The distinction between confidential and generally accessible data, which we use on a daily basis, may have a significant impact on the activity of an enterprise, therefore it is necessary to comply with the obligations related to trade secrets.
What is a trade secret?
In Polish law, a trade secret is defined under article 11, section 2 of the Law on combating unfair competition of 16 April 1993. In the sense of the article above, a trade secret of an enterprise is technical, technological, organizational information of the enterprise or other type of information of an economic value which is not publicly known by people who normally do not deal with that type of information or which is not easily accessible to those people.
What is important, such information must be clearly defined as confidential. If an entrepreneur decides that particular information shall be considered confidential, it will become a company’s trade secret and an employee authorized to access it has no right to disclose it and share it with third parties.
What kind of data is a trade secret?
Confidential data is considered to be a type of information of an economic value, i.e., related to the activity and finances of an enterprise, and are composed of, for example, research results, product recipes, sales forecasts, plans and organization of an enterprise, clients' data. The data abovementioned do not have to be limited to the written ones, but also, they may be expressed in calculations, diagrams, pictures, etc.
In view of the above, we may distinguish three features of confidential data:
- Information that is of difficult access and not publicly known by a particular group of people who take care of it;
- There is a will to consider given data as confidential;
- Know-how and experience are indispensable elements of the technological and production process.
How to protect confidential information?
Under article 11 of the Law on combating unfair competition, an entrepreneur shall operate with due diligence in order to ensure that confidential data is not accessible to unauthorized people. For this purpose, it is essential to undertake appropriate measures aiming at the protection of data:
- legal measures, e.g.: internal acts (resolutions, terms & conditions), declarations, regulations, NDA, non-competition agreements;
- technical measures, e.g.: access codes, securing information storage devices in digital format, an appropriate room for storage of documentation.