A trade secret audit is a proactive, dynamic analysis of a company’s proprietary assets and how those assets are protected. An audit should including the following steps:
- Assemble an audit team. The audit team should consist of outside or inside counsel and appropriate business teams. Audits should be assisted by someone who is experienced with computer fraud, network security issues, and computer forensics, including managing and protecting electronically stored data. And don’t forget human resources professionals.
- Determine the scope of the audit. The audit team must identify the company’s overall objectives related to its trade secrets and what levels of protection the company seeks. The audit team should further determine whether patent or other intellectual property attorneys should be consulted to tailor the most appropriate kind of protection for the company’s particular intellectual property assets.
- Identify potential trade secrets. The audit team should identify the company’s intellectual property assets that are valuable and worth protecting, as well as any existing security protections in place to protect those assets. This process should include identifying risk areas where information assets may be susceptible to loss.
- Review current policies and procedures. Companies often have some policies or procedures in place to help protect their trade secrets, but many are inadequate, difficult to implement or understand, or ineffective. Review case decisions on whether particular company measures taken to protect trade secrets were legally adequate or inadequate.
- Review current physical and electronic security measures. The audit team should review the company’s physical and computer data security practices and make recommendations to help ensure adequate security and prevent theft. This often includes recommendations about facility access, security layout, computer access, network system layout, and protection of electronic data.
- Account for technological advances. Technology changes rapidly, and companies need to keep up with the latest developments. For example, moving trade secrets into the cloud raises numerous legal, security, and business concerns.
- Review current protective agreements. Companies must monitor their current protective agreements regularly to keep them up to date on current technologies and the law. The audit team should review the company’s various protective agreements (e.g., employee confidentiality agreements, blogging policies, and technology use agreements) and third party nondisclosure agreements to ensure that they safeguard the company’s trade secrets appropriately.
The importance of a trade secret audit to ensure that trade secrets are adequately protected cannot be overemphasized—given the stakes, we’re likely to continue to see high-profile cases of alleged trade secret theft.
You’ll find a sample trade secret audit checklist along with everything you need to know about protecting trade secrets in CEB’s Trade Secrets Practice in California.
Related CEB blog posts:
- Clashing Concepts: Trade Secrets and Social Media Networking
- Protecting Your Great Idea
- 11 Tips for Preempting Business Pirates
© The Regents of the University of California, 2013. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.