Protecting Trade Secrets

Paul A. Tedesco ptedesco@srcti.com

INTRODUCTION

Universities, contract research and early stage companies involved in drug discovery or development of platform technologies will often partner with larger firms. Patent applications are usually inappropriate during these preliminary phases, yet most of these collaborations require considerable transfer of files and data between and among different entities...a challenge for protecting trade secrets and other intellectual property.

Common or Usual Protection Processes

As a company or university, when you think about protecting your data you will normally think immediately about the data itself. So you will most likely direct your protection processes toward the immediate protection of your data. You will watch the content of your data determining if the data is critical and needs to be protected.  Not all of your data needs to be protected. You would monitor all of your outbound information that could be in many different formats.  You would also monitor the output for you to meet the regulatory requirements.  You would monitor your user and content based information, allowing specific users to use only specific information.

Completing the Requirements Needed for Trade Secrets

But what will you have missed with this level of protection?  Part of the problem that corporations face, and that you face, is that some of your trusted employees could either inadvertently or maliciously access your information and pass your information to your competition, or violate regulatory requirements.  So you need to add a number of different testing requirements to determine if you have encountered some problem.

It is very possible that the uses of your computer systems and communications are being monitored by an illicit outside source.  You need to take steps to prevent this malicious activity.  So you need to monitor more than just the data.

You need to monitor the computers and the programs that are being used on each of the computers.  If a program is not supposed to be running on a specific piece of equipment, or for a specific purpose, then you need to prohibit output from that program.  This step prevents internal or external people from malicious use of your computers and prevents someone from stealing your intellectual property.

When you properly scramble all of your data it makes it impossible for anyone to make any sense from the information that they should not have. Some companies have reported that either consultants or even their own employees have misused information. You need a process that discovers when authorized personnel do misuse information. This gives your corporation the ability to properly handle the situation.

You also need to protect your intellectual property from intrusions.  The best way for you to protect your knowledge is from the BIOS level where you can prevent  output from displaying your property to others, both insiders and outsiders.

What else do you need to monitor?  You need to monitor your networks, and all of the ports of your computer. You need to understand that the data packets that are coming into and going out of your computer are really valid and productive to your corporation.  You need to see all of the information coming to and from your computer including information like: users, operating systems, servers, data strings, and packets.

Summary

We have described the basic data oriented processes that you, universities, contract research and early stage companies, need to use to protect your intellectual property.  But we have shown a group of special processes that you need to use to prevent any inadvertent loss of intellectual property and from external sources entering and stealing your information. We have indicated the basic steps for you to lock up your systems so that nothing can be stolen from them.