New trade secrets law to drive breach of confidence claims
This article explores what changes might need to be made to the existing protections given to trade secrets and in particular, the impact this might have in the insurance market.
This article was first published by Insurance Day, on 16th May 2018.
How are trade secrets protected now?
There is currently no statutory definition as to what constitutes a trade secret in the UK. Instead, the protections of trade secrets have evolved through a variety of legal cases. In essence, a trade secret is a form of confidential information (all trade secrets will be confidential information, but not all confidential information need be a trade secret). The basic requirements to establish that the information is confidential are required, namely that
- the information should have the "necessary quality of confidence"; and
- the information should be subject to an obligation of confidence.
For confidential information to be regarded as a trade secret, however, there is an additional requirement; if such information was disclosed to a competitor, it would need to cause real or significant harm to the owner. A trade secret is therefore a rarefied form of confidential information.
What does the Directive change?
From a legal perspective, the Directive is actually unlikely to change much. The UK is seen internationally as one of the torch bearers in the EU when it comes to protecting trade secrets and confidential information generally.
What the Directive does seek to do, is harmonise the definition of trade secrets across the EU. That proposed definition brings the definition of trade secrets closer to the UK's existing definition of confidential information. It provides that a trade secret must be information which is:
- of commercial value because of its confidentiality; and
- the trade secret holder must have made reasonable efforts to keep it confidential.
The Directive will also provide a statutory footing to claims which could constitute unlawfully acquiring a trade secret, secondary liability, and wider protections for whistle-blowers.
Why is this important, and what effect will it have on the insurance industry?
Trade secrets and confidential information constitute an extremely valuable part of many business models, particularly those companies that are know-how and data-driven. The protections required are therefore increasingly being prioritised by companies around the world, particularly in the era where cybercrime and data liability is at the forefront of people's minds. The change brought about by the Directive is therefore a timely reminder to ensure that policies are excluding risks that underwriters want to be excluding, and are covering risks that are acceptable to underwriters.
We are already seeing an increase in general breach of confidence claims (both insured and uninsured). These are particularly common when directors or officers leave one company and move to a competitor, and are often a mix of breach of contract claims (in the employment context) with common law breach of confidence. They also arise when individuals seek to blackmail ex-employers by threatening a data breach, where customers take ideas from suppliers in a tender process, or where a business seeks to re-use or disclose another's confidential information for its own purposes.
We anticipate that the upward trend in breach of confidence cases will continue, not necessarily because the legal position has changed, but because the publicity surrounding the Directive will highlight to businesses (especially SMEs) the ways in which they can seek to legally protect their valuable intangible assets.
These claims may arise under a range of policies, including more traditional D&O risks where an ex-employee joins as a director of a competing business, but also under specialist intellectual property policies (and/or extensions), which can typically provide pursuit and defence cover.
As the Directive is intended to harmonise the position across the whole EU, for those in the market dealing with international risks within the EU, we anticipate a possible rise in international and/or cross-jurisdictional issues.
There are some practical steps which insureds and insurers can take in anticipation of the Directive. These could include:
- ensuring definitions of confidential information and trade secrets in policy wordings (whether for use as in insuring clauses or exclusion clauses) are updated;
- increasing security and protections around confidential information (including the use of non-disclosure agreements, increasing IT security and limiting accessibility); and
- updating relevant confidentiality provisions in employment contracts;
- conducting regular confidential information audits.
Whilst no article involving the implementation of new EU law would be complete without a cursory mention of Brexit, we expect any impact to be minimal. The 9 June 2018 implementation date is far in advance of the date the UK will leave the EU. In reality, UK businesses will likely benefit from the rest of the EU harmonising their respective frameworks, which should provide more credible and robust protections for trade secrets and confidential information in the future.