Tech Disputes Webinar - Trade Secrets

DW:  Well good morning and welcome to our webinar on Trade Secrets which is the latest in our Tech Disputes series. My name is David Wilkinson, I head the IP Practice at Ashurst in London and I am going to be chairing this morning's session. 

I think it's fair to say that the protection of trade secrets has never been more important. We have had the rise of tech based industries and they have at their heart highly confidential information. We all know how it is incredibly easy for an employee to email trade secrets out of a business to a personal account or perhaps simply to walk out of the building with trade secrets on a memory stick. And we frequently read reports about corporate espionage, some of which is state sponsored. Meanwhile the EU has recently attempted to level up trade secret protection amongst the member states with its 2018 Trade Secrets directive.

So this morning, we are going to be focussing on three areas. First of all, Trade Secrets and employees; secondly Breach of Confidence actions before the English courts; and thirdly evidence and forensics in Trade Secret cases.

To discuss those issues, I am delighted to welcome our panel of speakers, each of whom have extensive experience of different aspects of Trade Secret disputes. So from Ashurst employment team we have Partner, Ruth Buchanan. Ruth frequently advises on confidential information and restrictive covenant clauses in employment contracts and I have recently been working with her on two interim injunction applications involving former employees and trade secrets, so good morning Ruth.

RB:   Hi to everyone

DW:  Then from Ashurst IP team we have got Counsel Don McCombie and Don has been involved in several large breach of confidence actions involving technical information and he is very familiar with the pitfalls which lie in wait for the unwary in cases of that kind, so good morning Don and it is nice to have a look into your kitchen.

And then finally from FTI Consulting we've got Managing Director, Ian Smith. Ian has over 20 years' experience of digital forensics and issues such as data preservation, analysis app and review in fraud cases, competition cases and IP cases, good morning to you Ian.

IS:  Good morning

DW:  Just one housekeeping point before we begin, we are planning to have some time for questions at the end of the session so if you've got some burning issues which you would like to put to the panellists please do send them through on the chat box and we will deal with as many of those as time permits. 

So, first of all Ruth, if I could turn to you please. I have been handling trade secret cases myself for over 20 years and thinking back on that period I reckon that in at least half the cases the dispute has arisen out of an employment context and the classic scenario that you will be familiar with is where an individual or a team leaves to join a competitor and the employer subsequently discovers that they have taken confidential information with them and sometimes that can even be crown jewel trade secrets so the most important things as far as the company is concerned. So my first question to you is, what are the best ways of protecting your trade secrets in employment contracts?

RB:  I think the first point to note is that regardless of what is actually written in an employment contract employees are actually subject to an implied duty of fidelity and one of the most important aspects of that duty is their obligation not to disclose confidential information or trade secrets to third parties during the course of their employment and to that extent confidential information actually does have, does employ, quite a substantial protection during the currency of the employment contract but the situation becomes different once employment has terminated. 

After termination of the employment contract the general rule is that implied duty of fidelity derives only to the extent of protecting information that is deemed to be a trade secret. So therefore, what you find is that employers who want to do their best to protect confidential information that doesn't amount to a trade secret, but also to be clear about exactly what they deem to be a trade secret within their business, we need to rely on express contractual terms in the employment contract so that these endure beyond termination. And that will obviously give clarity to the employees of what their obligations are and also helps the court to identify what is actually their trade secrets and confidential information of the business. There is obviously very, you know, obviously preferable to have and to seek to enforce an express term, and the other thing that can be relied on and is not just an express confidentiality provision but also a non-compete covenant, so that is a restraint which actually curtails an employee's ability to work for a competitor or to set up a competing business for a set period of time after they've left your employment. Now these are the most difficult types of covenants to enforce because they do potentially prevent somebody from earning a living but they can be a really effective remedy if you feel that the only way really to protect your business is to keep the employee out of the market.

DW:  So just picking up on what you say about post termination restrictive covenants, I did read last week that the Government is consulting about reforming the law in this area. Is there anything you can share with us about that?

RB:   Yes, so it is obviously surely timely for our session today. Where the consultation I think comes from is a desire by the Government, coming off the back of the really turbulent impact that COVID has had on the economy, the Government want to consider all of the potentially available options to enable people to be able to start new businesses and to find new work and so last week they launched this potential reform of post termination non-competes in employment contracts. It's just in consultation at this stage and that consultation goes on until the end of February next year. Unfortunately, a reminder this consultation is only about those non-compete restraints that I mentioned, it is not about other reforms of restraint like confidentiality provisions or non-solicitation covenants. And this idea is not completely new. So back in 2016 the Government did publish a call for evidence on this subject, on the pros and cons of non-compete, but at that time the Government decided not to seek any further action. Now what they are doing is consulting on options to reform non-compete clauses. They are particularly interested in views about making employers provide mandatory compensation for the period of time that you want to restrain the employee for and that would be combined with an obligation on the employer to explain to the employee in writing the effect of the covenant, and if an employer didn't do that then the restraint would potentially be void. The other alternatives that they are potentially thinking about are putting statutory restrictions on how long those covenants could last for and also, you know, the most major potential is that they are thinking about potentially banning non-compete covenants altogether and the Government's approach very much in the consultation seems to be that they think that that could have a positive effect on innovation and competition and labour mobility.

DW:   Thanks for that. Obviously that's not in force yet, it's still at the consultation stage and the long established principle that we have to deal with at least for the time being, as I understand it, is that restrictive covenants have to be no wider than reasonably necessary otherwise they are void and unenforceable. So as someone who drafts restrictive covenants on a regular basis, what are the most common mistakes that you come across when looking at covenants and, you know, perhaps covenants that have been drafted by other employers that come across your desk?

RB:  Yeah, I mean there is nothing more unpleasant than sitting in front of a Barrister while they pick over the restrictive covenants that you drafted and it's a really difficult area. I think the most common things that we tend to come across are not limiting the non-compete covenants sufficiently so they only prevent the employee going to work in what is a genuinely competing role. I think employers often become unstuck by drafting their non-competes so widely that they prevent someone leaving to work for a competing business in any capacity. And I think linked to that also is this desire for employers often to take this kind of one size fits all approach across their business so a lot of employers just have one set of standard covenants that they just apply across the board, but it is really important to spend the time adapting your covenants, particularly for those people who are senior or a business principal. And I guess the final point I note is that it is quite important to regularly refresh your covenants. When courts are considering the reasonableness of restrictions they only really have regard to the employee's position and their seniority at the time that the covenants are entered into, not subsequent promotions. So, ideally you don't want to be in a situation where you've left the covenants for such a long time where somebody is hired as a very very junior member of staff and then they become very senior or critical but you're left with covenants that were from 10 years ago or something like that.

DW:  So let's suppose that a business is in recruitment mode and it's just made a very promising new hire, and then they found out that the person in question is subject to restrictive covenants. What would your advice be in that scenario? Should they still hire them? Should they walk away? Should they run the risk and fight it out? What would your advice be?

RB:  Yes, it's always a tricky one. What we normally recommend even before getting to that stage as best practice is, when you're drafting your offer letters or your employment contracts for new starters, make sure that you include a warranty from the individual that they aren't subject to any form of restriction as that helps to flush out these issues. Or if, for example, they joined and they actually hadn't disclosed the fact that they were subject to a restraint until after they were employed, you've also got a potential route to terminate their employment. In terms of whether or not you should still hire them, that comes down to a bit of a balancing act. Whether somebody is in breach of their restrictive covenants not just an individual issue… [inaudible] …an issue for that individual employee, a recruiting employer can be sued for inducing a breach of contract and often that is the route chosen by an employer, by the employing company with the restraints, because new employers they'd have deeper pockets. But if your view after reviewing the covenant is actually the individual either wouldn't be in breach you think of that covenant, or you think it is clearly too wide to be enforceable, then you may still be comfortable with continuing with the offer. 

DW:  Yup. And then looking at the issue from the other end, if you suspect that one of your own employees has walked off with confidential information, what should you do about it? What steps would you recommend in that scenario?

RB:  Obviously my first step would be to call you and to call Ian! But the steps you take are really going to depend on the circumstances. As you said at the beginning of the session David, we regularly find ourselves in a situation where employees have started to act suspiciously, say they might have lots of time blocked out in their diary where they haven't really given a clear explanation as to what that's for, you know, long periods of unavailability, might have contacted clients without their manager's knowledge, you have knowledge of kind of really close relationships with people who have moved to competitors or are setting up a competing business, when we are in the office, lots of photocopying or taking stuff home with them. And I think what we often find is that employers have an initial instinct to confront the employees or to immediately suspend them and get them out of the business. But I think before doing that it is actually quite important to take a breath and consider what steps you take without alerting the employee. You will be able for example to monitor an employee's email communications or their diary entries if you've got a reasonable suspicion that they have engaged in, you know, improper conduct and ideally I don't think you want to…you don't want to tip them off so that they've got the opportunity to kind of get rid of the evidence of what they've been up to. And Ian will obviously come on I'm sure to talk about the array of forensic tools that can assist you with finding out what the employee has done. And I think the other thing to bear in mind is, thinking about what I said earlier on, you don't want to rush to judgement on terminating an employee's employment because actually your ability to enforce restrictive covenants might actually be zero if the person is still with you in employment. 

DW:  Yeah I would just echo that Ruth, that it is important to take advice before jumping in and firing someone or whatever, so that could make a lot of difference in terms of evidence gathering. And the other key point from a litigator's perspective here is that you've got to act really quickly and not sit on it because often the best remedy in these circumstances is an interim injunction and delay can be fatal to that so I think as soon as an employer gets a whiff of, you know, confidential information might be walking out the door, I would suggest taking advice straight away on it if they suspect there might be a serious problem. So thanks for that Ruth. I'll just move on now if I may to Don. And let's suppose that we're well past the pre-action stage and a trade secret dispute has actually commenced. What's the first thing from your experience that you need to do when drafting a claim for breach of confidence? 

DM:  Hi David. Yeah, thanks. Well the first thing you need to do is identify exactly what information is factually confidential. So sometimes that's easy, for example, if you're a software company and one of your developers uploads a source code to a private dropbox account, as long as that source code hadn't previously been made available, you would identify that source code as the confidential information and you'd claim it. As I said, that's an easy case, sometimes it's a bit harder. So in one case I did involving silicone chip designs, the claimants in that case couldn't decide whether they were relying on the overall design of the chip as being the confidential information or whether there were just individual components or features of the circuits or how they were linked together, so the circuits' quality without looking at components, or they weren't sure whether it was knowhow as well, whether it was related to the chip and how to construct it and how to design certain features. They tried to argue each of those at different parts of their case, and they amended their claim five times before the case finally settled. And it became a bit of a mess really and we were acting for the defendant there so it was quite good to see the claimant making a bit of a mess of things. In general, if you can't clearly articulate what information is confidential, you are likely to face problems and end up with issues on claiming, so it's really important to define and just try before even starting your claim, to make sure you know exactly what information is confidential. 

DW:  You say identifying the confidential information but it seems to me that might be quite a hard thing to prove, so how do you show that the information you're relying on is in fact confidential at all?

DM:   Yeah, that depends on the nature of the confidential information and issue. So using the source code example, it's quite easy normally to show that software code written by an in-house developer which is never released to the public is confidential. You'll probably be able to establish that relatively easily. And it's worth noting that if you can't really define what you're relying upon, it's quite hard to show that it's actually confidential because you can't point to a concrete thing. But if information was already in the public domain at the date of the alleged misuse, it will lack the necessary quality of confidence required for a breach of confidence claim. Just because elements of the information are in the public domain, that doesn't necessarily mean that the information as a collection of information is not itself confidential overall. So, for example, information about an investment opportunity can be confidential. Analyst reports might be based entirely on public information but the collection and arrangement of the information and the analysis and recommendations arising out of the report may well be confidential and as a whole, justify the protection of that report as confidential information. And the same goes for databases which might… the individual bits of information within the database might be public but the database itself can be protected as confidential information in addition to other IP rights and databases. The other point is that you're also free to reverse engineer products on the market. This was part of our defence in the silicon chip case that I mentioned earlier. In that case, one of our arguments in defence was that the chip that our client was alleged to have copied had been sold in huge volumes for years. Now the claimants' leading counsel actually in that case at the case management hearing stood up in court and explained to the judge in very flowery terms why the laws of physics meant that it was impossible to reverse engineer these chips, and this they said meant the design was still confidential, even though it had been sold in the market, and they said that that confidential information was worth tens of millions of dollars. Now then our barrister stood up and delivered possibly my favourite moment ever in court which, when he delivered the news that not only did we accept that it was possible to reverse engineer these things in theory, we'd actually done it. So we had engaged a Taiwanese company to do it for us, and rather than the information being worth tens of millions, it had only cost us $30,000 to reverse engineer it and get all the information that the other side said was confidential. So the atmosphere in court changed a little bit after that and we lead to a settlement a few months later. But that's where the divide between the public domain and confidential information is not always crystal clear and there may be issues like that which affected the dynamic of the case. 

DW:  I said in my introduction that there are many traps to be unwary in breach of confidence cases, but are there any aspects of it that are actually pretty simple, pretty straightforward?

DM:  Yeah, this one is probably a nice short answer. In most cases, particularly involving commercial parties, it will often be quite straightforward to establish that there is an obligation of confidence. So a lot of the time there will be a contract, so if you're dealing with that, you'll often have a non-disclosure agreement in place so that's kind of a nice simple way of establishing an obligation of confidence. Similarly, in many many commercial agreements there will be contractual obligations of confidence and also in employment contracts, a similar thing. So of course you can have equitable obligations of confidence that arise totally separately from contracts but I would say, in the vast majority of cases that I've done, the cases are founded on contracts and that bit of the case doesn't cause that much trouble typically. 

DW:  Yep, so if proving that an obligation of confidence exists is normally pretty straightforward, what's the most difficult bit?

DM:  I would say that proving that there's actually been a misappropriation and showing that a breach has actually occurred, that's always the, well normally, the trickiest bit. And it's rare at the outset of a case that you will have a complete smoking gun that just proves things outright. More often than not you will have some facts that make it look really bad, that make the defendant look really bad, and that will raise the inference that information has been taken and misused. So sometimes you might be able to show that someone has plugged in a USB stick and downloaded chemical formulae or clinical trial data but, even then, you might not know how the information has actually been used by the person that took the information which will effect things like damages and a liability can follow on acts of misappropriation and whether then they are still using the information, so whether you are justified or whether it's proportionate or even sensible to seek an injunction. Often these things won't be entirely apparent until disclosure and that's why evidence, and these days digital evidence and forensics are so important, which leads us on to the next speaker. 

DW:  Yeah, well thanks Don, that's a very good link! And Ian, if I could bring you in. As Don says, in almost all trade secret cases these days, digital forensics and digital evidence is key to addressing that most difficult question of how do you prove misuse. So, in your experience, when a breach of confidence incident is first discovered, what should the company be thinking of in terms of digital evidence and how to collect it?

IS:   The first priority is always to protect the evidence, so digital data by its nature is fairly easy to change or to lose, so there are a number of things that a company should be thinking about. One is to restrict the access, disable the access of the individual so that they can't any longer access the company systems, for example, for deletion or even to exfiltrate further information. They should try and get hold of the individual's devices as soon as possible because the longer that, for example, a company laptop is in the possession of the individual, the more risk there is of that person deleting data, wiping the device or making it otherwise in accessible. And also there's a lot of internal systems that these days more commonly turn over data on a regular basis, so it's not uncommon to have systems where email is automatically deleted after a certain number of days. So those systems should be put on hold, back up turnover should be put on hold, so that all of the information that is potentially available at that point in time is still going to be available in future and importantly, if there's going to be any examination of any data at that point, it should be done by people who have the capability to do that in a sound manner, such that they are not going to spoil for example the date and time stamps of documents or otherwise effect the data and its evidential integrity. 

DW:   So one of the very first things I would recommend to a client in a serious case involving breach of confidence would be to engage digital forensic experts. In that initial period after the discovery of the incident Ian, what does the digital expert do? How can they assist with remedying the situation or containing it?

IS:   Well there's a number of ways in which an external expert can assist. One really important thing that they can do is be on the end of a phone in that high tension initial stage where something has just been found, to give a bit of sensible advice and just go over the basics in terms of preserving the data, preserving the evidence. So sometimes just being able to talk through the situation from a technical point of view can be very useful. Following that, there's obviously assisting with the actual execution of preserving data, getting evidential copies of data, and it can be very important even if there isn't necessarily an immediate need to go into an investigation, it still can be very important to get a preserved sound copy so that that can be set aside for whatever purpose it might be needed in future. One other thing that we quite commonly do is attend interviews with individuals as well. So, something that I know from my experience back in law enforcement when I was conducting a lot of search and seizure dawn raid exercises is, there is a bit of a golden period shortly after first engaging with an individual where they're just more likely to come clean and be cooperative, so it's a bit of a golden period that only lasts a limited amount of time where if you want to ask them look, where is the data, where might there be copies, what devices have you used, and some other things, they are more likely to be cooperative at that point. So if you are going to arrange an interview for example – I've attended a number of interviews where there's been the internal legal counsel of a company and they've been running through what appears to have happened, and it helps to have someone there from a technical point of view to listen to what's being said, and also to maybe ask a few questions to clarify points. So an individual might be more forthcoming about what they may have done from a technical point of view but also they might try and avoid the question and use words that are imprecise, so what we can do is drill into that, clarify, and make sure that we've fully understood the situation. 

DW:  So in that initial stage, if the primary goal is to essentially contain the problem and clean up the mess, have you got any examples for us as to how you've assisted companies in that exercise in the past?

IS:   Yeah, and this is a very common scenario where there has been a leak of confidential information but the priority is not to pursue it as such, it's to safeguard the company, safeguard the data, clean it up appropriately. So, in a couple of different scenarios, we can assist with that from a technical point of view, one being where a company has found that one of their employees has left the company with data they shouldn't have, another is that a company has found that a new employee has arrived with data that they shouldn't have and the problem can be equally serious in either scenario. The way that that can be addressed is typically through a cooperation between the external lawyers, the company itself, the technical expert and the individual involved. Often we are dealing with personal systems so it might be somebody's personal computer, it might be their personal email where there's a need to clean up, and the way that we usually approach that is to have a joint session, whether that be in person or more recently more and more virtually in a screen sharing session, where there's a walking through of the potential areas where data could be, where the technical expert can facilitate and then ensure that there is an appropriate log of that process, of what was found and also to ensure that appropriate deletions took place. And while those instances are often not contentious, there is still always the need to consider that they might go down that route so having that log of what happened and being sensitive to the person's individual personal data is important as well. 

DW:  What about the situation where it's not simply a clean up exercise but litigation is likely, very much on the cards. How would that affect your approach? 

IS:  Well one important thing to say there as I touched on is that we should always assume that any situation can become contentious so there's a certain baseline of evidential integrity, documentation audit trail that should always be observed. So even when something seems like it's relatively innocuous to begin with, it's always better to be careful because it's a lot easier to reduce the level of concern rather than go back and have to try and build up a firmer case if the original documentation audit trail wasn't there. If we know that something is very likely to be contentious or already has become so, then there's a certain amount of additional documentation that can be put in place but is more for ensuring that it's more straightforward to put together reports and notes in future. In a contentious matter it's more likely that more parties are going to be involved so it's more likely that there will be lawyers on both sides and actually experts on both sides, and often the need to put in place protocols and processes in terms of sharing data and sometimes actually further sharing confidential data, so there's often a need to put in those additional technical and legal protocols/understandings to allow that to happen and everyone should prepare themselves that it's probably going to be a much longer process. 

DW:   So when things do go to that next stage and you're actually instructed as an expert not just as a, you know, forensics person on clean-up but as an expert in litigation, what difference does that make to your approach, and what are the kind of things that a client should expect in that context? 

IS:  Yes, so whether we're engaged as an expert by one party or another or jointly, which sometimes happens, our obligation ultimately is to the court. So what we're going to do as an expert is we will follow the instruction we're given but we will do so in an unbiased manner. So whatever our findings are, they will be presented in a clear way so that everyone can hopefully understand them and we are not going to take an angle one side or the other, regardless of who has actually engaged us. And that's extremely important because that is what enables the work that we put forward to have weight. So to give you a recent example, we submitted an expert report in a matter, there had actually been two previous expert reports put forward and the feedback we got in terms of comments by the judge having looked at all three expert reports was that one he effectively dismissed out of hand because he didn't feel it met the requirements of being an expert report, one other report he had certain concerns about because it clearly took a position that wasn't neutral, and the report that we submitted was given due weight because of the way in which it was presented. So, if you're engaging an expert, I would say bear that in mind and consider that when you're instructing the expert, focus on the things that really matter. There can be a temptation to go broad and try and score as many points as possible and this can sometimes lead to a lot of, not exactly dead ends, but a lot of things that don't really contribute to the core issue at hand. They might be correct, you might find fault in the other side, but that doesn't necessarily really add to the clarity of the situation, it's generally better to focus on what's really important and put more time into discovering as much as possible about that. 

DW:   Perfect, thanks Ian. So this is an area that very much lends itself to war stories and I'm sure you could entertain us for the next couple of hours with some tales of things that you've discovered but perhaps in the limited time available you can give us some examples of the kind of evidence you've been able to uncover in recent matters?

IS:   Yeah, so obviously in a lot of cases the information is just sitting there so it's actually more about the process of ensuring that it has its integrity and is presented clearly, but sometimes it's not quite that straightforward so, and sometimes individuals will take measures to try and avoid what they've done coming to light. So there's one example where an individual took quite a lot of care, they were sensible enough not to email themselves the secret source recipe. What they did was bring it up on their screen, they took a photo of it with their mobile phone, and then they sent it on to themselves and then they deleted the application and by the time that we got involved the only thing available was that mobile phone. Now fortunately for us, what had happened was that when they had deleted that application, there had been some kind of a problem, some kind of an error on the phone itself and we were able to recover some raw data sitting behind that application and from that we were able to recover some pictures and amongst them was the photo of the screen. So even when individuals take quite extreme measures, actually it's worth looking because you don't know what you might find. In other cases it can be more of a matter of trying to infer what happened from what is plainly in sight. So in another recent case we had the instance of an employee who had passed information outside of the company in the form of an Excel spreadsheet with various information across various tabs and the company felt that what they had done is embellished it in certain areas that was harmful to the company. So what we were able to do there, and the problem here, obviously what we would like is various copies of what was a company spreadsheet, if we have copies over a period of time we can do various things, but we didn't have that, we had one copy attached to an email so very little to work with apart from the core document itself. But what we were able to do was take it apart and build up a chronology of the information that had been added into that Excel spreadsheet. So while we didn't have specific dates and we didn't have specific authors and we didn't have a lot of information, what we did have was what happened in what order and actually from that, working with the lawyer in the case who understood more of the background to the information in the matter, they were able to then infer what had or actually in that case had not happened in terms of that person adding damaging information, unfortunately for the company that was actually already there, but it shed a lot of clarity on that particular area. 

DW:  Well thanks Ian, that's…we could go on I'm sure but we are coming towards the end of our slot. So what I'd like to do is just pick up on a few of the questions that have come through in the course of the session. Just looking at these, first of all Ruth, there's one I think best directed at you. How long do you think a restrictive covenant can last for and remain enforceable? 

RB:  Yes. First of all it depends on what type of covenant you're talking about and also what's quite fundamental is, is where does that covenant sit. So if you're dealing with for example a covenant that sits in a shareholders' agreement or some other kind of commercial contract, then the tests that are applied are slightly different because the bargaining position of the party is determined to be more equal. However, if you are putting an employment lens on it and you're looking at a covenant that's in an employment contract, for a non-compete covenant, what we've seen probably with the cases in the last few years in the UK courts is that anything over and above six months in an employment context, you've got to be really confident that you're dealing with somebody who is really business critical or really has access to some pretty fundamental crown jewels information because things getting up to about a year may really be all that can be enforced for that kind of category of person. For covenants that are not your non-compete type covenants but things like non-solicitation of clients or your suppliers, people won't poach your key employees. Because of the fact that that doesn't stop somebody being able to work, they can go and join a competitor and still comply with those covenants, you are able to get away with a longer period of time. So generally we work on the basis of around about 12 months for those but again it's always going to be dependant on what category of person you are dealing with, how senior they are. And also a key thing to bear in mind is garden leave, so if you have got the ability to put an employee on garden leave for a period in lieu of notice, that's a really nice tool of actually keeping somebody out of the market but that is a period of restraint in the same way that a post-termination covenant is so you need to think about what the length that that person will be kept out of the market is in its entirety. 

DW:  Yep, okay, thanks Ruth. Don, a question has come through that I think is definitely best addressed to you. It's quite a long question but I'll try to paraphrase it as best I can. Can you elaborate on the regime in the UK around reverse engineering, and essentially I think what the question is asking is, in what circumstances can reverse engineering be allowed and in what circumstances might it amount to stealing trade secrets or somehow acting unlawfully? I don't know if you are able to comment on that, I'm aware it's a very complex issue and it gets into things around the Software Directive and so on as well, but perhaps you can say a few words on that?

DM:   Sure, so in terms of the regime, there's not an awful lot of law in the UK about this so, in specific context there are, as David has mentioned there, in software there are terms which have been implemented into the UK Copyright Act that have derived from one of the copyright directives from the EU which say that, well, which govern contractual restrictions against reverse engineering and when the circumstances in which they will and won't be void. But in terms of kind of general restrictions aside from contract, there really aren't very many legal restrictions on reverse engineering just in general so if there's no existing relationship say between you and the competitor, so no relationship or contract, you don't have any…you don't yourself have any relationship of confidentiality between you and the competitor. You can buy their product on the market and get it reverse engineered but you have to be careful that you're not actually using anyone's confidential information in doing that. But if you generally are acquiring a product openly available on the market which is not sold itself subject to its own terms of confidentiality, normally you will be free to take that to a specialist who does what they are often called "tear downs" when we talk about chips, or you'll be able to sometimes do it yourself if you have the in-house capabilities. In some cases though you will need really very specialist kits so for the chip example, there are a small number of people in the world who could actually do that. In other areas where you're dealing with chemicals or trying to work out what's in that product, there will be more labs that you will be able to consult but yeah, I think it really does depend on the specific kind of technology you're looking at but I think the bottom line is that if there is no contractual or equitable obligation of confidence arising from some kind of relationship between you and the person who has produced the product, normally you'll be free to reverse engineer the product. 

DW:  Yeah, thanks Don. Another related question, I think I'll take it myself perhaps. The question is, is there a conflict between an organisation's right to protect trade secrets and the right to earn a livelihood on the part of an employee? 

I think the answer to that is that there definitely is a conflict and that the courts will very carefully regulate the situation and they are extremely reluctant to prevent employees from going off and earning a living and that's precisely why the balance is struck between on the one hand committing an employer to impose a restrictive covenant for example, but on the other hand it can be no wider than reasonably necessary to protect the employer's legitimate interest. So the sort of things that employees can do, and it's recognised that they can do on the basis of case law, is, for example, deal with on a day-to-day basis things that fall within their ordinary skill and knowledge is sometimes referred to as their mental tool kit. So if something falls within the mental tool kit of someone experienced in the particular field of endeavour in question then they're allowed to use it and the court will not restrain that activity. What the court will do however is if obviously they've got data, confidential data, and they are using that material in the context of a new job then that can be restrained. So no hard and fast answers around it but it's absolutely right to point to the fact that there are two competing interests at play here and the courts will have to, or do endeavour to, regulate them. 

Ian, one final question I think that is best addressed to you. Are there any technical measures that you would recommend either to stop confidential information being taken in the first place, or perhaps to track it after it's left the company?

IS:  There are a number of measures. I would give a warning that nothing is completely effective so whatever measures are put in place there should be still the assumption that the data can be lost and there should be reactive measures in place to be able to handle that scenario. On a fairly basic level, one big area of risk is where employees are using personal devises and personal systems, that's very problematic in terms of any kind of monitoring or getting that data back. So if the company is using a 'bring your own device' policy for mobile phones or even laptops, that can be problematic so it's something to consider about what kind of uses those devices can be put to, and also whether employees can use personal cloud accounts on their company systems. If they are using their own personal gmail, oneDrive etc, that's very problematic in terms of where data can easily leave the company. In terms of technical measures there's different things that can be done. On a simple level for things like contracts or major documents there's all kinds of digital signatures that can be employed which are very useful for being able to verify a document, they don't necessarily stop it being lost but at least they do help confirm its veracity. There are digital rights management systems that can be very broad that can for example allow documents to be categorised and then not leave the company that can be very effective but very restrictive so the problem there is that they're often so restrictive that people simply find ways around them or they just write their own notes or they go outside that so it's a partial solution rather than a whole. And then there's certain things that can be done to watermark or tag documents or data, so obviously digital signatures and so on. When we come to freer form data and companies that for example their product is data that they provide to others, a common way of doing that is to introduce purposeful known errors so that if data shows up online for example, it can be tested whether it's your data because you know that there were certain say, an error in the spelling of a name or an address or some other piece of information that doesn't necessarily require any special digital treatment, it's built right into the data. 

DW:  Well thanks Ian, and thanks to the rest of our panellists, but we're out of time. Thank you to you the audience for joining us. This is the last Tech Dispute webinar for 2020 but we will be carrying on with the series in the new year, so watch this space. If you have any further questions about what we've been discussing today, please do feel free to email any of the panellists, their details are there on screen, and we would also encourage you to please complete the survey following the webinar. We really do appreciate the feedback and we would very much like to know what other topics you would be interested in hearing us cover next year. So thank you everyone very much, and have a good rest of the morning. 

DW:  Thank you.

RB:  Thanks everyone.

This webinar was hosted by David Wilkinson (DW), Ruth Buchanan (RB) and Don McCombie (DM) of Ashurst and Ian Smith (IS) of FTI Consulting on 10 December 2020.