in short
background: In recent months, artificial intelligence (“AI”) platforms have taken the world by storm, introducing powerful new tools for generating original and helpful content based on training data and user prompts.
situation: These tools pose a potential threat to corporate trade secrets, as employees can inadvertently disclose sensitive information using generative AI applications. For this reason, some companies prohibit the use of these applications for work-related tasks.
For the future: Banning the use of generative AI is one solution, but there are several possible solutions that allow you to take advantage of the many benefits of generative AI while still reasonably protecting your company’s trade secrets.
Generative AI applications, such as large language models, have emerged as breakthrough tools for analyzing data and generating artifacts across industries. But as recent news has shown, these tools pose a unique threat to corporate trade secrets. These applications capture and store inputs to train models. Information entered into these applications may not be deleted by the user once captured and may be used in the applications or reviewed by the companies behind the AI applications. When an employee enters a company trade secret into her AI prompt, that trade secret can be at risk of losing trade secret protection.
To avoid the consequences of disclosure resulting from the use of AI systems, it is important to ensure that companies take reasonable steps to protect their trade secrets.this Commentary Analyze potential measures to protect trade secrets from the use of employee-generated AI applications.
Reasonable measures for trade secret protection requirements
Trade secrets are valuable assets for companies and contain proprietary information, formulations, processes, technologies or customer data that give them a competitive advantage. Unlike patents and copyrights, trade secrets rely on confidentiality and are not formally registered. Maintaining trade secret secrecy is essential to maintaining a company’s uniqueness and competitive advantage in the market.
Under the Defense of Trade Secrets Act (“DTSA”), owners of trade secrets are required to take “reasonable steps to keep such information confidential.” 18 USC § 1839(3)(A). The Uniform Trade Secret Act and related state trade secret laws have similar requirements. for example,, Uniform Trade Secrets Act, Article 1(4)(ii) (requiring that a trade secret be “the subject of reasonable efforts under the circumstances to maintain it”). Cal. Civilization Code § 3426.1(d)(2) (same); Texas Civ. & Rem. Code § 134A.002(6)(B) (requires “the owner of the trade secret takes reasonable steps under the circumstances to keep the information confidential”). This requirement is important because confidential information may lose its valuable trade secret status if reasonable steps are not taken.
DTSA does not define “reasonable action”. Rather, whether those safeguards are reasonable depends on the circumstances. The good news is that political parties only need “reasonable action”, not every possible action. Therefore, in some cases, if a party discloses a trade secret as a result of a good faith mistake, the party will take reasonable steps to protect the trade secret, even though the party immediately disclosed the trade secret to the customer. A court may recognize that you have done so. If we become aware of an error, we will keep the information confidential. See Fireworks Spectacular, Inc. vs. Premier Pyrotechnics, Inc., 147F. supplement. 2d 1057, 1066–67 (D. Kan. 2001). see also John Bean Tech. Corp. v. B GSE Group, LLC, 480F. supplement. 3d 1274, 1296–99 (D. Utah 2020).
Generative AI and the potential for unintentional disclosure of trade secrets
Generative AI applications have great potential to improve productivity and create innovative solutions for companies in all industries. For example, in the software industry there is a growing number of applications that can parse natural input and programming language input to generate or test source code. Also, in the life sciences, AI applications can obtain amino acid sequences and predict protein structures. Continued innovation in the generative AI field will continue to expand the potential and use of such tools.
Generative AI applications have the ability to autonomously create original content by extrapolating information from vast amounts of data collected from both public sources and received inputs. Collected data is often stored on servers controlled by companies that support generative AI applications. However, this data collection process comes with various trade secret concerns for companies using these applications. Following reports of sensitive information being leaked to third parties after using generative AI platforms, many companies are completely banning and restricting the use of generative AI in the workplace to protect sensitive information. .
There are three main concerns when employees enter confidential company information or other confidential information as prompts to a generated AI application. (i) Subject to the terms of the corresponding End User License Agreement (“EULA”), the company-generated AI applications that they support may review, publish, and sell their Confidential Information. (ii) the application itself may be able to reuse this sensitive information for third parties by using it to train responses; (iii) If the company supporting the Generative AI application is compromised, third parties may gain access to your confidential information. Furthermore, in the event of disclosure, the Employee User cannot retrieve or delete confidential information entered into the application and stored on the application’s servers, and the use or protection of confidential information once disclosed cannot be regulated. I can’t do it either.
Today, more can be done to protect company trade secrets from disclosure by employees. It is reported that 70% of her employees using generative AI tools do not report their use to their employers. This situation reflects that many companies have yet to adopt strict policies in the wake of the generative AI boom. By implementing modern policies to protect trade secrets, businesses can be better prepared for the growing use of generative AI applications.
Mitigation strategy
In addition to standard corporate policies for protecting trade secrets, there are several solutions that use generative AI to further prevent trade secret exposure.
No blankets allowed. As recent announcements by major multinational corporations show, one solution to prevent generative AI from leaking trade secrets is to ban its use in work-related tasks entirely. One way to implement this solution is to prevent employees from downloading software or accessing web applications. This makes the software unusable for most employees. Another implementation is to simply tell employees not to use the software. This is easy to implement, but less effective at preventing employees from using the software. Regular monitoring and auditing help detect and prevent potential violations. However, both require ongoing maintenance and policing to be effective. As the use of generative AI becomes more widespread, this may become impractical. Additionally, companies that ban generative AI outright may be at a competitive disadvantage to companies that allow or encourage the use of generative AI due to potential advantages.
Robust access control. An alternative to a blanket ban on generative AI is to limit access to and use of it. Companies should already have protocols in place to restrict access to sensitive data. Similarly, companies should consider establishing protocols to restrict who can operate and interact with generative AI systems. In addition to limiting who has access, companies should also consider limiting or reviewing what can be used as input to generative AI applications. For example, the software may be used to prevent certain keywords or phrases from being used as input. Similar to blanket bans, regular monitoring and auditing also help detect and prevent potential violations. These considerations may also be communicated by corresponding EULAs.
Enterprise License. Companies that choose to allow the use of generative AI should consider obtaining an enterprise license that places limits on what the AI provider can do in response to prompts or other input into the system. For example, his EULA for an individual user’s subscription may specify that the input can be used to train underlying models for use by third parties. In contrast, an enterprise license may stipulate that its inputs may not be used to train underlying models, or that such trained models may only be used by enterprises (other than third parties). I have.
Third Party Protection. In addition to employees potentially using generated AI, contractors and other third parties may also use generated AI. Businesses should review their existing agreements and consider whether to enforce any of the above policies with respect to these third parties as well.
Employee education and awareness. Finally, whether companies prohibit, restrict, or even encourage the use of generative AI, it is important to raise employee awareness of the importance of protecting trade secrets and the risks associated with generative AI. is. Courts have consistently found that companies take reasonable steps to protect trade secrets by keeping employee agreements and policies up to date. for example,, Phillips North America LLC v. Hayes2020 WL 5407796, *9 (D. Md. 2020) (plaintiffs plausibly take reasonable steps to protect trade secrets based on reference to the “Employee Ethics and Intellectual Property Agreement”). claimed). ExpertConnect, LLC v. Fowler2019 WL 3004161, *4 (SDNY 2019) (plaintiffs plausibly allege reasonable steps to protect trade secrets, based in part on references to employee handbooks). Enterprise Leasing Co. vs. Ehmke197 Ariz. 144, 151, 3 P.2d 1064, 1071 (Ariz. Ct. App. 1999) We certify that we have taken reasonable steps to limit disclosure, including retention provisions) senior management, and include confidentiality provisions in our employee policy handbook). Companies should therefore update their employee handbooks, agreements, and policies to address the use of generative AI, and educate employees on how to handle confidential information, while emphasizing legal and ethical obligations surrounding trade secrets. A training program should be put in place to educate.
Conclusion
The advent of generative AI presents immense opportunities, but it also poses some obstacles to protecting confidential corporate information and trade secrets. If companies choose to prohibit, limit, or allow the use of generative AI, adopt robust security measures, establish clear policies, and foster a culture of awareness to mitigate risk. is needed. By proactively addressing these challenges, companies can protect their valuable intellectual property assets and remain competitive in the ever-evolving AI landscape.
5 key points
- A ban on generative AI may be the most powerful way to prevent disclosure of trade secrets, but enforcing this solution can be costly and competitively disadvantageous.
- Strong restrictions on access to and input into generative AI applications protect sensitive information while leveraging the potential benefits of generative AI for productivity and innovation.
- Companies should consider deploying enterprise versions of generative AI applications with EULAs that stipulate that collected data will be protected or deleted.
- Businesses must also ensure that all contractors and third parties comply with their own generated AI policies.
- Employee education and awareness are key to preventing the inadvertent or unintentional disclosure of sensitive personal information using generative AI.
