Professional Strength Trade Secret Audits – Part I
By Steve McDaniel, JD PhD;
Jon Hurt, PhD; & Beth McDaniel, JD
Technology Litigators
Regardless of whether you have conducted a DIY trade secret audit (good idea) or not (not good
- asking for trouble), you should consider
finalizing your trade secret protection
with a professional third party audit.
Why? Because having your security and
legal procedures in place is not the same
as putting them through the gauntlet of
full-on attacks to see if they hold together
and keep your valuables safe. That’s
where outside third party experts come
in—to give your systems a swift, hard
kick, or three—and tell you what weak-nesses still need improvements.
There are two main goals of a professional audit. The first is to insure your
procedures are strong enough to discourage and/or prevent a trade secret theft
under “real world” attacks, though foolproof or absolute security is not legally required; and the second is to use the
documentation of these procedures to
provide ammunition in court to quickly
and decisively stop any breach, i.e., get an
injunction, and recover damages.
During a professional audit, your phys-
ical and electronic security will be put under
the gun. From the outside looking in, for in-
stance, hackers will test whether your sys-
tem’s firewalls and password protections
can be breached and whether confidential
information such as customer lists and tech-
nology data can be obtained. Often com-
mercial stores hire “mystery shoppers” to
evaluate the performance of sale personnel
and the quality of products. A trade secret
audit may also use a “mystery shopper” in
the form of a faux potential client, cus-
tomer, vendor, or employee to evaluate se-
curity at places where trade secret
information may be utilized outside of a se-
cured fixed location, such as a trade show.
The mystery shopper would then try to ob-
tain trade secret information from an em-
ployee while “on the road,” and again
report back on the strength of security.
portfolio, particularly in filed but unpublished patent applications that would disclose trade secrets upon their publication,
and suggest options as how to proceed for
optimal intellectual property protection.
Such an evaluation would likely include in
depth interviews with your inventors,
trade secret creators, corporate counsel,
managers, and IT, security and human resources personnel to help delineate the
separation of your IP into the two categories, and honing your procedures for
keeping the two separate and secure.
Clearly auditing both types of assets will
also allow their application in determining your business’s value and enhancing
your balance sheet.
Though an open review of security
procedures will often identify weak areas
for improvement, a more stringent test
can be applied. A professional trade secret
audit may include a “mystery employee”
hired to work at a company to see if trade
secrets, whether access was given to the
employ or not, can be downloaded,
copied, emailed, obtained in conversation,
or otherwise removed from secure locations, and the effectiveness of the procedures in place to prevent or determine if a
security breach occurs. If someone suspects that a colleague has misappropriated
