Trade secret protection

 
Apply for SearchInform DLP TRY NOW

The term "trade secret" in its most general form means the confidential information of special tactical or potential importance. Disclosure of information constituting a trade secret leads to financial losses and can lead to bankruptcy. In circumstances when not only the actions of competitors but also hacker attacks and virus outbreaks become a threat, the protection of trade secrets is the main condition for a successful business.

Purposes of protecting trade secrets

A set of measures to protect commercial information simultaneously solves several problems:

  1. Helps to gain positions in a competitive environment, retain market share, and customer flow.
  2. Provides protection of important strategic information over time.
  3. Serves for the audit of potential data leakage channels.
  4. Prevents possible risks associated with staff rotation.

Conditions for the successful defense

For the effective functioning of the system for protecting confidential commercial information, several conditions must be met.

First of all, there must be agreed upon within the company on the financial, production, operational, and commercial aspects of activities. Information security also includes interaction between all structural divisions of the company. The basis for successful protection is an independent assessment of the information and objects in need of protection, plus the development and coordination of protection measures before implementation.

Additional strengthening of the protection will be the personal financial responsibility of the heads of structural divisions and employees performing work of the "closed level". It is better to document sanctions for non-compliance with the conditions of secrecy and ensuring the safety of information constituting a commercial secret.

Methods for protecting commercial information

Before introducing protection measures for sensitive melons, it is important to specify the object and subject of protection.

In this case, the object of protection is information related to the operation of the company and is of financial and strategic interest to competitors, or, in other words, a commercial secret.

The subject of protection is understood as information carriers on which information constituting a commercial secret, including paper and electronic documents, is recorded; external storage devices; other storage and data transmission devices.

High-quality protection of trade secrets implies a set of measures that combine several areas. Without an integrated approach, it is possible to violate the confidentiality of strategic commercial information, including:

  • theft;
  • a leak;
  • falsification;
  • unauthorized distribution of information of interest to competing companies.

To ensure confidentiality of financial information and protection of trade secrets, companies combine technical means with legal remedies, organizational and socio-psychological tools.

Legal measures to protect trade secrets

Legal measures mean the adoption of internal regulations and the construction of work by the legislation on the protection of information of commercial value.

The legal foundations for the protection of commercial secrets are laid down in charters, orders, internal labor regulations, contracts, and employment contracts. In a collective agreement or employment agreement, a separate clause stipulates the duty of an employee to comply with the rules for the safety of the information that has become known in the service.

In fact, legal protection of information is implemented in established forms, the choice of which is determined by the scope of the company. For instance:

  • Creation of specialized office work with a special way of storing, transferring, and accessing documentation that is a trade secret. Physical and electronic media of classified information are marked according to established rules.
  • Compilation of a list of administrators whose competence includes delimiting access to information related to commercial secrets.
  • Limiting the circle of employees with access to protected information.
  • Formation of a general procedure for obtaining confidential information.
  • Fulfillment of requirements for the safety of commercial secrets in the development of projects, implementation of solutions, testing of new products, production of products, sale of goods, advertising.
  • Ensuring the safety of data during business negotiations, internal meetings, signing contracts, using technical means for working with information (recording, processing, storing, transferring data).
  • Ensuring legal interaction with representatives of government agencies authorized to conduct control checks.
  • The use of preventive measures: the presence of an internal and external checkpoint, a security post.
  • Training of specialists dealing with trade secrets, information security rules.

An important part of the legal framework for protecting trade secrets is labor agreements with employees. It is recommended to include in the text of the agreement a list of data security measures that may become known to an employee while performing duties, as well as measures of responsibility. In the event of an employee's negligence in data protection or deliberate sabotage, the agreement will become the legal basis for bringing the violator to justice and recovering losses.

The responsibility of the employee for the disclosure of information constituting a trade secret is allowed to be prescribed in an additional agreement or as a separate clause in the employment contract.

To ensure the safety of strategic information, the document includes:

  • a prohibition on the dissemination of financial and secret information that becomes known to the employee during the performance of his duties;
  • a ban on the transfer of strategic data to third parties without the resolution of the head;
  • a ban on the use of confidential company data when performing work that may damage the interests of the company;
  • the duty of the employee to promptly notify those in charge of any attempt by third parties to obtain information that is under protection;
  • the duty of an employee to immediately notify officials about the loss or shortage of confidential data carriers passes, seals, which may cause leakage of confidential information;
  • the duty of the employee upon dismissal to hand over to the office all media with confidential information that the employee used to perform his duties: documents, drawings, disks, flash drives, photo, and video materials, printouts.

An agreement on non-disclosure of information related to trading secrets, which became known to the employee during the period of work, is also concluded upon dismissal. This will provide insurance in case the dismissed employee decides to transfer confidential information to third parties or use it in subsequent work.

Administrative and organizational measures for the protection of commercial secrets

Administrative and organizational measures to ensure the safety of commercial secrets include two important blocks: the presence of a structural unit that performs the role of an information security service and the presence of checkpoints and security posts at the facilities of the enterprise in particular need of protection.

The security service is responsible for monitoring visits: issuing passes, fixing the time spent on the territory of the organization.

The powers of the information security service extend to the establishment of the procedure for declassification and destruction of information that was under protection. The information security department controls the published information, provides technical means of protection for office premises and equipment for working with information, forms a system for protecting electronic storage media and a set of technical means for controlling user workstations, takes preventive measures against unauthorized access to classified information.

An important role in ensuring the protection of commercial secrets is assigned to the personnel department. With the participation of information security specialists, HR specialists conduct instructions on how to observe security measures when handling information that is a commercial secret. The HR service also creates conditions for the systematic improvement of personnel skills in the field of data protection, checks employees suspected of theft or unauthorized disclosure of trade secrets, conducts explanatory conversations with employees who are fired.

Socio-psychological measures to protect commercial secrets

Organizational and legal measures to improve the security of information constituting a commercial secret are complemented by measures of a socio-psychological nature. Work with personnel is carried out in two directions:

  1. Qualified assessment of applicants for employment. Selection and appointment of applicants for positions by professional and moral qualities.
  2. Financial incentives for employees who consistently comply with the regulations for working with confidential information.

Competent selection of personnel and timely staff motivation provide up to 80% guarantees of successful protection of trade secrets.

Technical means of protecting trade secrets

In the conditions of "digitalization" of the economy, when business processes are transferred to electronic format, reliable protection of trade secrets is impossible without hardware and software for information security. For example, a DLP system protects businesses from misuse of commercially significant information in several ways:

  • controls all information flows and routes of movement of documents in the company;
  • examines the content of corporate correspondence and mailings;
  • notifies about violations of security policies;
  • helps to investigate incidents and prevent the leakage of valuable information.

Technical means of protecting trade secrets play an important role in organizing a company's security system. However, full protection of confidential data and successful business development is impossible without a full range of technical and non-technical measures.

23.11.2020