The year 1996 was a big year for information protection in the United States. Not only was it the year the Health Insurance Portability and Accountability Act (HIPAA) made history as the first US regulation to impose penalties for not protecting personal health information, but it was also the year the Economic Espionage Act (EEA) made it a federal crime to violate intellectual property (IP) rights.
Prior to the EEA, the only way to enforce those rights was to sue the offending party. The EEA made intellectual property theft a crime subject to the co-enforcement of the Federal Bureau of Investigation (FBI) and the Dept. of Justice (DoJ).
Unfortunately, over the years many organizations could not benefit from the new law, and even lost their ability to do so in civil court, because they failed to take “reasonable measures” to protect the information themselves, even if those reasonable measures had nothing to do with the incident.
The landmark case in this goes back 70 years when an armored car manufacturer (Cadillac Gage) sued former executives for stealing the company’s trade secrets. In court, the defense council produced blueprints and other documents that were found in the complainant’s trash, claiming that the information for which they were seeking IP protections was being made available to the public. The courts agreed and ever since, the precedent and IP enforcement have ruled that no entity can expect to claim IP protections if they are not taking reasonable measures to protect the information themselves.
And this precedent eventually ended up being codified in the EEA’s definition of Trade Secrets as follows:
The term “trade secret” means all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing, if
- (A) the owner thereof has taken reasonable measures to keep such information secret; and
- (B) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, the public.
So, both in federal IP protection law, the EEA, and civil courts, information is not legally considered as intellectual property (trade secret) unless reasonable measures – such as secure destruction – are used to protect it.
Whether it’s recorded on paper or on a computer, customer correspondence, client lists, manufacturing and research docs, and anything else an organization might consider as being its proprietary, runs the risk of being considered in the public domain by the simple act of throwing it out in the trash or selecting a service provider that does not have the appropriate security in place.
The good news is that with the proper policies and procedures, and the proper training, any organization can shore up its IP handling practices, including secure disposal, thereby buttressing its ability to defend critical IP if needed.
And, here at Shred Vault, we have a number of ways to help, from providing secure destruction services to helping draft the necessary policies. Call today at 866.976.7818 to see how easy and cost effective it is!