Protection of the confidential data

To protect confidential data, companies use various tools, such as non-disclosure agreements (NDAs) and trade secret regimes. However, experts emphasize that legal measures alone are not enough. A comprehensive approach is required, which includes not only legal but also technical protection measures, employee training, and clear processes for handling confidential information. Data leaks often occur due to careless handling of information, industrial espionage, or hacker attacks, and fines are not always able to prevent such incidents.

Russian companies can protect virtually any valuable information under the trade secret regime. The law does not provide an exhaustive list of such information, leaving businesses the right to independently determine which data needs protection. For example:

• IT companies and organizations working with intellectual property protect source code, algorithms, and formulas
• Manufacturing companies, in turn, safeguard know-how, technologies, and information about raw materials that give them a competitive advantage

However, not all information can be classified as a trade secret. The following are excluded from protection under this regime:

• Information from founding documents
• Data on the number of employees and their salaries
• Information about payment arrears

Most often, companies protect information about clients and partners, development plans, terms of cooperation with contractors, as well as financial documents, including business plans and strategies.

How does the trade secret regime work?

Experts agree that simply legally formalizing the trade secret regime is not enough – other measures should also be taken:

1. To ensure information security, technical measures such as antivirus software, encryption systems, and secure electronic document management systems are necessary.
2. It is also important to implement organizational measures, such as restricting access to data and controlling its copying and distribution. For example, organizations often issue orders granting employees access to specific data, and in some cases, even printing documents requires a memo and approval from management.
3. Employee training also plays a key role: regular briefings on the rules for handling confidential information help minimize the risks of leaks.
4. Additionally, it is important to use contractual structures, such as NDAs and confidentiality clauses in employment contracts, to formalize the obligation of employees and contractors to maintain confidentiality.

There has been a proposal by Ministry of finance to toughen penalties for disclosing trade secrets by increasing the maximum fine from 1.5 to 5 million rubles. It is also proposed to introduce criminal liability with imprisonment for up to two years, and in cases of severe consequences—up to seven years.

However, experts believe that increasing fines will not completely solve the problem of leaks. For large companies, a more effective measure could be a turnover-based fine or setting its amount as a percentage of the company’s assets. Nevertheless, even such measures cannot fully eliminate risks associated with human error, industrial espionage, or hacker attacks.

Businesses often confuse the concepts of “trade secret regime” and “confidentiality regime,” although their requirements and legal consequences differ:

• The trade secret regime requires applying a special stamp to documents, restricting access to them, and creating storage conditions. Violations of this regime entail strict penalties, including disciplinary, material, administrative, and even criminal liability.
• NDAs, on the other hand, are easier to formalize and are suitable for one-time projects or negotiations. However, holding an NDA violator accountable is more difficult, as it is harder to prove the fact of information disclosure. Experts recommend using the trade secret regime for large and costly projects, and NDAs for the temporary protection of confidential data.

How do companies fight for trade secrets?

Examples from judicial practice illustrate the current stance on such cases. For instance, an employee sent commercial proposals and client work plans to her personal email, which was recognized as a disclosure of trade secrets, and she was dismissed. In another case, a bank employee sent confidential files via the Viber messenger, and the court sided with the employer, as the data ended up on third-party servers. There was also a case where an employee connected a USB drive to her work computer, copying confidential data, and received a reprimand, as the ban on using peripheral devices was stipulated in local regulations. In yet another example, a former employee began working with clients of their previous employer, but the court refused to impose a penalty, as the dispute arose within the framework of labor relations.

Key measures companies can take to protect information include:

• Using technical tools such as antivirus software and encryption systems
• Restricting access to data and controlling its distribution
• Regularly training employees on the rules for handling confidential information
• Implementing contractual structures such as NDAs and confidentiality clauses in employment contracts

In conclusion, protecting trade secrets requires a comprehensive approach that combines legal, technical, and organizational measures. Increasing fines may encourage companies to take data protection more seriously, but it will not eliminate all risks. The choice between NDAs and the trade secret regime depends on the type of information and the business’s goals, and in each case, it is necessary to consider the company’s specifics and needs.