To much fanfare, Apple has just released the iPhone XS, XS Max and XR. However a matter of hours before the launch, Apple’s own website seemingly leaked key features of the new products including their names, colour and storage size (a key feature of the new products). A City Law Firm looks at what steps big tech companies like Apple would have had in place to keep their new products and designs secret, what you can do to protect your business and products in a similar way and what you may be able to do if things go wrong.
The biggest potential risk for any business and it’s confidential information is its staff/consultants.
Apple, the first trillion dollar company, highlights that this risk affects all companies regardless of whether or not they have sophisticated processes and procedures in place. Apple’s leak appears to have arisen from its developer posting technical sitemaps to its website which identified key features of the new products.
What can you do to try and prevent such a leak? It is important that you put in place proper procedures, which, if breached, have serious consequences. This may act as both a deterrent against deliberate breaches and ensure you can take action if there is a leak. This would include a contract, NDA, staff/third-party policies, a supervisor to monitor and engage people, right to check emails and record calls, valuation of the losses and breaches clear from start to finish.
The first thing any business should do is operate strictly on a ‘need to know’ basis; the fewer people who know or can access your confidential information the better. The time, money and resources you put into building a product may all be for nothing if your sensitive commercial information is released too soon or to the wrong person (such as a competitor who could take any first-mover advantage). You should periodically conduct an audit of your confidential information, who has access to this and the protection you have in place. Cybersecurity is much talked about and proper technical and management structures need to not only be installed but reviewed and monitored regularly.
Secondly, for all staff, whether these are your employees, contractors, sub-contractors or even fellow directors and co-founders, ensure you have carefully drafted contracts specifically protecting your confidential information. You should ensure it is a gross misconduct event if a member of your team divulges confidential information without authorisation. To be safe you should only ever authorise staff to release your confidential information with your written permission. For contractors and subcontractors, if they cause your confidential information to be compromised, their contracts should permit you to immediately terminate them and to seek compensation and loss.
Remember, once you disclose any confidential information to a member of the team you are arming them with your USP. It is only a short leap for a disgruntled member of the team or even co-founder to take your idea and set up in competition. They may even know your launch timeframe, so seek to release a competitive product before you or to undercut your prices. You need to ensure therefore all your contracts have detailed restrictions limiting what team members (or anyone to whom you have disclosed or may disclose any confidential information) can do whilst they are employed by you and even for a reasonable amount of time afterwards. Restrictive covenants prevent disclosure, poaching staff, using your know-how and even working for a competitor. You might want to specify that they can’t work with any of your customers too, or any other member of staff or in the same sector as you.
You should also specify what someone can do with any of your business’ confidential information post-termination. You may want someone to destroy this information and promise not to use it, or you may want it all returned to you (or you may want both). You should also ensure your business’ confidential information is properly defined within the agreement. We have seen numerous businesses using standard template documents which fail to properly include specific confidential information for their business; for example, this may be investor details, specialist suppliers, code, price lists, or blueprints.
You should ensure you have in place a properly drafted non-disclosure agreement (NDA). These are truly the marmite of the commercial world, with many taking the view they are not worth the paper they are written on. This isn’t necessarily true. It is true that these are often costly to enforce and take someone to Court and that once you come to enforce an NDA, your information has already been released.
It’s often seen as shutting the stable door once the horse has truly bolted. However, a properly prepared NDA acts not only as a deterrent against non-disclosure, but it can aid any proceedings against someone who leaks your confidential information. It is also a must if you are registering a patent as evidence of your attempts to keep this information confidential, as discussed below.
Under English law, there is general protection against a breach of confidence. This is, however, a difficult action to bring. In short, the law allows someone to bring a claim where confidential information has been disclosed to someone and they seek to use it for their unfair commercial advantage. However, to bring the claim you need to be able to show that the information was confidential; when it was shared there is a duty of keeping it confidential and that information has been used to your detriment. A properly drafted NDA will address all of these points so a business owner can pursue not only a breach of confidence claim but a breach of contract claim.
In June 2018 the Trade Secret Directive came into force. This is the first time the EU has sought to harmonise the protection of trade secrets in Europe, perhaps signifying the significant importance of trade secrets to modern businesses. However, for protection the information has to fall within the definition of a trade secret, being in essence secret and with some commercial value, and be subject to reasonable protection measures. Putting in place a properly drafted NDA means you can specifically confirm the information is secret and has commercial value. Further, the NDA itself is a protection method you have put in place, plus it can also specify other protection measures you expect for the trade secrets you are disclosing.
Finally, an NDA should always be in place for anything where you are looking to secure patent protection. In fact, any patent application can be rejected on the basis it is in the public domain. It is fundamentally important that confidential information about your product is not leaked prior to an application. The cost to your business, essentially voiding any patent application can be monumental.
Protecting your intellectual property
At the heart of any product, and for most businesses, is its intellectual property. Having in place proper intellectual property protection can protect your business against leaks of confidential information. If you have taken proper steps to protect your ownership rights you can seek to stop someone utilising your confidential information and copying your product or materials, if this happens you can recoup your losses and close them down.
You should carefully consider whether any product is capable of registrable intellectual property rights such as patents or design rights. You should also take steps early to trademark any brand names so you can shut down someone who may later seek to use the same or something similar.
Finally, whilst it may seem obvious you need to make sure that you actually own your confidential information to enable you to protect it. All your documents should properly transfer all intellectual property rights to you, including any copyright materials from its author to your business. Aside from employees, the general principle is that any copyright is retained by the author of that work unless there is a written transfer. This is generally irrespective of the amount you paid for it or that you commissioned the work. Many overlook this for designers and they seek to retain ownership, where a dispute arises over fees, causing many business owners issues.
What can you do if there is a leak?
This largely depends on whether or not you have in place proper documents in advance. If you do not have the proper documents you will have to rely on the duty of confidence to protect your confidential information. If you have documents you can enforce these documents.
If there is a threat that your confidential information may be leaked you may want to consider an injunction. This is an emergency decision of the Court. For example, you may want an injunction to stop someone from using any of your confidential information if you learn that they may be about to launch a copy of your product. Due to the urgent nature of an injunction, the costs tend to be quite high, which usually prevent a lot of people from taking this action. If you are Apple, however, an injunction, passing-off claim, infringement claim, breach of confidentiality and freezing order you would anticipate is to follow.
Finally, if someone steals your confidential information you may be able to sue them for your losses. Without proper documents, this is often difficult to succeed.
It is very important that you carefully put in place proper procedures and documents to protect your confidential information. Prevention is always better than cure and having properly thought out procedures and documents protecting your specific confidential information which are regularly reviewed to remain relevant acts not only as a deterrent but gives you a fighting chance of a remedy should the worst happen.
Karen Holden is founder of A City Law Firm