How can companies best safeguard their confidential information and competitive edge? Excel V. Dyquiangco explains how a trade secret programme can benefit your company.

 

A well-designed trade secret programme is an essential component of a company’s intellectual property strategy, providing a systematic framework to protect the valuable confidential information that gives a business its competitive edge. Unlike patents or copyrights, trade secrets – which can range from the formula for a soft drink to a complex algorithm or a client list – derive their unique value precisely from their secrecy.  

But how do you establish a trade secret programme that moves a company from a reactive to a proactive stance?  

According to Ronald JJ Wong, deputy managing director of Convent Chambers in Singapore, the most critical step is to show that the information was not only inherently valuable or secret but also treated as a trade secret which was proactively and significantly secured. 

“This includes a combination of physical, digital and contractual safeguards such as secured physical access, password protection, multi-factor authorizations, data encryption, role-based access control systems and policies (on need-to-access basis), clear express markings on documents, and robust confidentiality clauses or non-disclosure agreements (NDAs),” he said.  

For Edward Chatterton, a partner at DLA Piper in Hong Kong, the first step is to understand what information can qualify as a trade secret.  

“While definitions vary across jurisdictions, the core principle is consistent: any information that gives a company a competitive advantage qualifies as a trade secret and can be protected. This may include highly confidential technical materials such as source code, or more routine commercial information such as supplier lists, customer databases, or board minutes. Every business possesses trade secrets – though the exact types will differ with the nature of the business,” he said. 

“Legally, the decisive factor is whether the company has taken ‘reasonable steps’ to maintain secrecy. This is the single most critical step in establishing and protecting trade secrets,” he explained. “While what counts as ‘reasonable’ depends on the circumstances, there are clear best practices: incorporate confidentiality clauses into employment contracts; restrict access to trade secrets on a strict need-to-know basis; and provide regular training so employees appreciate the value of trade secrets and how to treat them.” 

“When disclosing confidential information externally, always use NDAs, check how recipients intend to manage the information and disclose only what is essential. Due diligence is key – especially when working with contractors or suppliers that may use generative AI (GenAI). Businesses should understand whether and how sensitive data might be exposed and investigate if potential partners have experienced prior information leaks,” he said.  

In using generative AI 

In using generative AI, Wong said that businesses should implement a clear and context-specific generative AI usage policy. “This should also be implemented alongside a general device and technology usage policy and system, such as a mobile device management system and a personnel control system, which ensures only company-issued, white-listed devices and applications are used by their personnel.”  

He said: “White-listed generative AI systems adopted should be enterprise-grade with the appropriate data use, security and encryption settings.” 

Chatterton, meanwhile, said that while generative AI offers immense opportunities, it also introduces new risks. “A single careless input of confidential data into an AI tool can compromise trade secrets, and once sensitive information is used as training data, it cannot be retrieved. Employers must therefore strike a careful balance: how to capture GenAI’s potential while safeguarding the company’s most valuable data,” he said. 

According to Chatterton, the priority is a robust company AI policy. “Courts may view such a policy as a requisite step in establishing that the business took ‘reasonable measures’ to protect its trade secrets. The policy should define who can use AI systems, which tools are authorized, and under what circumstances they may be used,” he said. 

Equally important is clarity about the company’s “crown jewels.” “Once identified, companies must know how this information is stored, who can access it, and how it is managed. DLA Piper’s Trade Secrets Scorebox – an online tool developed by the firm – can help organizations benchmark trade secret maturity across awareness, governance and implementation,” he said. 

He added: “Even the most sophisticated companies often discover weaknesses only after something goes missing. Regular audits, combined with strong physical and technological safeguards, reduce this risk and build resilience. With most data now stored digitally, misuse is easier than ever, making proactive assessment and timely updates indispensable.” 

“Preventive measures need not be complex: a clean desk policy, locked storage (physical and electronic), restricted circulation, and numbered or labelled copies for highly sensitive documents,” he noted. “In facilities where trade secrets are ubiquitous, such as factories or laboratories, strict sign-in/out protocols for staff and visitors are also essential. Technology is a powerful ally. Firewalls, encryption, password protection and activity logging restrict access to those who need it while creating evidentiary trails. Restricting the use of personal clouds, removable devices or unsecure external platforms adds another line of defence. Proactive monitoring tools can flag unusual behaviour, enabling quick action before problems escalate. All such measures should, of course, operate within applicable data protection and privacy laws.” 

“Trade secret protection demands foresight,” he said. “Companies should maintain up-to-date policies, establish a baseline of ‘normal’ activity, and act quickly when irregularities appear – rather than waiting for a leak to force a response.”  

When an employee leaves 

When an employee leaves or gets terminated, Wong said that all access to devices, accounts, servers and physical premises should be swiftly revoked or terminated. 

“Ensure all company-owned devices are returned and analyzed,” he said. “If there are certain higher risks of data leakage, especially if the employee is heading to a competitor, devices should be forensically imaged and audited. Depending on the terms of the existing applicable policy, inspection of the employee’s personal devices and accounts may be undertaken.” 

He continued: “At the exit interview, require the employee to confirm in writing their acknowledgement of their ongoing confidentiality obligations, and certify that they have returned all company assets and haven’t retained or disclosed or misused any data.” 

“For higher risk cases, review the employee’s activity logs for any unusual behaviour, such as large data downloads, transfers to thumb drives or external hard disks, or emails sent to personal accounts,” he said.  

According to Chatterton, an effective exit process is critical to trade secret protection. Companies should: 

• Have and consistently follow a clear exit policy. 

• Conduct an exit interview to remind employees of their ongoing confidentiality obligations. 

• Ensure the return of all company property, including laptops, phones and storage devices holding sensitive data. 

• Identify what trade secrets the employee has had access to and immediately terminate that access upon departure. 

“Monitoring during notice periods – within the boundaries of data protection laws – can also be prudent. Irregular hours or unusual IT activity may indicate attempts to remove confidential information,” he said. “For senior staff or those with access to the company’s most valuable information, consider garden leave where permissible. Know where they are going, and if it is to a competitor, monitor the competitive landscape after their departure. Review contractual restrictions, enforce them if necessary, and be prepared to take action against both the departing employee and their new employer if evidence of misuse arises.” 

“Ultimately, prevention is more effective than cure,” he noted. “Regularly educate employees on the importance of trade secrets, set clear expectations for how they should be handled, and monitor for unusual behaviour before a departure becomes a threat.”