March 30, 2022

It’s Time to Consider Whether You’re Adequately Protecting Your Intellectual Property with Trade Secrets: The News in Russia Shows Us Why

Earlier this month, the Russian government issued a decree stating it will use patented products from so-called “unfriendly countries” without compensating owners. The law already allows the state to authorize taking and using IP rights in cases of “emergency” or a threat to national security. But now, the government is taking this one step further by moving toward creating compulsory licenses for certain technologies. 

These authoritarian measures are leading U.S.-based companies to suspend their products and services in Russia. Tik Tok and Netflix are recent examples, as are Apple and Google, both of whom recently blocked access to their applications in Russia. 

Conventional wisdom would suggest that Russia’s decree invalidates patent rights. This is because patents, by design, disclose all necessary information to make or use the technology at hand. If Russia or companies operating within Russia wanted to recreate and use, for instance, Apple’s patented technologies and employed a workforce skilled enough to do it, then it could. For companies operating in countries with authoritarian leaders or unstable political regimes, the loss of patented technology may be an untenable proposition.

Conversely, a trade secret can be far more difficult for governments (or corporate competitors) to usurp. This is because the underlying intellectual capital is not generally known by the public.

Generally, trade secrets are loosely defined as business or technical information that provides a competitive advantage and is not generally known by the public. That the information is not generally known by the public decreases the risk that a government can require forfeiture of or a competitor can easily replicate this intellectual property.

Patents versus Trade Secrets: An Illustration 

A German biotech company, BioNTech, engineered a vaccine manufacturing pod to scale the vaccine creation process for mRNA vaccines, the most common of which is the COVID-19 vaccine. According to a recent Economist article, transferring the pods from Germany to recipient nations involves no less than 50,000 steps from manufacturing the pods to properly storing the materials to safely transporting them. This so-called “process knowledge” is akin to a developer rewriting code so that it can run on a different type of machine – a process that while technically replicable and perhaps patentable, is not susceptible to being copied without internal knowledge of the process. 

Imagine if BioNTech were to deploy the manufacturing pods in a country, like Russia, where the company may face a waiver or seizure of patent rights. Rather than publicly disclose the various components of their process in the Russian patent system, if BioNTech kept its internal process knowledge proprietary and limited to a specific group of individuals involved in its internal operations, could a competitor reverse engineer the pods? Possibly, but it’s unlikely.

Even if many aspects of its process knowledge are patentable, trade secrets protection is crucial for tech companies like BioNTech. Its process knowledge tends to come from years of costly, complex research and development efforts. If that knowledge is lost or leaked through theft, data breach, or even required forfeiture by a government, less advanced companies can, unfairly but legally, rush an identical product to market. 

Protecting Trade Secrets

Trade secrets can permit a company to be more proactive regarding the protection of its intellectual capital. Especially when conducting business in authoritarian or unstable nations, companies (no matter the size) should be wary of how they keep and store data, including information they consider proprietary. Data can be lost, transferred, or shared with just one or two keystrokes. Even seemingly innocuous moves like copying files to a portable memory device and carrying that device into an authoritarian nation can pose a risk if that device is confiscated. Sharing internal emails outside of the company can also result in an unintended breach. To minimize this, companies can and should control what, and how much, information can be transferred to memory devices or unsecure cloud storage, as well as what is disseminated to employees. 

Limiting who has access to trade secrets in any form increases the chances that proprietary information will remain so. Companies can proactively protect that proprietary information in the screening, hiring, and training process, specifically, by setting clear policies about how to use company data. Company proactivity also applies at termination so that former employees do not have access to data they can take to a subsequent employer.

Finally, the Russian turmoil should prompt businesses, especially those with international reach, to evaluate the programs by which they harvest and protect their intellectual property, like process knowledge. Patents are useful and important tools for companies. However, businesses should remember that some information must be disclosed and some information need not be. Insofar as they can, companies should protect their process knowledge to ensure their product remains valuable. (Valuable, in this context, means not duplicable.) When patented, a technology, process, formula, or other know-how remains locked up for 20 years. But trade secret knowledge can last indefinitely. And while the protection may not be quite as strong (it’s illegal to copy a patented product during the 20-year monopoly period; it IS legal to reverse engineer a non-patented product), it is nonetheless a way to maintain control over vital production details. 

Let recent events in Russia be a catalyst to re-evaluate your company’s intellectual capital, how the company protects that intellectual capital, and if the current mechanisms employed are most appropriate for your current situation.  

Steps to Protect Trade Secrets

Any company, but especially those with an international reach, may consider implementing and enforcing the following practices and policies to protect their trade secrets. The list is non-exhaustive, and the particular steps any individual organization should take will vary based on that organization’s business.

  • Maintain internal access to propriety information on a “need-to-know” basis.
  • Encrypt and password-protect important data.
  • Maintain separation between divisions or departments within the company, in particular, between departments that may operate in countries with fewer protections for intellectual property and those that need ready access to proprietary information.
  • Prohibit installation of software on company equipment without permission.
  • Evaluate what information is shared/stored with offices located outside of the primary business location of the company.
  • Evaluate what information is permitted to be copied to portable memory devices: do not permit proprietary company data to be copied to portable devices and transported into authoritarian states.
  • Encrypt and password-protect any device used to transport or access propriety information.
  • Do not share internal emails outside of the organization. 
  • Enforce policies that protect proprietary information. This includes enforcement of employment agreements, confidentiality agreements, and other non-disclosure agreements.
  • Control how much – and what – information is transferred to unsecure cloud storage.
  • Control how much – and what – information is disseminated to particular employees. Preferably, segment proprietary information so that no one employee has access to the entirety of the proprietary material.
  • Establish clear policies about how employees can access and use company data.
  • Upon termination, ensure departing employees do not maintain access to proprietary information and that their credentials are not used prior to departure to access to proprietary information.
  • When evaluating your decisions to patent, distinguish information that must be disclosed from that which need not be.