Trade secrets differ from other forms of Intellectual property (“IP”) in that the mode of their protection is not codified under Kenyan law. This does not mean that they are not important. In fact, if well protected, trade secrets can give an organisation a distinctive competitive advantage. This article considers ways in which in-house counsels can drive the trade secret protection agenda in their organisations. WHAT IS A TRADE SECRET? As stated in the preceding section, there is no legislation in Kenya governing trade secrets and hence no local definition of the term “trade secret”. However, Kenya is a member of the World Trade Organisation and by extension a party to the Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement. This Agreement sets the minimum standards for regulation of various forms of IP, including trade secrets. According to Article 39 (2) of TRIPS, trade secrets contain three distinctive characteristics: – Accordingly, any and all information that meets the above requirements may be considered a trade secret. Typical examples of trade secrets include strategy and business plans, customer/client lists, pricing lists, products, models, marketing and sales plans, financial projections, financial statements, budgets, test procedures, proposed products, source code, software, hardware, employee employment records, salary, etc. TRIPS further provides that the owner of a trade secret has the right to prevent the information from being disclosed, acquired or used by others without their lawful consent. STEPS FOR PROTECTING TRADE SECRETS In-House counsel can drive the protection strategy in the ways discussed below. 1. Sensitize Management In-House projects work best when supported by the leadership and other key stakeholders within an organisation. As a first step, the Head of Legal or the departmental leader should sell the agenda of trade secret protection to management teams so as to get their buy-in. The most effective way to get buy-in is to demonstrate the benefits of the project to the organisation. Some potential advantages include:- 2. Develop Trade Secret Protection Procedures Trade secrets can be protected through a raft of internal and external measures. Internal protection measures include IT security measures such as data encryption, data access controls, firewalls, etc. Physical controls are also useful in internal protection. For example, biometric access should be installed for strong rooms, filing spaces and any other place where trade secrets are kept. Further, use fireproof safes for storing confidential information. Finally, use physical controls to restrict access to office spaces. For documents, consider measures such as marking hard and soft copy information as confidential. Finally, endeavor to limit access to confidential information by sharing it on a need-to-know basis. When working with external parties, such as suppliers and contractors use a confidentiality agreement. You can get more information on 3rd party confidentiality agreements in my earlier article accessible here. 3. Determine Applicable Enforcement Measures According to the World Intellectual Property Organisation, 80% of trade secrets are leaked or stolen by employees and trusted insiders. If there are no consequences for breach of the policy, then it will be hard to get the desired results from your employees. Demand adherence to trade secret policies in your employment policies and contracts by stating that deliberate leakages may lead to termination of employment. Contracts can also specify further action such as seeking injunctive orders to prevent further leakages and monetary compensations (damages) for any loss suffered. 4. Maintain a Culture that Promotes Secrecy of Information Prior to hiring, conduct reference checks on prospective employees. The checks should determine the employee’s propensity to leak/mishandle company information. Once they join the company, train them on the need to maintain confidentiality and require them to sign employee confidentiality agreements. During the course of employment, conduct regular refresher training on confidentiality. There is no hard and fast rule on the frequency of the training but at a minimum, they should be done annually. Conduct exit interviews and remind employees that the duty to protect trade secrets continues post-employment. The duty to maintain confidentiality survives the employment contract. This means that if there is an attempt to move with the information to a competitor, the employee should be informed that the enforcement measures will still apply. 5. Promote Employee Loyalty Keeping trade secrets confidential is an uphill task that cannot be fully accomplished by merely setting out organizational policies and processes. If employees do not commit to the success of your policies, they will have limited effectiveness. Employee commitment comes from loyalty and this in turn comes from developing a favourable workplace culture. Employees will feel committed to your cause where the organisational culture is open, low power distance, genuine care, and concern and a general familial feel. Advocate for cultural change through the initiation of staff welfare activities or attractive pay packages that encourage observance of trade secrets protection. CONCLUSION Compared with other forms of IP, it is fairly easy to protect trade secrets. A Trade Secret Policy can help in effective management of trade secrets. The success of this policy hinges on the culture of your workplace. Without a transparent culture that promotes loyalty, you may not get enough traction in your promotion activities.
Latest Posts
10 Key Words in the Data Protection Act
The Kenya Data Protection Act (“DPA“)applies to all persons who handle personal data. For effective compliance, it is necessary to understand the Act’s key terms. Outlined below, is my take on some of the key terms that may be relevant in your compliance journey. Data Protection Key Terms 1. Data Subject The DPA defines a data subject as any identified or identifiable natural person who is the subject of personal data. In other words, a data subject is any human being whose data is being collected, held or processed. 2. Personal Data Any information relating to an identified or identifiable natural person i.e. a human being. The illustration below shows some common forms of personal data. 3. Sensitive Personal Data In addition to the forms of personal data described above, the DPA establishes a special category of data known as Sensitive Personal Data. In essence, this is any information that reveals a human being’s, race, health status, social origin, property details, marital status, conscience, belief, genetic data, biometric data, family details including the name of the person’s spouse, children, sex or sexual orientation. 4. Data Controller A data controller is an individual, body corporate, public authority, agency or any other similar body which, alone or jointly with others, determines the purpose and ways of processing personal data. Examples: In summary, a data controller is any person or organization that determines the purpose and means by which data is processed. 5. Data Processor This is an individual, body corporate, public authority, agency or similar body that processes data on behalf of the Data Controller. 6. Consent The DPA defines consent as “any manifestation of express, unequivocal, free, specific and informed indication of the data subject’s wishes by a statement or by clear affirmative action, signifying agreement to the processing of personal data relating to the data subject.” Data Subject consent should be:- 7. Data Retention This refers to the period of time that data can be held by a controller or a processor. The DPA provides that data controllers and processors may only retain data for as long as may be reasonably necessary but it does not prescribe specific timeframes for retention of data. Instead, data processors and controllers should develop organisational measures that adequately address data retention. In practice, development and implementation data retention policies and processes may suffice. 8. Data Commissioner This is the regulatory body responsible for regulating/enforcing compliance with provisions of the DPA. As I write this, the appointment and establishment of the Data Commissioner’s office has not been effected. However, there are indications that the appointment may be done within the second half of 2020. 9. Data Protection Officer (DPO) The primary obligation of DPO’s appointed pursuant to the Act is to provide oversight on compliance. In particular, DPO’s advise the business on the requirements of the Act but to also oversee compliance and facilitate capacity building of staff involved in Data Protection activities. Finally, the DPO is the liaison between the Data Controller and Data Processor on all matters relating to Data Protection 10. Personal Data Breach Under the DPA, a “personal data breach” means a breach of security leading to the accidental and unlawful destruction, loss alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Personal data breaches can occur in many ways. Firstly, a personal data breach may happen accidentally e.g. an email sent to the wrong recipients. It can also arise through deliberate actions or omissions of data controllers or data processors. Other examples include breaches arising from the theft of computer devices and the alteration of personal data. Data controllers should report data breaches to the Data Commissioner within 72 hours of occurrence. In addition, inform the concerned data subject of the breach within a reasonably practical period. Data processors must report breaches within 48 hours of occurrence. Section 43 of the DPA sets out the procedure for reporting personal data breaches.
4 Steps Towards Data Protection Compliance
Kenya’s new Data Protection Act (“DPA”) was recently hailed as a trailblazer and pace setter for data privacy in Africa. The DPA came into force in November 2019. Since then, business leaders have been making concerted efforts to understand its requirements and to formulate compliance plans.
3 Signs That Your Business is Ready For Funding
If you are a fan of popular TV shows like KCB Lion’s Den, Shark Tank or Dragons Den, then I am sure you are familiar with the uphill task that entrepreneurs face when seeking capital for their businesses.
Help! My Employees Are Stealing From Me!
From my experience of working in corporate Kenya, I consider employee theft as one of the biggest risks facing businesses. In fact, according to a recent report by the Kenya National Bureau of Statistics the number of Kenyan workers convicted for employment related offences rose by 60% last year. Similarly, a recent Microsoft Security Intelligence Report noted that in 2018, the incidences of cybercrime in Kenya rose by 167%.
5 Reasons Why Your Workforce May Be Redundant
There are various stages in business and each requires different approaches to workforce management. For instance, at the startup and mid growth phase, businesses are typically looking to grow their workforce. Therefore, management is preoccupied with finding and retaining the right talent to sustain growth.
Key Considerations in Choosing Business Partners
There are several choices that an entrepreneur needs to make concerning his business. Undoubtedly, one of the most daunting is the ownership decision i.e. whether to go at it alone or with partners.
Celebrity Endorsements and Model Release Agreements
Introduction Celebrity endorsements are advertising campaigns whereby celebrities or well known public figures are used in promotion of products or services. The benefits of such endorsements include increased sales, brand personification and building brand equity and credibility.
Elements of Private Companies in Kenya
Introduction Private companies are popular vehicles for carrying on business in Kenya. Private company registration is carried out through an online platform known as e-Citizen (accessible here). It takes up-to five days from the date of submission of all requisite information to obtain a certificate of incorporation.
Top 5 Functions of Business Contracts
Introduction In the course of running a business, you inevitably require to enter into contracts with various stakeholders. Contracts are agreements in which one party commits to providing products, property or services to another in exchange for payment. Contracts may be either verbal or written.