algorithm models used during testing, and the databases and code repositories where they are stored can be classified as ‘Confidential/Top Secret’ depending on the specific circumstances. Key customized components that support the system, such as optical and mechanical parts, can be classified as ‘Confidential’.
2. Hardening of Trade Secret Metadata
The access permission scope, classifications, media, and protective measures of trade secrets can ultimately take the form of tools such as Excel worksheets. The key lies in the precision and comprehensiveness of the descriptions. For example, you can provide a directive sheet to the IT and Information Security departments so that they can execute practical measures following the requirements outlined in the sheet, improving the practical implementation of trade secret protection.
Two crucial tactics are used in this context. If we think about the protection processes for a specific product or project along a certain technological line as similar to the protection of internal technologies and products, we can more easily understand what it entails.
Furthermore, the dynamic interchangeability between trade secrets and patents necessitates a coordinated protection approach. When identifying trade secret metadata, it is advisable to align the patent status with the protection system for patented secrets and those patented in the process. This integration ensures a complete record of trade secrets is kept until their disclosure in the patenting process.
Beyond hardening, another approach is establishing a confidential process through the hierarchical classification of confidential information. Companies can significantly reduce control costs by integrating the principles of "minimum access necessary" and "need-to-know" within the confidentiality information mechanism. For example, consider formula management in companies in the food and beverage industry: Only a select few individuals within the company are privy to the complete formula, while the majority of employees are aware of only a portion. The formula may consist of several sub-formulas for different sweetening agents. Different production lines in the factory are entrusted with different elements of the formula, guided by specific processing indicators and blending methods, ultimately yielding the finished product. In brief, no single individual has a comprehensive understanding of the entire process, with each level having access to a different scope of information.
Another common case involves financial statements. Companies traditionally adopt a waterfall-style breakdown, with different positions having access to different information on a ‘need-to-know’ basis. For instance, sales personnel only know sales prices but not cost information. There must be a systematic segregation between sales staff and marketing personnel who have access to cost-related information. This separation can be done through non-disclosure agreements.
With the organizational structure and control mechanisms in place, the next step is to implement them effectively.
A key concept is establishing intellectual property (IP) control points, where specific actions related to trade secret protection or patenting must be performed at designated nodes. For example, during project initiation, it should be determined whether the individual responsible for trade secret metadata is also the project owner. Upon receiving the initial project review report, records and updates concerning trade secret metadata and potential patent plans, including their classification levels, should be documented. Throughout the project, in the event of personnel transfers, reassignments, or departures, the IP control points associated with personnel turnover should be immediately activated.
3. Cultivation of Employee Awareness for Trade Secret Protection
It is crucial to help employees enhance their awareness and understanding of trade secret protection.
The implementation of trade secret protection within the company commences with the selection of personnel—which sort of companies employees come from influences their starting point regarding awareness of trade secret protection. Throughout the trade secret management system, in-depth training should also be organized on trade secret metadata and collaborative protection with patents, in addition to training to foster confidentiality awareness among employees. Typically, training involves lectures and Q&A sessions coupled with assessments to evaluate training effectiveness. Simultaneously, guidance and warnings should be provided from the first day of employment, such as requesting R&D personnel not to attend meetings with external parties alone. Similar training efforts should persist throughout employees' careers to shape a corporate culture centered on trade secret protection.
Initiating change can begin with a self-assessment of the company: How much emphasis does senior management place on trade secret control? If the company lacks a conceptual basis for trade secret protection, how can one be developed and strengthened? If there is no internal management system, it is essential to identify which departments hold the highest value in terms of trade secrets. Can key product lines serve as pilot projects, setting examples and establishing best practices? How can a consensus be reached with customers on the philosophy of trade secret protection to get everyone on the same page? How can business pain points be leveraged, utilizing the ‘three flows’ (information flow, talent flow, physical flow) to conduct risk assessments? Can this be done internally, or does it require the expertise of a dedicated external team?
Furthermore, the people on the ground often have the clearest view of the actual situation. Ask employees what they think about the business’s awareness and capabilities in trade secret protection. Their insights are invaluable. What do they think, and where do they see areas for improvement? Drawing upon their past work experiences, what lessons and best practices can be gleaned?
As each company is unique, seeking customized and efficient support from professional organizations can yield significant returns. Rouse, introduced previously, has been able to establish a client-specific comprehensive business management system from scratch within 15 weeks, achieving traceability and accountability both internally and externally. The process involved interviews and online employee surveys from the very start and ended with post-training employee feedback. As a result, it had a noticeable impact on boosting awareness of trade secret protection.
Conclusion
Notably, the significance of any philosophy or method lies in its application. To borrow the words of management pioneer Peter Drucker: ‘Management is practice. Its essence is not knowing but doing. Its test is not logic but results.’
We recommend businesses start risk assessment, formulate relevant protection mechanisms, and work to achieve effective implementation as soon as practicable. Businesses and other commercial entities should continuously strive to identify and resolve issues encountered in this process and efficiently coordinate people and tasks. This process will undoubtedly enhance the efficacy of their trade secret management mechanisms.