Global Online Freedom Act: Holding Personal Data and BPO Hostage to Politics

Trade in personally identifiable information (“PII”) is the heart of business process outsourcing. After all, BPO involves data processing of PII.

Some politicians would use PII as a hostage in trade protectionism. In 2004, then Senators Hillary Clinton, John Edwards and Bob Kerry proposed to prohibit the export of personal health information for foreign data processing. Now comes Rep. Christopher H. Smith of New Jersey with a proposal to prevent the transfer of PII to countries that deny Internet freedom to their residents by censorship and spying on Internet traffic to prevent the expression of political freedoms. Such legislation would draw a fine line, perhaps too fine, between prohibited censorship and legitimate police activity, threatening legitimate operations of democratic sourcing countries.

Achieving Internet Freedom via Banning Data Exports to Censoring Countries. Introduced into the U.S. House of Representatives on April 6, 2011, the Global Internet Freedom Act of 2011, 112^th Cong., 1^st Sess., would, if enacted, prohibit the export of PII to “repressive” countries such as China, Iran, North Korea and Cuba. Its goals would be:

• to prevent United States businesses from cooperating with repressive governments in transforming the Internet into a tool of censorship and surveillance,

• to fulfill the responsibility of the United States Government to promote freedom of expression on the Internet, and

• to restore public confidence in the integrity of United States businesses.

It calls for bilateral and multilateral trade agreements to isolate such repressive countries.

Key Political Facts: Censorship and Surveillance of Cyber-Dissidents. As a preamble, the draft law sets the political framework for justifying an export ban on PII to protect the Internet freedoms of expression of cyber-dissidents from foreign countries. By blocking such exports, the U.S. would target “repressive foreign governments” that “block, restrict, otherwise control, and monitor the Internet, effectively transforming the Internet into a tool of censorship and surveillance, in contravention of the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights.” The cooperation of certain U.S. businesses with foreign local censorship and surveillance laws has led to the arrest and imprisonment of the dissidents.

The draft law would prohibit U.S. businesses from “empowering or assisting” “an authoritarian foreign government in its efforts to restrict online access to the Web sites of the Voice of America, Radio Free Europe/Radio Liberty, Radio Free Asia, Al-Hurra, Radio Sawa, Radio Farda, Radio Marti, TV Marti, or other United States-supported Web sites and online access to United States Government reports such as the Annual Country Reports on Human Rights Practices, the Annual Reports on International Religious Freedom, and the Annual Trafficking in Human Persons Reports. Similarly, U.S. businesses would be prevented from helping such governments “identify individual Internet users.”

Non-Governmental Protections. The draft legislation would go beyond the private sector’s efforts, in founding the Global Network Initiative, that seek to provide direction and guidance to IT and telecom companies and others in voluntarily protecting the free expression and privacy of Internet users.

Who Would Be Regulated? The draft law would regulate “Internet communications services,” which are defined as any “method for providing communications services via the Internet, including electronic mail, Internet telephony, online chat, online text messaging, Internet bulletin boards, or Web pages. Such covered services would include “providing Internet access” but would exclude “activities conducted by a financial institution (as such term is defined in section 5312 of title 31, United States Code) that are financial in nature, even if such activities are conducted using the Internet.”

If a U.S. covered business controls a foreign subsidiary or affiliate, the $2.0 million civil penalty would be applied to the U.S. business if it (i) authorizes, directs, controls, or participates in the acts by the foreign entity; or (ii) authorizes, in whole or in part, by license or otherwise, the foreign entity to use the trade name of the United States business in connection with goods or services provided by the foreign entity. Global branding (such as Google) would result in liability for the U.S. parent.

Legitimate vs. Illegitimate Foreign Law Enforcement. The draft law defines “legitimate” foreign law enforcement purposes to cover “the purpose of enforcement, investigation, or prosecution by a foreign official based on a publicly promulgated law of reasonable specificity that proximately relates to the protection or promotion of the health, safety, or morals of the citizens of the jurisdiction of such official.” Illegitimate purposes would include “the control, suppression, or punishment of peaceful expression of political, religious, or ideological opinion or belief.” Protected peaceful expression would be covered by article 19 of the International Covenant on Civil and Political Rights, a UN-sponsored convention opened for signature, ratification and accession by General Assembly resolution 2200A (XXI)
of 16 December 1966 and that entered into force 23 March 1976. It has been ratified by China, Cuba, India, North Korea and many other countries, but the U.S. ratification contains a reservation that the core provisions (articles 1 through 27) are not self-executing. See www2.ohchr.org/english/law/ccpr.htm. [That article 19 provides:

1. Everyone shall have the right to hold opinions without interference.

2. Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.

3. The exercise of the rights provided for in paragraph 2 of this article carries with it special duties and responsibilities. It may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary:

(a) For respect of the rights or reputations of others;

(b) For the protection of national security or of public order (ordre public), or of public health or morals. ]

New Regulator of Internet Freedoms. The proposed law would establish, within the Department of State, a new Office of Global Internet Freedom (“OGIF”). The head of OGIF would be a Director appointed by the Secretary of State. The mission would be whatever the President assigns to the OGIF, plus a political mission:

• to “serve as the focal point for interagency efforts to protect and promote abroad freedom of electronic information related to expression of political, religious, or ideological opinion or belief;”t
• to develop and implant a global strategy to combat state-sponsored and state-directed Internet jamming of communications that express political, religious, or ideological opinion or belief and to combat the intimidation and persecution by foreign governments of their citizens who use the Internet for the peaceful expression of such opinion or belief;
• to provide assistance to the Secretary of State in connection with the annual designation of Internet-restricting countries (as required by the proposed law);
• to identify and maintain a database of key words, terms, and phrases relating to human rights, democracy, religious free exercise, and peaceful political dissent, both in general and as specifically related to the particular context and circumstances of each Internet-restricting country; and
• consult with IT and telecom companies that are involved in providing, maintaining, or servicing the Internet; human rights organizations, academic experts, and others to develop a voluntary code of minimum corporate standards related to Internet freedom; and
• to consult with the private sector regarding new technologies and the implementation of appropriate policies relating to such technologies.

Other countries have adopted similar bureaucracies, with limited results. The French “HADOPI” law established a bureaucracy to police the privacy compliance and abuses of the Internet, and, after some years and millions of complaints, has recommended legal action in less than 40 cases.

Prohibited Conduct. Under the draft law, a United States business that creates, provides, or offers to the public for commercial purposes an Internet search engine or that offers to the public for commercial purposes Internet communications services or Internet content hosting services may not locate, within an Internet-restricting country, any electronic communication containing personally identifiable information used to establish or maintain an account for Internet communications services. Waivers would be granted by the U.S. President or by U.S. Department of State for national interest purposes and for situations deemed acceptable by the U.S. government.

Criminal Conduct. A new federal crime would be created making U.S. business entities and their managers into criminals who do not comply with an “order” by the U.S. Attorney General not to comply with a foreign governmental request to provide personally identifiable information through the provision of products or services on the Internet where there is no “legitimate law enforcement purpose.”

Whoever knowingly provides to a foreign official of an Internet-restricting country information in violation of an order issued [by the U.S. Attorney General] under section 202(d), knowing that so providing such information will further a policy on the part of the government of such country of prosecuting, persecuting, or otherwise punishing individuals or groups on account of the peaceful expression of political, religious, or ideological opinion or belief, and with the result that so providing such information leads to the death, torture, serious bodily injury, disappearance, or detention of any individual on such account, shall be fined under title 18, United States Code, or imprisoned not more than 5 years, or both.

Civil Enforcement. In addition to potential criminal liability, U.S. businesses collecting PII on the Internet would become liable to the victims of foreign governmental repression. Such victims could obtain “damages, including punitive damages, or other appropriate relief, without regard to the amount in controversy, and without regard to the citizenship of the parties.” In essence, U.S. Internet businesses would become the puppets of U.S. trade policy and U.S. policies promoting political freedoms outside the U.S.

Impact on Outsourcing. Legislation like the Global Online Freedom Act of 2011, if enacted, would force U.S. search engines and U.S. businesses that collect PII via the Internet to become tools of law enforcement, without the certainty of immunity from liability for honest beliefs in complying activity. This type of legislation would hurt any business that uses the Internet to support its operations (with a friendly exception for “financial institutions”).

Such legislation is not the solution to political repression. The Internet search engine companies would bear the brunt of the regulatory compliance. The scope of the law would still enable trade with the repressive countries for (i) data processing of U.S. PII that is not collected via the Internet, (ii) data processing of U.S. business transactional data, even if collected via the Internet, which does not constitute PII.

A simpler, more honest solution would be to unilaterally withdraw free trade rights and impose sanctions on offending “repressive” foreign governments, as is done under the political retaliatory provisions of Section 301 of the Tariff Act of 1930, for example. This proposed law would hijack the private sector, creating a framework for criminal violations by business, as a tool for persuading foreign governments to stop internal repression. Such a mission is misguided and does more harm than good.

Don't Let Your Brand Become the Next XXX Site

ICANN (the Internet Corporation for Assigned Names and Numbers) wants to allow pornography websites to have their own "www.[name].xxx". This will allow net-nannies to exclude port sites and enable new forms of "social networking" through legitimate porn sites. The stage is set for this transformation in the summer of 2011.

Now would you like your famous (or almost famous) brand to be registered as a URL with the XXX moniker? Then do nothing.

If you would like to save some money and embarrassment from XXX cyber-squatters, register your trademark with the competent authority. We can help.

OUTSOURCED – FUNNY BUT TWISTED.

NBC’s new Thursday evening comedy series, “Outsourced,” has been edited for Hollywood, but it’s charming, farcical and at least spares the viewer the horrible canned laughter of the evening soap operas.

Unemployed American Twentysomething (a throwback to the “Ugly American” dumb idiot of the 1950’s and 1960’s) finds employment in India as call center “manager.” The cast of characters includes an obsequious and overambitious Rajiv, an alienated American managing another call center, a drop-dead gorgeous fun-loving Aussie chick (of mysterious background) managing a third call center, a silent Sikh skilled in the art of the walk-out political protest, a lower caste pariah likely to blossom during the course of the season and other stereotypes reminiscent of “The Office.”In fact, it’s “Outsourced Office,” with cultural training that highlights the worst of both American and Indian stereotypes. But it’s cute, contains enough truth to be half-credible, and is an introduction to the real India. Of course, we have to suspend reality, by ignoring the 10 ½ (to 13 ½) hour time zone differences and assuming phone calls during the day in India are coming from some place in America during some daylight hours.

If you like “Outsourced” and actually want to learn more twisted truths, you need to buy my book, tentatively titled “Twisted Truths in Global Sourcing.”

To contribute to www.outsourcing-law.com or to receive a copy of my book please contact publisher@outsourcing-law.com.

Government Procurement: Civil Fraud and Debarment for Non-Disclosure of [Offshore] “Outsourcing”

Many companies provide services to the U.S. government. Directly and indirectly, government contractors must disclose extensive information in their bid documents. Under a draft U.S. law, such bids would need to disclose whether the bidder has a history of “the laying off of a United States worker from a job, and the hiring or contracting for the same job to be performed in a foreign country.”

Under the draft “Stop Outsourcing and Create American Jobs Act of 2010”, introduced by Rep. Jerry Cranwell (D., Calif.) on June 29, 2010, all Federal government departments and agencies would be required to request each bidder for a Federal contract to provide information regarding whether the offeror engaged in “outsourcing” during the fiscal year preceding the fiscal year in which the contract is to be awarded. The bill attacks the restructuring of government suppliers who terminate the employment of a United States worker from a job and hire (or contract for) the same job to be performed in a foreign country.

The bill would punish bidders by debarment from future Federal government contracts and impose criminal fraud penalties under 18 U.S.C. 1001 (false statements to the Government).

Analysis. This bill requires disclosure and imposes civil debarment and criminal liability for non-disclosure. The disclosure relates to a lawful act of laying off a U.S. worker followed by a lawful act of hiring a foreign worker.

Comity and Reciprocity. Public International Law is built upon reciprocity and “comity.” “Comity” represents a respect in one country for the reasonable internal actions in another country for matters that have potential dual impact in both countries. This draft legislation is patently nationalistic, protectionist and xenophobic. On a reciprocal basis, an American worker would have no chance of replacing a foreign worker employed by a foreign employer where the foreign employer provides goods or services to a foreign government. Such legislation risks serious harm to American workers by foreign adoption of similar laws where foreign labor is replaced by American labor.

Multilateral and Bilateral Commitments. As a legal matter, a law that violates U.S. international commitments may be valid under local law but engage the international responsibility of the United States under a prior binding international convention. This law would punish American government contractors for practices that are protected under the WTO General Agreement on Trade in Services (“GATS”) and possibly the WTO Agreement on Trade-Related Investment Measures. Similarly, the U.S. would be in breach of its bilateral duties under NAFTA.

Bill of Attainder. This faces U.S. Constitutional challenge as a Bill of Attainder under Article I, Section 9. A “bill of attainder” was a law that banned a person because of some inherent status or the exercise of some freedom, right or privilege that is generally available to all citizens. It is a legislative declaration that a person or group of persons is guilty of some crime and punishing them without benefit of a trial. In such, the draft law would have the same effect as debarring contractors who fire U.S. workers for any lawful reason, such as a shortage of work, or such as the employee’s abuse of the employer’s computer system or use of office equipment for conducting a sideline business during off-hours.

Business Process Transformation. The draft legislation does not define what is the “same work” that is being done offshore. In many cases, globalization occurs because the functions and roles are changing to use new technologies, to access new markets and to obtain new skills. As in other cases of “follow the work,” the question is not just work, but organizational design, workforce planning (such as for knowledge workers) and marketing (getting closer to the customers). The draft law invites artificial determinations that offshored work is the “same” and omits any definition of “sameness.”

Hidden Agenda: Compiling a Little List. Since public procurement procedures are accessible to the public in the United States, the draft legislation invites inquiry into its effects. If enacted, the draft law would allow the Government to compile a list of all Government contractors who had done any “outsourcing” in the prior 12 months. Such a list would then be used for political purposes to harangue any enterprise “guilty” of such lawful behavior. Instead of outlawing “outsourcing,” the draft legislation would outlaw those who wrongfully deny that they outsource (under 18 USC 1001) and create a political stigma for actions that are not illegal. This is reminiscent of the frenzy and abuses of the anti-Communist witch-hunt of Senator Joe McCarthy in the 1950’s.

A simpler legislative solution would be to ban “outsourcing.” Of course, such a ban would be so offensive (and contrary to national commitments under NAFTA, WTO and bilateral treaties) that it would never pass. But, certainly, no offense could be taken by an innocuous bill to prevent frauds and plan a smear campaign.

Strengthening American Employability. It is regrettable that such defective and ill-conceived legislation does not address the core issues of American employability, such as education, language skills, competitiveness and use of technology to improve the human touch. In fact, in the tax-haven segment of this same draft bill, the test of whether a foreign jurisdiction is a tax haven (justifying anti-deferral and other retaliatory treatment) includes some factors that the Congress should consider for promotion of American employability, such as ”Incentives which may encourage a United States corporation to invest abroad rather than domestically.” H.R. 5622, Sec. 2 (111th Cong., 1st Sess.).

There are other methods of aiding job losses from outsourcing. A legally valid solution would require re-examination of American global commitments and a balancing of benefits and burdens, including enforcement of WTO violations. Such enforcement actions are at the discretion ofthe President and not congressional legislation.

Managing the New "Trade Secrecy" Risks in Global Sourcing: Criminal Theft, Criminal Negligence, Espionage, Bribery, Antitrust, and Enforcement

Trade secrecy risks arise whenever an enterprise shares confidential business information with a supplier, service provider, joint venturer or customer. Trade secrecy protection measures should be planned and implemented through appropriate non-disclosure covenants by the third party and possibly even its employees and others in the value chain. Current trade secrecy are reflected in three seemingly disparate events: the Rio Tinto employee economic espionage and bribery case in China, the U.S. Department of Justice’s investigation into the anticompetitive use of non-competition covenants (“non-competes”) by high-tech companies and the Algerian-U.S. Mutual Legal Assistance Treaty (“MLAT”).


These three current events suggest that both enterprise customers and their service providers take a second look at their current practices for protecting trade secrets. At the end of this article, we offer a series of questions that need answers before any kind of outsourcing – indeed, any cross-border data flow — can take place. Such questions offer a basic refresher course, with “James Bond-compliant” updates, on challenges of trade secret protections in global operations.

I. The Current Context of Trade Secrets at Risk

Item #1: Bribery and Espionage in China (the Rio Tinto employee case). On March 28, 2010, China convicted a local sales employee of a British-Australian mining company named Stern Hu, a Chinese-born Australian citizen, and other Chinese-resident employees of Rio Tinto (but not Rio Tinto itself) of bribery and theft of trade secrets relating to price negotiations of iron ore for sale to Chinese state-owned companies. The trial was conducted largely in secret. Rio Tinto had previously rejected an investment offer from Chinalco that involved some Australian national security issues. Some analysts suggested the case was a political retaliation for that rejection and an abuse of judicial authority. Others suggested that the case leaves open the question of whether there was any rule of law or was this merely the use of judicial power to punish foreign business that used aggressive means of driving hard bargains. The case attracted global attention to the concept in Chinese law that identifies non-public commercial information of a Chinese state-owned enterprise as a “state secret.” Rio Tinto initially defended the employees but then said they had acted outside the scope of their operations and authority. The employees were convicted and sentenced to 7 to 14 years in prison plus financial penalties.

On March 25, 2010, China’s State-Owned Assets Supervision and Administration Commission issued regulations on commercial secrets, but did not disclose them until the Rio Tinto employee verdict. Those regulations remain somewhat vague, leaving foreign companies (and Chinese companies that are not state-owned enterprises, or “SOE’s”) to interpret them at their peril. See www.outsourcing-law.com/jurisdictions/countries/china.

Item #2: Anti-Terrorism and Cybercrimes under a Mutual Legal Assistance Treaty. On April 7, 2010, the U.S. and Algeria signed a mutual legal assistance treaty to combat international crime and terrorism. According to the press release:

The mutual legal assistance treaty, or MLAT, will be an effective tool in the investigation and prosecution of terrorism, cybercrime, white collar offenses and other crimes. Among other tools, the treaty will help law enforcement officials from the two countries obtain testimonies and statements; retrieve evidence, including bank and business records; provide information and records from governmental departments or agencies; and provide a means of inviting individuals to testify in a requesting country.

The U.S. has approximately 50 such MLAT’s. Such agreements could be used to enforce criminal prosecutions of misappropriation of trade secrets, assuming such misappropriation is a criminal act in the relevant jurisdictions. The press release announcing the MLAT did not link to any copy of the treaty, and the Justice Department website does not publish a copy either. Interested parties will need to do some further investigation then in how such a treaty might be used to enforce trade secret protections.

Item #3: Hiring Practices by Global Services Providers. Now, enterprise customers have to be worried about the legality of hiring practices – at least in the United States – of their outsourcing service providers. Since July 2009, the U.S. Department of Justice has been investigating the hiring practices of Google, Intel, IBM, Apple and IAC/InterActiveCorp., according to the Wall Street Journal and other news reports in April 2010. The reports claim that the U.S. Government could challenge, or chill, the use of non-competition covenants in industries, such as high-tech, where innovation drives comparative advantage and non-competes might constitute illegal collusion on cost management, thereby depriving knowledge workers of a market for their skills. The investigation appears inspired by cases where innovators are hired away and the former employer seeks to enforce a non-competition covenant, particularly where the new employer claims that the litigation lacks a valid legal basis and thus is anticompetitive. (Such a case happened in 2005 when Google hired a Microsoft engineer in China, and Google claimed that Chinese law did not permit enforcement in China of a non-competition covenant). Enterprise customers should now be concerned with compliance by their service providers with antitrust concerns.

II. The Law of Trade Secrecy

All these recent events underscore the need for prudent trade secrecy practices in the global supply chain. Trade secrets are now at risk due to potential civil and criminal espionage, bribery, cybercrime, and antitrust prohibitions on abusive and illegal anticompetitive practices. Further, the area of trade secrecy is now engulfed in national security and public policy considerations, underscoring the importance of a stable political environment for assuring the predictability of legal rights and enforcement actions in the various jurisdictions where trade secrets are shared and used in an outsourcing business relationship.

Trade Secrets. It is a best practice in outsourcing contracts, to protect the enterprise customer’s trade secrets. The customer wants to know how this is done. Such protections can be applied to individual employees under non-disclosure agreements and maybe even non-competition covenants. NDA’s are generally enforceable but are generally construed in a manner to avoid depriving an employee (or service provider) of “general skill and knowledge” in the industry.

NDA’s are essential to enable any outsourcing, resourcing (retro sourcing back in-house) and transfer sourcing (to a new service provider on expiration or termination). As a matter of public policy under national laws, NDA’s are critical. The WTO protections of trade secrets are not very strong, based instead on non-secret intellectual property rights such as patents, trademarks and copyrights.

Non-Competition Covenants. Non-compete covenants are unenforceable in California as a matter of law and possibly in the BPO provider’s service delivery jurisdiction. Non-competes deprive employees of a right to be hired by competitors. They are unenforceable in some jurisdictions, and where enforceable they must be limited to reasonable scope in time, territory and subject matter. Employers can make the arguments, in an antitrust context, that non-competition covenants:

1. are not anti-competitive in practice;
2. do not deny employees the right to find work in non-competitive companies;
3. are widespread across industries and countries; and
4. are used by companies across many industries to maintain good business relationships by promoting exchanges of information across the full spectrum of personnel (not just through a narrow channel, like a chaperone of trade secrets), and as a result collaboration between technology-based companies is promoted by such practices.
   

An antitrust enforcer might argue that non-compete agreements distort access by skilled workers to mobility and job choice, thus depressing competition for skilled workers and depressing wages.

Risk Management: Knowing Your Service Provider’s Hiring Practices. Based on this antitrust activity, enterprise customers should investigate the employment practices of their service providers to understand clearly the contractual framework and legal enforceability of employment practices in the relevant jurisdictions. The legal framework for protecting trade secrets, or allowing them to be disclosed to the local government without judicial review with open adversarial procedure, should also be explored and fully appreciated. Thus, trade secrecy risks should be assessed in the selection of service providers, the scoping of the functions to be outsourced and the use of encryption and decryption before data transfers.

Compliance: Knowing Yourself and the Law. These recent events raise questions that compliance officers and legal departments, as well as product managers and CEO’s, should answer before any kind of outsourcing takes place:

1. What does the enterprise customer do today to identify and protect its trade secrets internally?

a. Identify types of non-public information from all sources that needs to be maintained as non-public.

i. Securities (risk of liability for securities fraud)
ii. Financial information (risk of loss of advantage in pricing negotiations; risk of
securities liability for failure to comply with Regulation FD or other “fair disclosure”
rules)
iii. Human capital information (governed by labor laws and privacy laws)
iv. Technical data, such as designs, processes, formulae, manufacturing techniques
(risk of loss of patent rights or loss of competitive advantage)
v. Marketing information (customer names and related business information relating
to the enterprise’s customer relationship)
vi. Sales information (the existence of RFP’s and the contents of offers and other
responses to RFP’s)

2. How much data does the enterprise need to have to accomplish its mission?

a. Avoid excessive collection and preservation of unencrypted

i. personally identifiable information (“PII”) of individuals in any business relationship.
ii. healthcare information.
iii. credit card information.

b. Avoid collection of non-public information from third parties who might be under a duty
of non-disclosure, or who cannot explain how they legitimately obtained the non-public
information.

3. How does the enterprise ensure that it has the legal right to know the non-public information?

a. Obtain written confirmation from the disclosing party that it has the authority to make
the disclosure.
b. Identify non-disclosure agreements and categorize the information so that it can be
accessed, stored, retained and destroyed in accordance with the non-disclosure
agreement.
c. Limit access by persons having a legitimate “need to know.”
d. Use the non-public information only as necessary to perform a legal and permitted
business activity.
e. Avoid use of bribery, coercion, theft and other illicit means of acquiring non-confidential
information.

4. How does the enterprise identify and protect the trade secrets of third parties with whom it does business.

a. Identify source of non-public information.
b. Identify the duration of any holding period for non-public information under any
non-disclosure agreement.

5. What measures does the enterprise take to train and audit its employees for compliance with trade secrecy policies?

6. Does the enterprise identify special duties and special risks.

a. Take special measures to identify, segregate and protect “commercial secrets” or “state
secrets” when dealing with a foreign state-owned enterprise (“SOE”)?

7. How are trade secret rights recognized and enforced under local law? Are such rights clearly protected, or must a company rely upon contract or criminal prosecution?

8. What are the best ways to protect trade secrets from a practical viewpoint?

a. Divide work flows or discrete functions across suppliers, countries and sources to avoid
having one person or supplier know too much.
b. Retain competitive information in-house.
c. Segregate sales and marketing functions from non-public information in internal technical,
financial and human resources departments.

9. What is the history of trade secret enforcement in the country?

a. Risk of inadvertent criminal liability, including vicarious liability of senior executives for
misdeeds of employees (See China’s Criminal Law, article 219).
b. Risk of investing in new products or services that cannot be exploited due to
misappropriation.
c. Identify any history of data security breaches and remediation activities.

10. Does the enterprise customer’s country have a “mutual legal assistance treaty” or other agreement with the service provider’s country to prosecute “cyber-crime”, so that evidence can be exchanged and used in international abuses of trade secrets?

11. What policies, practices and contractual measures does the service provider take to protect trade secrets? Are such measures a violation of antitrust law and therefore unenforceable?