Out-Law / Your Daily Need-To-Know

Protecting confidential information and trade secrets

Out-Law Guide | 02 Apr 2020 | 4:05 pm | 3 min. read

Confidential information and trade secrets can be amongst the most valuable assets a business owns. A competitive edge in the marketplace may rely on a business having certain information which its competitors do not.

In the UK there are two overlapping regimes which seek to protect valuable business information. Information may be protected under the common law as confidential information. Alternatively, information may fall within the definition of a Trade Secret under the Trade Secrets (Enforcement, etc.) Regulations 2018. There is considerable overlap between these two regimes, which provide for a range of remedies for information holders when their protected information is unlawfully obtained, used or disclosed. These regimes are complementary to intellectual property rights protection, for example information which is confidential may also be protected against copying by copyright.

This guide explains the circumstances in which legal protection under the two regimes will arise, and sets out some of the practical steps that can be taken by businesses to safeguard their valuable information.

When will information be protected as confidential information under UK common law?

Almost any information can be protected as confidential information under UK common law, provided it satisfies the tests described below.

There is a three stage test under UK law for determining whether information is 'confidential information'.

(1)There must be a 'quality of confidence' to the information.

The information must be objectively confidential, and not just treated or labelled as confidential by the holder. A court is more likely to be satisfied that the information has the necessary quality of confidence if the holder of the information can show the steps taken to maintain its secrecy; marking it as 'confidential' could evidence these steps. Some forms of information may be easily recognisable as confidential. For example, a business strategy, secret formula, algorithm or industrial process that is important to the business and known only to a select few individuals. In contrast, information which is based on data that is already publically known or is widely shared will almost certainly not be confidential.

(2) The information must be provided in circumstances giving rise to an obligation of confidence.

This test requires an assessment of whether the receiver of the information knew, or ought to have known, that the information imparted is confidential, and that they were under a duty to keep it secret.

This may be proved by reference to a contractual obligation which has been imposed on a party receiving confidential information, typically via a non-disclosure agreement.  However, an obligation of confidence can sometimes arise automatically from the circumstances of the disclosure or the relationship between the parties. For example, an obligation of confidence is implied where confidential information is disclosed by an employer to an employee.

(3) There must be unauthorised use or disclosure (actual or threatened) of the confidential information which has or will cause a detriment to the information owner.

The use of the confidential information will be unauthorised where no permission has been provided to the recipient to use or disclose the information, or if the information was disclosed for a particular purpose and has been used for another unauthorised purpose.

Importantly, the confidential information must also have been used in a manner which may cause a detriment to the information holder. Where the information is not widely known, mere disclosure of the information may be considered sufficient. However, where the information is based on reverse engineering or constructed from publically available data, it may be necessary to show that the information has provided a 'springboard' competitive advantage to the recipient over others.

The High Court in the case of Kerry Ingredients (UK) Ltd v Bakkavor Group Ltd [2016] considered the application of this test.

Kerry Ingredients was a food manufacturer who supplied Bakkavor with edible infused oils. Kerry had provided certain product information to Bakkavor in order to comply with food safety and labelling requirements. This information had, however, been used by Bakkavor to develop its own competing products.

The Court found that the information was confidential, and had been provided to Bakkavor for the specific limited purpose of complying with regulator requirements, and should not have been used by Bakkavor as a springboard to develop alternative competing products. The Court held that Kerry was entitled to damages, and granted an injunction preventing Bakkavor from using the information.  However, the injunction was time limited given that the ingredients of the infused oils could have been 'reverse engineered' by examination of the publicly available products.

What are trade secrets?

The Trade Secrets (Enforcement, etc.) Regulations 2018 (the Regulations) were introduced to comply with the Trade Secrets Directive, a piece of EU legislation which sought to harmonise the protection of information from misuse across member states. As the UK has implemented the Regulations into national legislation the rules will continue to apply following Brexit.

Trade secrets are defined under the Regulations as any information which;

(i) is secret, being not generally known,

(ii) has commercial value because it is secret, and

(iii) has been subject to reasonable steps to keep it secret.

There is currently limited guidance as to how this test will be applied in practice.   However, the third limb of the test is likely to be the most significant.  This will require a business to show that it had suitable measures in place to document and maintain the secrecy of its information.

There is a significant overlap between the test for a trade secret under the Regulations and the existing test in the UK for what amounts to confidential information. Trade secrets may be protected under both regimes, which are intended to operate in parallel.

However, a major difference between the common law protection of confidential information and the protection afforded trade secrets under the trade secrets regime is that unlawfully obtaining trade secrets is actionable without the need to show that the trade secrets have been either used or disclosed. 

What remedies are available for unlawful use of confidential information or trade secrets?

There are a range of remedies applicable where a company's confidential information or trade secrets have been unlawfully obtained, used or disclosed. A wronged party may apply to the court for:

  • an injunction – an injunction may be granted preventing a party from using the information, and may also require the infringer to take certain other actions, such as to recall or destroy infringing goods;
  • compensation - a wronged party may be granted compensation which will usually be awarded with reference to the amount of royalties or fees the infringer would have needed to pay to use the information;
  • damages – damages may be awarded to cover any reasonably foreseeable negative economic impact of the infringers actions; or
  • an account of profits – instead of damages a wronged party may seek to claim the profits generated by the infringers use of the information.

When bringing a claim certain steps can be taken to prevent protected information from being disclosed in open court. This can include sealing the court file, having hearings in private and implementing a confidentiality club between the parties. These measures will usually be necessary to prevent the trade secrets or confidential information being disclosed to the world during proceedings, which would undermine the purpose of bringing the claim.

How can information be protected when shared with others?

Confidential information may be disclosed in many circumstances. For example, when discussing business proposals with clients, using employees to carry out work, engaging third party contractors or communicating business information to suppliers. The disclosure may take place face-to-face, over the telephone, by email or over the internet. Businesses should always consider the methods used when providing information to others, and assess what measures may need to be taken to ensure the information remains secret.

One way of maintaining the secrecy of information is by imposing specific contractual obligations on intended recipients. It is crucial that businesses impose these obligations before disclosing confidential information. Such obligations should be clear and appropriate to the information concerned and should address the purposes for providing the information. Measures to allow for the monitoring of the recipient's use of the information, and the return of the information after the relationship has ended should also be included.

Confidentiality agreements are an important tool in protecting information used by a business. However, they should not be solely relied upon. While such agreements should allow for a contractual right to an injunction and a claim for damages in the event of the wrongful use or disclosure of protected information, the compensation awarded may prove to be too little too late if the knowledge underpinning a competitive advantage has already been disclosed to competitors.

Accordingly, businesses should continue to restrict access to confidential information and trade secrets on a need to know basis, and should not share such information widely.

Employees and protected information

Employees automatically have duties to their employers to not knowingly misuse or wrongfully disclose their employer's protected information. These obligations are also often expressly confirmed in their employment contracts.

However, if an employee leaves a business, the business may be less well protected. The UK courts will generally only protect the most important information of a business, and will often be reluctant to restrict ex-employees from using less business critical information.

What other practical steps can be taken to protect information?

It is essential that businesses have in place robust measures to protect their trade secrets and confidential information. Reasonable steps that could be taken by a business may include:

  • Identifying any confidential information or trade secrets within the business, and creating a register to monitor ownership or control;
  • Limiting the use and disclosure of protected information to persons on a need to know basis;
  • Making use of non-disclosure agreements with third parties before disclosing protected information;
  • Ensuring that the company has a confidentiality policy in place, and that employees receive regular training on it;
  • Physical and electronic security to ensure that protected information is stored in a secure manner, in accordance with appropriate industry standards; and
  • Having an action plan in place in case protected information is lost or unlawfully disclosed.