Go to Top

Top Ten Ways to Protect Your Trade Secrets

Tips from the trenches in light of the recent Ex-Motorola Software Engineer Prison Sentence.

toptentrade_tHanjuan Jin, a Motorola Software Engineer, stepped onto the terminal at O’Hare International Airport a few years ago and stepped into history as one of the most notable Trade Secret mis-appropriators of recent times.  Loaded with $30,000 in cash, a one way ticket to China, and a motherload of trade secrets freshly pilfered from Motorola, Jin was stopped by suspicious agents at O’Hare and ultimately arrested.  Jin, a naturalized U.S. Citizen born in China, was convicted of diverting Motorola Trade Secrets to a Chinese competitor, and just last week, she was sentenced to 4 years in prison in the criminal case.  eDiscovery Labs principles would play a major role in the investigation related to the parallel civil case, involving significant quantities of digital evidence.

“In today’s world, the most valuable thing that anyone has is technology…The most important thing this country can do is to protect its trade secrets”

– Judge Castillo (presiding Judge in the Motorola case) [1]

This recent sentencing of Jin, along with last week’s $1 Billion Dollar settlement in the Apple vs. Samsung IP case provides a timely opportunity to re-visit some of the best ways your clients can protect their trade secrets…before they board an airplane.  Here are our favorites…

  • 1. Identification.  Take a moment to inventory your most valuable “family jewels”.  Identify the trade secrets that are most important to your business.  Do an assessment.  What secrets, if lost, would bring your business to its knees? Tell your employees what trade secrets are, and why they are critical to your business.
  • 2. Treat them like secrets!  If you are to ever successfully litigate a trade secret case, you must present convincing evidence that you treated your Trade Secrets like….well, like secrets.  That means you only disclosed them to employees who had a need to know, and you safeguarded them with reasonable measures.  If everyone in your company has access to your engineering drawings…they are not secret!  Counsel employees to use caution when discussing confidential information during sales calls, trade shows, and meetings with vendors and outside consultants.
  • 3. Have a policy.  It should contain language on how employees handle confidential business information, that the company owns intellectual property produced by  employees during their employment, and an employee’s duty to protect Trade Secrets.  Non-compete and non-solicitation clauses can be a part of this document.  Require employees to sign a copy of the policy, and review it with them during an exit interview if they are terminated. Most importantly, your policy should be endorsed and championed at the highest levels of your organization, and information protection should be a part of key manager’s annual reviews.  This approach helps to foster a secure Trade Secret Culture.
  • 4. Non-Disclosure Agreements.  NDA’s should be in place with all employees and key vendors and business associates.  In particular, NDA’s should be executed with strategic partners in which key intellectual property is being developed or shared.
  • 5. Training.  Cover your Confidential Information Policy with employees during new employee orientation, and as a part of your ongoing employee training programs.  Keep records of the training and times and dates employees attended.
  • 6. Classification.  Mark important documents, emails and attachments as “Confidential”.  When possible, rather than widely distributing critical documents electronically in advance of a meeting, hand out printed and numbered copies at the meeting and collect them afterwards.  Use shredders.
  • 7. Access Control. Only allow access to areas of your business containing confidential records by those with a legitimate need to know.  Use physical security to lock areas where documents are stored and use door locks and or access control card access systems where appropriate.  Additional physical security measures such as CCTV systems may be appropriate in high-risk areas.
  • 8. Computer Device Security.  Inventory important gear and keep good records.  Use locking devices for laptops and other portable computer devices and encryption to protect your data if it is stolen.  Do not allow portable storage devices (eg., “thumb drives”)  or CD / DVD burners in labs or areas where sensitive confidential information is handled.  Have a system in place for recovering computers, iPhones and other devices from terminated employees in a timely fashion.
  • 9. Network / IT Security.  Employ industry – recognized safeguards like limited file access and logging, Internet security, strong passwords, and other IT security practices on your data.  Limit employees to only the confidential information and data sets or files that they need to do their job…not your entire file server.  Consider network monitoring software in high-risk environments to control access to / from problematic internet sites.  Do not allow employees to access internet music / file sharing sites while at work, as these sites can inadvertently allow outsiders access to your sensitive computer files.
  • 10. Have a “Plan B”.  Even the most sophisticated companies can suffer a breach.  Have a plan in place for the steps you will take to respond to a Trade Secret loss.  Components should include a call list of the members of your breach team (attorney, HR, security personnel, external vendors, insurance company, Public Relations, IT staff, etc).  Make sure you have a plan in place for preserving computer evidence (eg., “Imaging” computers and securing voicemail and email) and shutting down remote access of those suspected of diverting your Trade Secrets.

 [1] “Engineer Gets 4 Years in Motorola Secrets Case”.  By Nathalie Tadena.  The Wall Street Journal.  August 29, 2012
, , , , , , , , , , , , , , ,

About Jeff Hartman

Jeff is a 30 year veteran of the corporate security, computer forensics, and eDiscovery community and a co-founder and partner at 4Discovery. 4Discovery is a leading provider of computer incident response and computer forensics services to attorneys, corporate security executives, and the information protection community.