How data must be protected

Berlin When the law on the protection of trade secrets came into force in April 2019, it meant a break for Germany. Previously, secrets were mostly vaguely referred to as “know-how”, the legal protection of which was taken for granted.

Now, in the event of a dispute, anyone who saw their secret violated suddenly had to explain and prove that this information was protected by “reasonable confidentiality measures”.

In the meantime, more and more court decisions have been made on the Trade Secrets Act. “They specify the set of rules and show which requirements actually have to be met in order to properly protect information,” says Constantin Rehaag, an expert in commercial legal protection at the commercial law firm Dentons. “Some parties to the process experience unpleasant surprises: some things that were a secret from the management’s point of view have become common knowledge due to a lack of protective measures, and every third party can use it more or less as they wish.”

With the law on the protection of trade secrets (GeschGehG), an EU directive was implemented into national law. Since then, it has been necessary for companies to take appropriate confidentiality measures so that there is a legally protected secret – for example information that should be kept secret from the public or competitors.

Top jobs of the day

Find the best jobs now and
be notified by email.

This can include customer lists, supplier data, market analyses, machine control data sets, strategy papers, drawings or machine-generated data.

No absolute or extreme security required

“All too often, such data is not protected by copyright and is rarely protected by patents,” explains legal expert Rehaag. “A customer list is not something that has a level of creation. It also does not offer any technical solution.” Nevertheless, such information is important and valuable in view of the billion-euro data economy. “But only if they are kept secret,” emphasizes Rehaag.

The rulings made on the Trade Secrets Act now specify what protective measures are needed to turn information into secrets. The higher regional courts (OLG) Düsseldorf and Hamm have made it clear that the entrepreneur does not have to create optimal protection with absolute or extreme security for his confidential information. Thus, the cost of protection need not exceed the value of the secret.

Conversely, it cannot be sufficient to ensure appropriateness if the entrepreneur only takes a minimum of protective precautions – for example to avoid high costs and a high organizational effort (Az. 1-15 U 6/20 and Az. 4 U 177/19 ).

The OLG Stuttgart decided: As a minimum standard, relevant information may only be entrusted to persons who (potentially) need the information to carry out their task and who are bound to secrecy (Az. 2 U 575/19).

Overall, an appropriate level of protection cannot be assumed if the owner of the secret accepts a “data leak”, i.e. allows employees to save files on private data carriers without password protection or if paper documents are not secured once morest access by unauthorized persons.

You can’t tell what you no longer own

“There must therefore be a clear restriction on access to the information, and this must actually be enforced,” explains legal expert Rehaag. Detailed non-disclosure agreements might be an important component of the protection of secrets. Rehaag says: “The contractual penalty, which has gone somewhat out of fashion, can now gain in importance once more.”

The legislature also did not grant the secret holders a transitional period: If the protective measures were not implemented when the law came into force, then the information was only information and not trade secrets (Az. 12 SaGa 4/20 and Az. 1-15 U 6/20).

The Baden-Württemberg Regional Labor Court recently ruled that the law does not give rise to a claim for injunctive relief if the injured party is no longer in possession of the trade secret (Az. 4 SaGa 1/21).

Claudia Rid, specialist lawyer for employment law at the commercial law firm CMS reports: “Here, an employee forwarded a business email to his private email account so that he might read it better at home, including a 21-page template for price calculations. “

Since the employee had sworn in court that the information had been irretrievably deleted and that he had not made any copies or printouts, the court ruled: “You can no longer use or reveal what you no longer have.”

In practice, according to legal expert Rehaag, companies have to create levels of protection, such as: internal, confidential, secret, top secret. The protective measures would then be defined for these levels. At the same time, this also defines the group of people who should have access at all. Accordingly, the “instruction” and constant training of the employees is also necessary.

More: Why the head of the cartel office, Mundt, wants to expand the leniency program

.

Leave a Replay