The Norwegian Trade Secrets Act came into force January 1, 2021.
In our May 2020 Technology Newsletter, we wrote about the new Trade Secrets Act. The Act implements Directive (EU) 2016/943 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. The Act came into force January 1, 2021 – time to refresh:
By David Brambani
The Act's intent is to strengthen the protection of trade secrets and make it easier for trade secret holders to enforce their rights.
In short the Act provides:
- A definition of the requirements to be met in order for information to qualify as trade secrets.
- Gathering of previously scattered provisions on protection of trade secrets.
- More detailed and expanded enforcement provisions.
- Increased protection against loss of control of trade secrets in connection with legal disputes.
Trade secrets may be especially important for small/medium sized companies and start-ups, as they often lack specialized human resources and financial strength to pursue, manage, enforce and defend registered intellectual property rights, such as patents.
In our experience, many such companies are however not sufficiently aware of the importance of establishing routines and measures to protect and ensure their trade secrets from becoming published or misappropriated by third parties, or even previous employees/contractors. In practice, this may turn out to be devastating to the value of such companies. Appropriate routines and measures obviously should be implemented.
The Act increases the requirement of activity from the trade secret holder - in respect of ensuring information being kept confidential. According to the Act, the trade secret holder must have implemented "reasonable measures" in order to keep the information confidential. The Act itself does not clarify what measures are considered "reasonable". According to the preparatory works, the specific circumstances must be considered. The holder must, on the basis of the measures taken, have a legitimate expectation that the information will remain secret. It will not be sufficient that the holder itself has not disseminated the information. The requirement for reasonable measures requires a concrete assessment of the circumstances of the holder. The measures taken should be considered both based on how the holder's operations are organized and on what risk factors it is natural to take measures against.
Based on the Act's preparatory works, trade secret holders can no longer rely on a previous Supreme Court judgement (Rt-2007-1841), where the court found it to be sufficient that the requirement of confidentiality could be extracted from the basis of the actual situation. On the contrary, trade secret holders must now be prepared for the courts requiring implementation of measures that substantiates the holders' expectations of secrecy.
It is timely for any business that has not established a clear trade secrets policy to at least consider implementing the following measures:
- Identify your trade secrets. If your company's management is not sufficiently aware of what information constitutes your trade secrets, then how can you expect your employees/contractors/joint venture partners etc. to handle them with the required care/confidentiality?
- Ensure that employees, contractors, counter parties are bound by sufficient declarations of confidentiality (NDA).
- Clarify your company's ownership to trade secret information in all agreements, such as employee agreements, contractor agreements, joint venture agreements, development agreements etc.
- Implement routines on restricted access to offices and documents where confidential information is handled.
- Consider to adopt a policy of no connections to public internet networks (Wi-Fi).
- Limit the number of personnel to be granted access to confidential information. Consider limitations on a need to know basis.
- Mark documents containing trade secrets as "CONFIDENTIAL".
- Consider holding employee lectures on how to handle confidential information on business trips, use of passwords, encryption, bringing confidential information home etc.