Protecting CAV Trade Secrets

The theft of trade secrets has been front and centre in recent high-profile legal disputes involving former employees of key players in the connected autonomous vehicle (CAV) space. They serve as a good reminder of the importance of and challenges in protecting commercially valuable information. This blog post covers some of the measures businesses can adopt to proactively protect their trade secrets, and how they can prepare for when disaster strikes.

Trade secret theft also involves a risk for companies licensing-in new technology or hiring tech talent. Apart from generally being alert to the possibility, there are a couple of steps companies can consider to minimise their risk of being dragged into a lawsuit (or at least help them set up a good defence) for misappropriating or misusing third party trade secrets as a result of misconduct by their employees or commercial partners.

Trade secrets, key tools to protect CAV technology

From traditional automotive firms to tech companies, players in the CAV game have put significant resources into research and development to create and improve CAV-enabling technologies.

Various types of intellectual property rights are available to protect these technologies. Among them are trade secrets: valuable confidential information not in the public domain that is key to obtaining and maintaining a competitive advantage. Confidential information that rises to the level of a trade secret is that which would be devastating for the business if it were disclosed to a competitor.

In the CAV context, this can include confidential technical information in algorithms and data sets, for which patent protection may be difficult to obtain. Where patent protection is available, the trade-off for obtaining a patent is the strict public disclosure requirements which are incompatible with maintaining confidentiality. Patent rights are also only for a limited period (usually 20 years). In contrast, trade secrets can extend for an indefinite period while they are kept confidential.

Trade secrets theft, a growing risk

Relying on trade secrets is not without risk. The onus to keep trade secrets confidential lies solely with the organisation. This is not an easy task. Recent high-profile legal disputes involving former employees of Tesla,¹ Uber and Google² are cases in point. Departing employees and commercial partners with whom an organisation shares confidential information are known risk areas, but new potential vulnerabilities are increasingly coming to the fore, including the rise of sophisticated cyber espionage.

2019 Data Breach Investigation Report, Verizon.

Increasing connectivity, the growth of the Internet and rise of the Internet of Things have created more vulnerabilities. Modern means of communication and the speed by which unauthorised disclosures may be disseminated, along with the breadth of the potential audience, increase the potential for harm to an organisation.

The Reality of Trade Secret Protection (1 July 2019), Risk Management.

Preparing and responding to trade secret theft

The recommended measures listed below provide a starting point for holistically considering organisational approaches to trade secret theft management.

Contracts and Policies

• Protect trade secrets through confidentiality provisions in contracts with employees, independent contractors and service providers.
• Implement IP, confidential information and data security policies and protocols.
• Document ownership of improvements generated using trade secrets, confidential information and other IP.
• Include provisions for the return or destruction of trade secrets when the engagement ends.
• Carefully consider the terms around security and audit requirements, including third party access rights.

Practical and technical measures

• Limit access to trade secrets on a need-to-know basis. This is key, as, in some jurisdictions, allowing access to trade secrets beyond that which is required may result in the information losing its trade secret status.
• Implement security and assess measures and information segregation protocols, both physical (locked filing cabinets) and electronic (including encryption, data segregation, secure USB ports, monitoring printing, emails to personal accounts, file transfers to personal devices).

Organisations receiving trade secrets: avoid hiring a lawsuit

• When hiring new staff, require them to disclose any pre-existing or third party IP before using it in their new role and instruct them to verify and purge common sources of information (smart phones, personal e-mail accounts).
• Put in place ‘clean-room’ procedures for software development projects.
• Consider obtaining warranties against third party IP infringement in contracts with independent contractors and service providers.

Communication and education

• Conduct regular training for employees in relation to permitted use and handling of trade secrets.
• Ensure trade secrets are identified and only communicated confidentiality to those who must guard them.
• Address and emphasise confidentiality and company protocols and processes in employee on-boarding and off-boarding procedures.

Monitoring

• Rigorously police the return or destruction of confidential information at the end of an engagement.

Responses to trade secret theft

• Have solid, well-tested cyber response plans.
• Identify each step following a breach or disclosure of trade secrets, including an appropriate risk escalation framework.
• Clarify roles and responsibilities (the chain of command) of each member of the response team, including third party forensic experts.

Conclusion: Tailoring risk management strategies

As the race to full automation intensifies, and organisations compete to attract top tech talent, legal disputes involving CAV technology are likely to become more frequent.

Companies should adopt organisation-wide protection and response plans, weighted against the organisation’s risk tolerance and appetite.

Protective and recovery measures should be adapted to the specific risks faced by the organisation. These risks will be shaped by the organisation’s market position, the legal and regulatory environment in which it operates (requirements for the protection of trade secrets are not uniform across jurisdictions), and its reliance on technology.

Leadership figures ultimately responsible for protecting the business and its assets should set the tone to ensure enterprise-wide awareness.

Endnotes:

1. Tesla sues Zoox over manufacturing and logistics secrets, Wired, (21 March 2019).
2. United States of America v Anthony Scott Levandowski, Indictment, (15 August 2019).