[Attorney Taejin Kim’s Trade Secrets Series 3] Complete Analysis of Confidentiality Management Requirements – Practical Implications and Judgment Standards of the 2019 Amended Law

1. Essential Nature and Core Concepts of Confidentiality Management Requirements

Trade secrets refer to production methods, sales methods, and other technical or business information useful for business activities that are not publicly known, have independent economic value, and are managed as confidential. Therefore, one of the core requirements for legal protection as a trade secret is confidentiality management.

Confidentiality management means that beyond information simply being in a non-disclosed state, the information holder must take specific and conscious management measures to maintain the confidentiality of that information. This is the most frequently disputed aspect among trade secret protection requirements in practice and is a key factor that companies must consider when establishing trade secret protection strategies.

The existence of confidentiality management requirements also represents a major difference between trade secrets under the Trade Secret Protection Act and industrial technology under the Industrial Technology Protection Act. While trade secrets under the Trade Secret Protection Act require confidentiality management requirements, industrial technology under the Industrial Technology Protection Act does not require non-publicity, confidentiality management, or economic utility requirements. This is because there are fundamental differences in the protection targets and purposes of the two laws.

2. Specific Meaning of ‘Information Managed as Confidential’

‘Information managed as confidential’ means information that the information holder is actively and systematically managing to maintain the confidentiality of that information. This goes beyond information simply not being disclosed, indicating that the holder is intentionally and specifically performing continuous management acts to maintain confidentiality.

The core of the confidentiality management concept is that information is protected under a certain system and procedure. Through this, it objectively demonstrates that the information is an important business asset to the holder and has the nature that it should not be leaked externally.

3. Background of 2019 Legal Amendment and Changes in Confidentiality Management Requirements

Regarding confidentiality management among trade secret protection requirements, various legal principles have been accumulated over a long period. Recently, legal amendments have been continuously made in the direction of substantially relaxing confidentiality management requirements to strengthen trade secret protection.

In the 2019 amendment to the Unfair Competition Prevention Act, among the recognition requirements for trade secrets, the existing phrase ‘maintained as confidential through reasonable efforts’ was changed to a more active and clear expression: “managed as confidential”. This change reflects the clear legislative purpose of substantially strengthening trade secret protection and reducing the burden of proving confidentiality management requirements in practice.

4. Practical Implications of Deleting ‘Reasonable Efforts’ and Adopting ‘Managed as Confidential’

Before the amendment, for something to be a trade secret, it had to be maintained confidential ‘through reasonable efforts.’ This made proving ‘reasonable efforts’ a key issue in litigation processes, and proving this became a significant burden for trade secret holders.

Deleting the phrase “reasonable efforts” in the amended law and changing it to “managed as confidential” has significance in fundamentally resolving the problem where previous precedents used terminology different from the legal provisions. The fact that Supreme Court precedents used the expression ‘reasonable efforts’ instead of ‘substantial efforts’ was a direct catalyst for the amendment.

This amendment has important significance in that it substantially relaxed the confidentiality management requirements for trade secrets, allowing companies to more easily receive protection for their trade secrets.

5. Minimum Management Efforts Still Required After Amendment

Although the amended law deleted the phrase “reasonable efforts,” the expression “managed as confidential” itself is still interpreted to mean that trade secret holders need minimum efforts for confidential management.

In other words, the legal amendment did not completely abolish confidentiality management requirements, and still means that holders must take certain measures to manage the information as confidential. However, the key change is that the standards have been realistically relaxed compared to before.

For example, if access restriction measures, confidentiality agreement execution, and basic security facility construction are in place, confidentiality management may be recognized under more generous standards than before.

6. Objective Standards for Proving Confidentiality Management and Practical Challenges

The standards of effort to be applied in judging confidentiality management must be objective. However, in specific cases, various factors must be comprehensively and systematically considered.

In practice, most trade secret leakage crimes are committed by internal employees, who know well whether information is maintained confidentially within the company, yet deliberately leak it and then dispute whether it was managed confidentially through “reasonable efforts” to avoid punishment.

Additionally, determining whether leaked information is widely known in the industry (non-publicity) is not easy for investigative agencies or judges and acts as a significant burden, which is pointed out as one of the main causes of lengthy investigations and criminal trials.

In past precedents, there were cases where ‘confidentiality’ (related to confidentiality management) could not be recognized when materials were stored in unlocked glass cabinets or bookshelves in offices where even outsiders could freely enter without access restrictions, ruling that they were not trade secrets.

7. Differentiated Confidentiality Management Standards by Company Size

When judging confidentiality management, there may be substantial differences in the required level and degree of management according to company characteristics such as large corporations versus small and medium enterprises. While it is easy for large corporations to establish systematic and organized management systems, it may be realistically difficult for small and medium enterprises to require the same level of management as large corporations due to cost and personnel constraints.

Therefore, it is considered that they can manage in appropriate and reasonable ways suitable for company characteristics. For example, even if small and medium enterprises do not have computer security systems like large corporations, confidentiality management can be recognized if they manage confidentiality in ways suitable for company scale, such as restricting access to core information and allowing only the minimum necessary employees to view it.

8. Need for Relaxed Application Standards to Reflect Legislative Intent

Considering the intent of the amended law to relax confidentiality management requirements, there are arguments that in specific cases, courts should relax application standards in accordance with this legislative intent and differentially judge confidentiality management efforts according to target-specific situations.

This connects with the criticism that while confidentiality management requirements cannot be ignored in light of the nature of trade secrets, there is a need to fundamentally improve the practice of judging these requirements too strictly.

Particularly in cases of leakage by internal employees, applying confidentiality management requirements excessively strictly to allow punishment avoidance even when employees fully recognize the confidentiality of information does not align with the purpose of the trade secret protection system.

9. Practical Harms of Excessive Confidentiality Management Requirements

In trade secret infringement cases, the weight of confidentiality management requirements has been excessively high, and considerable cases have occurred where protection as trade secrets was not received because confidentiality management requirements presented by precedents were not met.

The concept of trade secrets ranges from simple business information to cutting-edge technical information, and unlike patent rights, it is difficult to accurately grasp the substance of trade secrets from outside, and problems arise when they are widely shared among internal workers, making confidentiality unclear internally or appearing not to constitute special management.

Such excessively strict interpretation of confidentiality management requirements caused several practical problems. One critical view is that the weight of ‘confidentiality management’ among trade secret requirements should be realistically reduced or deleted entirely to simplify litigation processes.

This is based on the logic that particularly in cases of leakage by internal employees, since employees know that information is maintained confidentially within the company, disputing ‘reasonable efforts’ to avoid punishment can be prevented.

10. Cases of Breach of Trust Charges When Trade Secret Protection Fails

Precedents have held that even if ‘confidentiality management’ requirements are not met in trade secret infringement cases and thus do not fall under Trade Secret Protection Act punishment, if the information corresponds to ‘major business assets’, punishment through breach of trust charges is possible.

According to precedents, if materials were not disclosed to unspecified masses and the employer spent considerable time, effort, and cost to produce the materials, they can be recognized as ‘major business assets,’ and leaking them constitutes breach of trust.

However, critical views also exist regarding the concept of ‘major business assets’ itself. This can be seen as originating from attempts to apply breach of trust charges to cases that fell outside the protection scope of the Trade Secret Protection Act as a result of courts strictly interpreting ‘confidentiality management’ requirements of the Trade Secret Protection Act.

It is noteworthy that Korean criminal practice has actively applied breach of trust provisions to trade secret leakage.

11. Future Prospects and Practical Response Strategies

While trade secret confidentiality management requirements were substantially relaxed through the 2019 legal amendment, they still require certain management efforts. These changes reflect the clear legislative intent to strengthen trade secret protection while reducing the burden of proof in practice.

However, in applying confidentiality management requirements, flexible judgment considering the characteristics of individual cases, particularly company size and characteristics, is still needed. Additionally, it is necessary to approach cases of leakage by internal employees differently from cases of leakage by outsiders.

In the future, courts need to interpret confidentiality management requirements more flexibly in accordance with the intent of the amended law to effectively guarantee trade secret protection, and establish systematic and consistent legal principles in relation to breach of trust charges.

Atlas Legal recently has experience winning under new confidentiality management requirements in trade secret protection cases for small and medium enterprises by arguing for confidentiality management methods suitable for company size, particularly leading court judgments that consider differences in confidentiality management levels between large corporations and small and medium enterprises.