How to protect company industrial and comercial secrets

This fourth part of the article looks briefly at the procedures and necessary steps to take to protect company secrets.

 

5.- SECRET PROTECTION POLICY – PROCEDURES

Once an audit has been carried out a policy, and procedures, can be put into practice.

5.1. An adequate protection policy for documents and information:

  • Establish the criteria
  • Fix the location
  • Separate the information
  • Identify confidential documents
  • Restrict access to the information
  • Designate specific employees who can manage the confidential information

5.2.- Set the procedures down in writing to:

  • Transfer commercial secrets through secure means
  • Avoid free access and/or
  • Prevent subsequent disclosure, either voluntary or involuntary

 

6.- PROTECTION PROCESS

6.1.- Identify and document

6.1.1.- The first step of a company secrets audit consists of identifying the industrial and commercial secrets. The analysis should include: R+D, manufacture, pre-production, sales, marketing and human resources.

In order to determine if the information can be protected as a secret, it’s necessary to take into account (a) is the information widely known? (b) does it have an economic value for the company through the fact of it being unknown? (c) has the company taken reasonable measures to protect confidentiality?

6.1.2.- The second step is to prepare the list of company secrets, describing how they have been developed.

This should demonstrate how each asset differs from industry practices and why this difference is significant.

6.2.- Separate and Protect

Once the intangible assets have been identified and documented, they can be separated, classified and control should be assured. Assigning a place for confidential information will partly depend on its format. The following methods of security are advisable, according to the case:

  • Mark the documents as ‘Confidential’ or ‘Company Secret
  • Limit access. Restrict copying
  • Create physical and technological barriers. Include passwords on computers.
  • Create separate files for each folder on the hard drive
  • Avoid methods of information download on storage devices
  • Demand employees sign restriction agreements for access and confidentiality
  • Organise a training programme
  • Develop procedures for employees which they should follow when they talk about company secrets or confidential information with third parties

 

The final part of this article deals with company secrets in relation to employees – their ‘need-to-know’ basis and what happens when they leave a company’s employment.

Santiago nadal