Issues of confidentiality often arise in litigation under procurement challenges, as illustrated in the recent case of Bechtel v High Speed Two (HS2)  EWHC 458.
In this case Mr Justice Fraser noted, “[I]n my judgment, the level of profit in percentage terms that a tenderer included in its bid in this procurement competition is properly described as commercially confidential, and is also something that any tenderer, whether a claimant in proceedings or otherwise, would wish to keep confidential for justifiable reasons.”
In terms of how to retain the confidentiality of such information during litigation, it is contrary to open justice and transparency to have trials conducted (even partially) in secret for all but those legal representatives who sit within a court’s prescribed ‘confidentiality ring’.
At the same time judgements need to be readily comprehensible and include reference to all relevant material and reasoning of the the judge, so having a separate confidential appendix or schedule in a judgement should only occur when there is no viable alternative.
In the circumstances of the present case Mr Justice Fraser concluded there was no viable alternative available to him, for without such a confidential appendix to his judgement (available only to those within the ‘confidentiality ring’), he “would run the real risk of destroying justified confidentiality in commercial issues.”
Giving judgement in the Court of Appeal case Shenzhen Senior Technology Material Co Ltd v Celgard, LLC  EWCA Civ 1293 Lord Justice Arnold has shone a further light on the UK Trade Secrets (Enforcement, etc.) Regulations 2018 (SI 2018/597) [TSR].
Dividing his analysis into pre/post the EU Trade Secrets Directive (EU Dir. 2016/943) Arnold LJ noted, “under English law prior to the implementation of the Trade Secrets Directive, trade secrets constituted a particular category of confidential information. The principal distinguishing characteristic of trade secrets, as opposed to other forms of confidential information, was that a former employee could be restrained from using or disclosing their former employer’s trade secrets after the termination of the employment”. 
“The Trade Secrets Directive harmonises the protection against the unlawful acquisition, use and disclosure of trade secrets in the European Union. It is not an exhaustive harmonisation: Article 1(1) provides that Member States may provide for more far-reaching protection than that required by the Directive provided that compliance with a number of provisions of the Directive is ensured. Thus the Directive provides both a floor and a ceiling.”
Moreover, it was noted that whilst TSR might implement the Trade Secrets Directive, it does not transpose Articles 3, 4 or 5 of the Directive.
Turning to the “curious provision” of Regulation 3 Wider Protection, Arnold LJ surmised “… it appears to be primarily intended to ensure that, if and in so far as English law prior to the implementation of the Trade Secrets Directive was more favourable to the trade secret holder…then that greater level of protection shall continue to be available…”.
Conversely it was noted that Regulation 3 does not appear to address the position if the Directive confers greater protection than English law did previously. In such a situation the solution advocated by Arnold LJ would be to interpret and apply TSR consistently with the Directive and again offer the trade secret holder the higher protection.
Delighted to see cybersecurity identified as one of the urgent
global legal challenges to be addressed under the Hillary Rodham Clinton
Scholarship programme just launched by Sky and Swansea University (see
No understanding of innovation is complete without an understanding of intellectual property law and as Alec Ross, Senior Advisor for Innovation to Hillary Clinton when Secretary of State, states in his work The Industries of the Future (2016), “We all want the liberty that comes with a vibrant online life, but liberty without security is fragile, and security without liberty is oppressive. The years ahead will force us to balance these two as we have not had to before.”
Sky and Swansea University today announced the first ever global Hillary Rodham Clinton Scholarship programme.
The scholarships will support the next generation of leaders committed to addressing urgent global challenges, including the rights and protection of children online, the climate crisis and cybersecurity.
Each of the scholars will be selected over the summer and
granted a fully-funded, postgraduate, one-year scholarship at Swansea
University, starting in the autumn.
Launching the Hillary Rodham Clinton Global Challenges Scholarship, Secretary Clinton said: “I’m delighted that this partnership between Sky and the School of Law at Swansea will be able to achieve something truly unique, with an urgency that the challenges we face today demand. The programme is a modern, flexible approach which combines the rigour of academic excellence with practical, real world impact. These scholars will embody our shared values of working together across disciplines and geographic boundaries to improve conditions and opportunities for all, and especially for women, children, the marginalised and the disenfranchised.”
Chief Executive, Jeremy Darroch said: “We are honoured to
be the inaugural partner for the Hillary Rodham Clinton Global Challenges
Scholarship and are immensely proud to support a programme so committed to
building a better tomorrow.
“As a society we face a number of global challenges and as
a responsible business we recognise the importance of using our reach and voice
to make a difference in addressing these, making an impact in the wider world,
and helping others do the same. I look forward to welcoming the scholars to the
Sky family and exploring the good we can do together.”
of the Hillary Rodham Clinton School of Law at Swansea University, Professor
Elwen Evans QC, said: “This is a wonderfully exciting
initiative and we are delighted to be working with Sky. These scholarships will
support the delivery of a transformational programme and we hope that our
students will be outward-looking in addressing the big issues. If we are to
tackle the major challenges, such as climate, security, protecting children
online, and inequality, we require innovative thinking and leadership, and a
sustained commitment to transnational cooperation and collaboration.
“This programme capitalises on the considerable research expertise within the Hillary Rodham Clinton School of Law in order to provide students with an incredible opportunity to undertake study into areas of global challenge, and to be equipped with the skills to undertake legal research and to effectively advocate for transformational change to law, policy and practice.”
Reading the IP Wales SME Guide to IP Cybersecurity, underpinned by Beale A., Ratcliffe S., Tettenborn A., The Protection of Data in our Digital Age  Journal of Business Law, Issue 6, 2017 p.461-472, has resulted in each of the following businesses seeking to adopt new methodologies and processes to protect their online commercial activities:-
Benchmark Skincare Limited (Managing Director: Peter Friswell) “By seeking to be certified for Cyber Essentials will enable our business to become “GDPR compliant, protect itself from phising emails, protect itself from external cyberattacks, creating an effective and robust backup data storage process.”
Boyns Information Systems (Director: Robert Boyns) “Reading the IP Wales SME Guide to IP Cybersecurity helped increase our awareness on the importance of cybersecurity in the field intellectual property. As a result, we have adopted new methodologies and processes to allow Boyns Information Systems to grow our cybersecurity infrastructure, whilst protecting us from online harm. Being awarded the IP Wales grant assisted our bid to achieve the Cyber Essentials Plus accreditation, preparing us more fully to mitigate any cyberattack.”
Cadmhas Limited (Director of Services: Elfed Williams) “We are a registered charity and company limited by guarantee and as the Director of Services of CADMHAS I have a duty of care and responsibility to both my Directors, Staff and Service Users that we mitigate the threat of a Cyber Attack. I have spoken to our suppliers Boyns Information Systems Ltd., and they have assured me that by following the 5 pillars of the Cyber Essentials Scheme this will help towards my goal of having a system secured to government guidelines. By having the certification and adhering to it, I will be able to focus on the development of our day to day operations and plan towards the future with a good IT foundation to move forward.”
Castell Howell Foods Limited (Head of IT: Paul Rankin) “Having read the IP Wales SME Guide to Cybersecurity, we decided to increase our protection to Cyber Essentials Plus to reduce the risk of being infiltrated or having data breaches in line with GDPR. With an ever-increasing rise in cybercrime it makes sense to do as much as we can to prevent attacks on our company. I can honestly say that I feel much more confident in our security now and would highly recommend others to carry out this process. Thanks again for considering us for the funding, much appreciated.”
CCTV Wales Limited (Compliance Supervisor: Steve Gallagher) “…to ensure that all customer data and company information is properly protected allowing the company to enhance their service and support Cybersecurity in the area.”
David W.Harris & Co. Solicitors (Practice Manager: Neil Startup) “We are now in the process of undertaking risk analysis and management relating to cyber security. We have updated our internal governance to include more detail on IT security, such as: maintenance of an asset register to include the addition or removal of any assets, Updated IT security and systems policies, Implementation of remote access control, Implementation of a protocol to manage remote devices with access to exchange accounts, Implementation of server password policies, Implementation of automatic screen lock down through user inactivity, Introduction of periodic penetration testing, Password Protection introduced for all electronic documents.”
Daydream Education (Operations Director: Wesley Paetel) “Reviewing and updating all internal cybersecurity awareness and reporting processes, reviewing all third-party anti-virus and malware applications, ensuring system security is reviewed regularly, and reviewing our disaster recovery processes as well as educating staff members about the dangers of cybersecurity and how to become more aware of threats.”
Guardian Property Services Limited (Business Development: Lauren Thomas) “It’s apparent that cybersecurity should be a priority of any business, irrespective of size. Having the right level of knowledge and preparation is vital to minimise and control damage, as well as an understanding of the consequences of a breach and how to recover.”
Health & Her Limited (Marketing Director: Kate Bache) “Collecting, protecting and processing sensitive customer data to improve our understanding in the therapeutic areas of female health, including menopause and menstrual wellbeing.”
Masons Moving Group Limited (Financial Controller: Robert Power) “Protecting the business from online harm is of paramount importance and the Guide has enabled us to implement new security and knowledge to ensure cyber threats are eliminated. These new systems will be monitored frequently and updated when necessary.”
Masons Self Storage Limited (Marketing Manager: James Mason) “The Guide has been extremely helpful in helping our business truly understand the impact cyberattacks can have on a small business. We have ensured brand new office procedures have been put in place with efficient regimes of how we hold and process all types of data.”
PLF Wealth Management Limited (Director: Jeremy Freeman) “Your Guide has made me appreciate the myriad of potential cybersecurity attacks that my small firm has to be aware of, and the steps we as a company need to take to protect our data and network from becoming a victim of these attacks. As a small business our in the financial services arena, we control large amounts of personal data and sensitive data which could make us a viable target to such attacks.”
The Business Centre (Cardiff) Limited (Centre Manager: Emma Mason) “Reading the Guide has given me great knowledge on how to protect our business from online harm. Using this knowledge has enabled us to put new office processes and procedures in place to ensure that we are protected. We have looked closely at how we hold and process our data.”
IP crime is traditionally viewed as counterfeiting (false branding) and piracy (illegal copying) but cybercriminals (& some state players) are increasingly coming to recognise the value of confidential data held by businesses, be it sensitive information about the business operation (trade secrets) or customer information such as passwords and credit card details (made even more topical with the arrival of the EU General Data Protection Regulation 2016).
These attacks on confidential data are happening globally with increasing rapidity and ever more complexity. Zero-day vulnerabilities (where hackers have discovered and exploit a software security breach before a fix is available) are increasing exponentially.
In response our award-winning business support initiative IP Wales has launched a new Online Initiative 2017-2020, the aim of which is to help small/medium sized enterprises (SMEs) to protect their IP from online threats.
SMEs are particularly vulnerable to cyberattack, with our research (commissioned by the Welsh Government) showing that many take little or no precautions against cyber threats, in the mistaken belief that they are too small to attract the cybercriminal’s attention, or that they don’t possess any data worth stealing. Examples of cyberattacks on SMEs have included:-
• IP ‘Theft’ (i.e. trade secrets), the loss of which seriously undermines a company’s attractiveness to both investors and prospective buyers of the business.
• Ransoming of Data, where the business is coerced into paying off hackers in order to retrieve or access stolen or encrypted data.
.• ‘Theft’ of Customer Data (including payment details) which exposes the business to lawsuits, regulatory fines for improper handling of personal data, and reputational damage.
Our website www.ipcybersecurity.co.uk is dedicated to helping SME Boards of Directors to better understand and better protect their business from this increasing threat of IP cybercrime. It also acts as a repository for our research into emerging trends in Cyber-Risk oversight, offering free Briefing Guides for the IP Service Community (IP active Solicitors and Patent Attorneys) on:-
The CJEU has given a decision today under Decision Liffers C- 99/15 that when judicial authorities set damages for IP infringement they will “take into account all appropriate aspects, such as negative economic consequences”. The decision related to the correct interpretation of Article 13(1) of the Enforcement Directive.
The decision, which related to copyright infringement, held that compensation for the moral prejudice suffered by a victim of IP infringement could be sought. The decision rested on the conclusion that not only the wording of EU Law should be considered but also its context. Therefore if there is financial damage to IP right holders and there is also moral damage, for example to the reputation of an author, then this should be accounted for as well.