Protection of trade secrets: strategies and tools for businesses

In the business world, corporate know-how represents an invaluable intangible asset. Safeguarding a company’s strategic information means ensuring its competitiveness and preventing the unlawful misappropriation of critical data. From secret formulas to market strategies, from customer database management to production methods, every company holds a body of information that—if disclosed—could cause irreparable harm. But how can trade secrets be protected? What legal and technological tools can be used to defend them?

What are trade secrets?

Article 98 of the Italian Industrial Property Code defines trade secrets as “business information and technical-industrial experience, including commercial ones, subject to the legitimate control of the holder, where such information:

• is secret, in the sense that it is not, as a whole or in the precise configuration and combination of its elements, generally known or easily accessible to experts and operators in the field;
• has economic value because it is secret;
• is subject to measures, taken by those who lawfully control it, that can reasonably be deemed appropriate to keep it secret.”

This type of information may concern production processes, algorithms, research methods, marketing strategies, and other forms of business knowledge that provide a competitive advantage.

Within the framework of corporate information protection, it is important to distinguish between:

• The “objective know-how” (which can be considered a subset of the broader Common Law concept of proprietary information): consisting of information that can be identified and separated from the individual who possesses it. Ownership lies with the company that has formalized it;
• The “personal know-how” (corresponding in Common Law to the employee’s general skill and knowledge): consisting of knowledge and ideas inseparable from the individual holding them. In this case, the holder is the individual themselves.

The articulation of such information into corporate procedures enriches the company’s assets and facilitates its legal protection. Know-how is, in fact, a strategic business asset, subject to transfers through assignment agreements, licenses, franchising, merchandising, subcontracting, and business transfers.

Relevant legal framework

The legal protection of confidential know-how and trade secrets against unlawful acquisition, use, and disclosure is governed by Italian Legislative Decree No. 63/2018, which implements EU Directive 2016/943.

Article 99 of the Italian Industrial Property Code expressly protects the confidential information referred to in Article 98, prohibiting the acquisition, disclosure, or misuse of such information when obtained unlawfully. It also reinforces the discipline on unfair competition, allowing legal action against any party who use or even merely acquires such information unlawfully.

This protection is further reinforced by Article 2598 of the Italian Civil Code, which penalizes acts of unfair competition, including any conduct contrary to professional fairness and likely to harm a competitor.

In the realm of criminal law, Article 623 of the Italian Criminal Code penalizes the unlawful disclosure of business secrets. In this regard, the Italian Supreme Court, in Judgment No. 16975/2020, clarified that the provision has a broader scope than Article 98 of the Italian Industrial Property Code, as it offers protection even in the absence of formal protective measures. However, criminal prosecution is subject to the filing of a complaint within three months of discovering the offense.

How far can competition go?

An emblematic example of a trade secret closely guarded and of immense economic value is the Coca-Cola formula, kept in a vault and known only to a few selected individuals. However, the protection of trade secrets extends beyond physical safekeeping and includes a complex web of legal and procedural safeguards to prevent and punish breaches.

In 2006, a case of industrial espionage shocked the Atlanta-based giant and offered a clear example of the unlawful appropriation of confidential information. Joya Williams, an administrative assistant at Coca-Cola, along with her accomplices Ibrahim Dimson and Edmund Duhaney, attempted to sell confidential information to Pepsi, including corporate documents and even a sample of a new beverage under development. Their plan involved a two-part transaction: $10,000 for the first set of documents, followed by a total of $75,000 for more detailed information and the formula of the new product.

However, Williams and her accomplices failed. Instead of taking advantage of the offer, Pepsi alerted the authorities and Coca-Cola, setting an example of fair competition and respect for market rules. Coca-Cola contacted the FBI, which launched an undercover operation. Posing as a buyer, an FBI agent gathered sufficient evidence to indict the three individuals, who were arrested on July 4, 2006.

The Coca-Cola case highlights the critical role of legislation in protecting trade secrets. In the United States, the Economic Espionage Act of 1996 (EEA) provides a stringent legal framework for criminally prosecuting individuals who steal, use, or disclose confidential business information. The Act distinguishes between industrial espionage (committed on behalf of foreign governments) and the theft of trade secrets for personal or corporate economic gain, and prescribes severe penalties, including fines and imprisonment.

What to do in case of misappropriation of trade secrets?

In the event of violations, businesses may initiate descriptive proceedings to collect evidence and prevent further dissemination of the misappropriated information. The descriptive proceeding, governed by Article 129 of the Italian Industrial Property Code, allows the acquisition of evidence from documents and files containing trade secrets (see also: “The case of the disloyal employee who steals confidential company  information”).

To obtain an injunctive measure, two key elements must be demonstrated:

• fumus boni iuris, i.e., the appearance of a valid legal claim. In this context, the evidentiary threshold is lower than for other precautionary measures. The Venice Court has clarified that “the fumus required for the granting of this measure—which serves exclusively evidentiary purposes—is undoubtedly more relaxed than that required for other precautionary measures, such as seizure or injunction, being satisfied by the reasonableness of the request or the non-pretextual nature of the claim” (Venice Court, Business Law Division, Order, January 10, 2022);
• periculum in mora, i.e., the real risk of irreparable harm.

Through forensic analysis of company IT systems, it is possible to identify unauthorized access attempts or improper copies of documents. These pieces of evidence may prove decisive in litigation.

Another strategy involves the use of legal instruments such as the patent box regime, which offers tax incentives for intangible assets, thereby encouraging the protection of know-how. Legislative tools like the EU Trade Secrets Directive offer additional safeguards for companies operating across international markets (see also: “New patent box: 110% for intangible assets”).

Protection tools: from legal measures to technology

The protection of trade secrets does not rely solely on legal safeguards—it also requires practical, proactive measures. A preventive approach is key to protecting trade secrets.

Companies should implement risk management systems and tools to monitor confidential information. Investing in cybersecurity and staff training is essential to prevent data misappropriation (see also: “The case of the disloyal employee who steals confidential company  information”).

There are various types of protection tools, which can be classified as technical, organizational, and legal measures.

• Technical measures include IT tools such as encryption, multi-factor authentication systems, firewalls, and access control mechanisms for sensitive data. These steps make unauthorized access more difficult and help detect attempted breaches.
• Organizational measures involve educating employees on the proper handling of confidential information. Data breaches often result from internal negligence rather than external attacks. Limiting access to information to only those who truly need it and establishing clear policies on sensitive data are fundamental steps.
• Legal measures offer another layer of protection. Non-disclosure agreements (NDAs) legally bind employees, suppliers, and collaborators not to disclose specific information. Companies may also rely on specific contracts that regulate the use of protected information and impose penalties for violations (see also: “Accordi di riservatezza (NDA): come proteggere il valore delle informazioni”).

The combined use of these tools can ensure effective protection (see also: “Riservatezza aziendale: doveri dei dipendenti e sanzioni legali”).