º¬Ðß²ÝÉçÇø

Businesses are more conscious than ever of safeguarding their trade secrets nowadays, but they tend to overlook the fact that customer information should be one of them. When considered as a trade secret, customer information is somewhat different compared with technical information. Yet even when a company is aware of this, the confidentiality measures taken may require a second look. This article examines how customer information of a company constitutes a trade secret, and suggests practical confidentiality measures.

Q: How can customer information qualify as a legally protected trade secret?

A: Generally, customer information includes critical details such as the client¡¯s business needs, purchase patterns and contact information, all of which, to some extent, decide the stability of a relationship between the company and client.

However, basic information such as contact details and general business needs is often publicly accessible through the client¡¯s official website or other public channels these days, making it difficult to establish the commercial value of such information on that basis alone.

Beyond such basic detail, client information that does qualify as a trade secret typically includes deeper insights such as business needs (e.g. procurement plans and preferences), purchasing patterns (e.g. contracts and documents of long-term business dealings), and market intelligence (e.g. the latest progress of a client¡¯s project, and competitor analysis).

Establishing long-term, stable client relationships requires a significant investment of time and financial resources for businesses. What appears to be straightforward or simple aggregation of data is, in fact, the result of continual collection, refinement and consolidation of internal records, which only come from long-term business dealings.

The data therefore reflects distinctive client characteristics and preferences. This level of in-depth insight is not readily available through public channels and can help a company gain a competitive edge.

In essence, infringement of a company¡¯s customer information as trade secrets occurs when the infringer bypasses the effort and expense that would otherwise be required to obtain such information in a legitimate and proper way, thereby reaping unfair market benefits and undermining the established competitive edge of a business.

Q: How can companies protect customer information while employees are on the job?

A: It is suggested to approach this issue from the following two aspects.

(1) Limiting access. First, the business should be actively aware of such customer information as their trade secrets, and clearly classify it accordingly. The confidential nature of such information should be emphasised through regular training and internal policies.

Second, the business should promptly enter into confidentiality agreements with employees who have access to customer information, alerting them to the fact that this constitutes a trade secret and that they are legally obliged to keep its confidentiality.

In the meantime, the business should strictly restrict the number of personnel who can access customer information and only authorise those whose access is essential. This approach can safeguard important company information and enhance client trust in the business.

(2) Encryption measures. The business may prohibit or restrict the use, access, storage, copying and other actions on designated computers and software systems to protect the information stored. Likewise, the scope of individuals who can access such information should be clear. The company can set access permissions at varying levels for different job roles to prevent unnecessary exposure of customer information.

In addition, files ¨C including electronic documents ¨C that contain confidential information such as customer lists and contact details should be clearly labelled: ¡°Confidential ¨C Do Not Distribute¡±.

In practice, businesses are not required to take extreme precautions regarding the information of their customers, as long as the confidentiality measures are demonstrably communicated and adequately robust.

Q: What precautions should the company take when employees depart?

A: When an employee bound by confidentiality obligations departs, in addition to proper handover procedures, the company should stay vigilant for suspicious behaviour such as unauthorised access to any confidential information.

The company should also have the departing employee return all confidential materials stored on their mobile phones or work computers. If necessary, the employee may be required to sign an employee separation agreement attesting to the deletion of customer information retained.

Q: What remedial actions are available if a former employee infringes the company¡¯s trade secrets?

A: The business should distinguish between an employee¡¯s duty of confidentiality and non-compete obligation. The former is an incidental obligation of the employee, which requires protecting any trade secrets he or she is privy to.

In addition, the duration of the duty of confidentiality depends on whether the trade secrets involved have been publicly disclosed. If not, the employee with knowledge of the trade secrets shall fulfil the confidentiality obligation both during and after employment.

Finally, whether or not the business has paid confidentiality fees to the employee, the confidentiality obligation remains enforceable.

Once a former employee is found to infringe the company¡¯s trade secrets, the business should promptly collect and preserve relevant evidence. If necessary, the business can engage professionals to secure evidence of the former employee¡¯s unauthorised retention of confidential material. It should also consult legal counsel to minimise losses and protect its rights and interests.

Alex Sun is a senior partner and Lu Yuqin is an associate at Ronly & Tenwen Partners