AustLII [Home] [Help] [Databases] [WorldLII] [Feedback] MurUEJL

Murdoch University Electronic Journal of Law
You are here:  AustLII >> Australia >> Journals >> MurUEJL >> 2003 >>  [2003] MurUEJL 10

[Global Search] [MurUEJL Search] [Help]

An Overview of Trade Secrets Protection in Romania

Author: Marius Petroiu
Attorney at Law; LLM Candidate, McGill University Faculty of law
Issue: Volume 10, Number 2 (June 2003)

Contents:

An Overview of Trade Secrets Protection in Romania

    Introduction

  1. As part of the adhesion process to the North Atlantic Treaty Organisation (hereinafter "NATO"), Romania signed several NATO agreements, promising to guarantee the confidential status of materials and data of national importance, with a special view to those obtained by the Romania from NATO allies. Thus, Romania and NATO concluded a "Security Agreement" on July 8, 1994, as well as a "Data Exchange Code", on September 10, 1994.

  2. Romania also agreed upon the implementation of a legal framework in order to regulate the protection of materials and data related to matters of national security or for the interests of a public or private entity (hereinafter sometimes referred to as "classified data"). Applicable Regulations

  3. Pursuant to the international treaties entered into and considering the intention of Romania to become a member of NATO military and political structures, on April 12, 2002 Law No. 182 on granting protection to top secret information (also known as the "Law on classified data") was enacted (hereinafter "Law No. 182/2002").

  4. Furthermore, under the provisions of Law No. 182/2002, Governmental Decision No. 353/2002 on Rules for protecting NATO classified data was enacted, as well as Governmental Decision No. 585/2002 on standards of protection of national classified data (hereinafter "GD No. 585/2002").

  5. As regards trade secrets protection, Governmental Decision No. 781/2002 on companies' trade secrets protection was enacted, dealing with the principles and rules a company may use for protecting its trade secrets (hereinafter "GD No. 781/2002").

    National Register for Evidence of Classified Data

  6. With reference to the procedures of access, evidence and control of classified data, a National Register for Evidence of Classified Data was established (hereinafter the "Register"), following the provisions of the Governmental Decision No. 845/2002[1] (hereinafter "GD No. 845/2002"). The Register is the national authority on matters of protection of classified data[2] being organised as a public entity under the supervision of the Romanian Government.

    Concepts Used by Law No. 182/2002

  7. The term of "classifying" information, as defined by Law No. 182/2002 and the above-mentioned Governmental Decisions, make reference to the fact of qualifying certain information as top secret. Such description stands in order to ensure the necessary protection of top secret data for Romanian national security purposes ("national classified data") or for the activity of a corporation ("companies' classified data", also known as "trade secrets").

  8. Basically, national classified data relates to matters of national security, disclosure of which could seriously damage Romanian economic, military or political interests. Based on Law No. 182/2002, national classified data benefits from three standards of protection, which are awarded according to their level of importance (top secret, secret and confidential), and supposes severely restricted access.

  9. On the other hand, following the provisions of Article 31 of Law No. 182/2002 and Articles 7 and 8 of GD No. 585/2002, data classified as companies' trade secrets includes data intended to be known only by those employees to whom knowledge of such data is essential in order to fulfil their working duties, following thus the principle of "need to know". The disclosure of such information on a large scale is likely to damage the companies' economic, financial or marketing interests.

  10. Under the provisions of Law No. 182/2002, it is strictly forbidden to classify as trade secret, information, which due to its nature and content, is required to serve public duties or interests, or information, which if withheld, could be the considered as obstructing the course of justice.

  11. In such case, the shareholders representing at least 25 percent of the registered capital of a limited liability company or at least 10 percent of the registered capital of a joint stock company may request managers for the call of a shareholders' general assembly. Such assembly shall debate the managers' decisions on classifying company's data and may take into account the managers' revocation as a sanction. In case the managers refuse to call such an assembly, the company's censors or the local tribunal may proceed in this respect.

  12. Consequently, data of real interest for the companies' activities, which are not subject to the above-mentioned restrictions, may be classified as trade secret. Should a person then require access to a company's information, the company's representatives must provide the applicant with relevant details as to whether such information is protected or not as a trade secret under the company's rules and applicable regulations.

    Classifying and Controlling Companies' Information

  13. Under Law No. 182/2002 and GD No. 781/2002, the companies' information becomes classified as trade secret following a decision of the "manager of the legal entity". However, the above-mentioned regulations do not provide a definition of this concept.

  14. Following the provisions of the Romanian corporate regulations[3] data which are important for the company's benefit shall be codified as trade secret based on the initiative of either the sole manager or the chairman of the company's board of directors. Usually, such initiative shall follow the proposals of the company's executive directors. However, in the event that the sole manager or the chairman of the company's board of directors decides to codify information as trade secret, absent a proposal of the company's executive directors, the regulations do not specifically exclude such a case.

  15. As a rule, the procedure of classifying a company's information relies on a decision issued by the company's ordinary general assembly, empowering managers or the board of directors in this respect. A decision of the company's special general assembly is not required, as quorum formalities may delay the making of a final decision. However, in case the classification of certain information is urgently required, the managers or the board of directors may proceed, absent a previous decision of the ordinary general assembly. Such managers' decision must then be ratified by the shareholders' assembly. The extent to which the shareholders shall be entitled to have access to the companies' trade secrets shall be established by a separate decision of the ordinary general assembly.

  16. Based on the amount of a company's trade secrets, Law No. 182/2002 requires the implementing of a person ("security person") or a department ("security department"), entitled to oversee the applicable security procedures. Under the provisions of Article 29 of GD No. 585/2002, the security person or the head of the security department must be appointed between the deputies of the company's manager or from the members of the company's board of directors.

    The Confidentiality Agreement

  17. Following a prior written notification submitted to the Register, the company's manager is entitled to verify the professional and moral background of the persons subject to be authorised for access to the company's trade secrets. The applicants are required to execute an affidavit beforehand, stating the acceptance of the verification procedures.

  18. Upon verifications, the company and the person to be authorised shall enter into a confidentiality agreement. Based on the execution of such agreement, an access permit shall be issued, following the provisions of the Addendum No. 2 to GD No. 781/2002. It is advisable that such an agreement be mentioned into a special register, to be concluded by the company's security person or department.

  19. The confidentiality agreement is a convention executed by the manager and the security person or the head of the security department, as representatives of the company, and also by the person awarded with access clearance over the company's trade secrets. The agreement shall include terms and duration of access, the validity period and confidentiality obligations of the parties.

  20. As a rule, the parties are entitled to estimate the extent of the damages that may occur in case of a breach of the agreement. In such case, a Court of Justice shall establish the existence of a case of infringement of the agreement's provisions and consequently, it shall decide upon the full recovery of the existing damages.

    The Access Permit

  21. Basically, the access permit shall be drafted following the sample attached as Addendum No. 2 to the GD No. 781/2002. The permit shall bear a series and registration number, the name, personal numeric code[4] and position of the person who is permitted access to the companies' trade secrets.

  22. The permit shall also specify the validity period, which may be up to four years. As Law No. 182/2002 does not prohibit it, the permit may be renewed indefinitely for periods of a maximum of four years. The evidence of the permits already issued shall be kept with a register concluded in accordance with the provisions of Addendum No. 3 to GD No. 781/2002. As provided by Law No. 182/2002, the issuance of each permit shall be recorded in the Register by the companies' management.

  23. Uncommonly, the permit sample provided by Addendum No. 2 to the GD No. 781/2002 allows unlimited access to companies' trade secrets, without restraining the types or categories of information for which the access was granted. Theoretically, once the permit was issued, it would allow the owner to have access to all the existing companies' trade secrets. However, in practice, such case may determine tremendous difficulties for companies' business activities. Therefore, managers must have the right to issue permits authorising for a limited or un-limited access, depending on the companies' interests.

  24. The evidence of the companies' trade secrets shall be kept by means of a register concluded in this respect, following the provisions of Addendum No. 1 to GD No. 781/2002. The register shall be drafted in two parts, making reference to documents coming "inside" or "outside" of the company. The security person or the head of the security department shall manage the procedures in filling the register with all necessary details.

  25. All documents classified as the companies' trade secrets shall bear on each page the letter "S"[5] before their registration number, together with the wording "trade secret"[6] The header of the document shall provide the companies' details, the registration date and number of exemplars and also the coordinates of the authorised recipient. Also, documents intended to be used by certain persons only, shall bear the wording "Personal" and the name of the recipient.

  26. As a rule, access to the companies' trade secrets is allowed only within the companies' headquarters. For use outside the perimeter of the headquarters, such access must be authorised accordingly.

    Removal of the Access Permit

  27. An access permit may only be removed by the companies' managers in one of the following cases:

  28. As a consequence, the authorisation permit shall be destroyed. The documents shall be destroyed only by persons empowered in this respect. Additionally, the destruction must be made in a manner that will prevent further reproduction or reconstitution.

    Destruction of Documents Relating to the Companies' Trade Secrets

  29. In accordance with the provisions of Article 1 of GD No. 781/2002 and GD No. 585/2002, trade secrets which become out-of-date, expired or definitively compromised shall be archived or destroyed, following the written approval of the companies' managers. A minute shall be concluded in this respect. Also, the registers documenting the above-mentioned trade secrets must be archived for at least 10 years. It would be advisable that a copy of the original documents that may be destroyed, are also archived as an attachment to the above-mentioned minute.

    Access of Foreigners to the Companies' Trade Secrets

  30. Under the provisions of GD No. 781/2002 and GD No. 585/2002, the access of foreign citizens as well as Romanian citizens with other citizenship or stateless persons to trade secrets must be previously authorised. The authorisation may restrict the owner's access to certain perimeters, rooms or areas of the company. At the same time, the access shall be authorised on a "need to know" basis, bearing in mind the fact that access to the companies' trade secrets may only be provided to persons entitled to use such data due to their employment duties. The access permit cannot be issued absent verifications on the moral and professional background of the applicant. Furthermore, the permit shall be issued following the conclusion of a confidentiality agreement between the companies' representatives and the applicant.

  31. Once authorised, the above-mentioned persons shall bear a distinctive badge during their visit to the companies' headquarters and will require a permanent escort.

  32. In case of non-compliance with the provisions of the confidentiality agreement and/or access permit, the right of access shall be removed immediately, the access permit becoming invalid. Furthermore, the interested company may ask for the recovery of all existing damages, by amiable settlement or through a Court of Justice.

    Powers of the Romanian Secret Service With Regard to the Protection of Companies' Trade Secrets

  33. In accordance with the provisions of Article 34 of Law No. 182/2002, amongst other powers , the Romanian Secret Service (hereinafter "RSS") has the right to:

  34. Following the above-mentioned provision, we may conclude that the RSS is permitted prior control over the programmes designed for trade secrets' protection, developed by a public or private company. Arguably, such control is only relevant in an "advice-giving" capacity, with the RSS only being allowed to recommend certain measures to the company's management for improving the protection of the existing trade secrets.

  35. Secondly, in accordance with the above-mentioned provisions, a private company seems to become constrained by law to require only the assistance of RSS in order to ensure the collecting, transport and distribution of their official correspondence related to trade secrets. In addition, such conclusion appears to be confirmed by the provisions of Article 1 (b) of GD No. 781/2002 and Article 81 of GD No. 585/2002.

  36. Pursuant to the above-mentioned provisions, documents concerning "classified data" shall only be delivered inside or outside of Romania by special units of the RSS. Moreover, the use of the Romanian National Postal Service or private dispatch companies for expenditure of documents concerning "classified data" seems to be prohibited. In case of non-compliance with the above-mentioned regulations, the applicable sanctions range from a written warning to a fine amounting from ROL 250,000 to ROL 12,500,000 (c. US$7.5-US$371). The sanctions may be enforced by representatives of the Register or RSS.

  37. However, the above-mentioned regulations cannot apply to private companies. Our conclusion is based on the provisions of Article 3 para 2 of Law No. 14/1992 on the organisation and attributions of RSS (hereinafter "Law No. 14/1992), according to which the RSS is entitled to organise the distribution of correspondence relating to national classified data, inside or outside of Romanian territory.

  38. Moreover, in accordance with the provisions of Article 5 of Law No. 14/1992, the RSS may provide technical assistance to private companies on various matters, including the collection, transportation and distribution of documents concerning official data, in exchange for a negotiable fee.

  39. Thus, the obligation of a private company to ask for the assistance of RSS in order to deliver correspondence relating to trade secrets is difficult to assess. The person empowered by Law No. 182/2002 and GD No. 781/2002 to classify a company's information as a trade secret is the company's manager. Therefore, our opinion is that the same person shall have the authority to decide as to the modalities of collecting, transporting and distributing correspondence relating to trade secrets. Where such correspondence is of significant importance to a company's activities, the managers might well decide to hire the services of RSS.

    Conclusions

  40. The decision to enact a legal framework in order to protect companies' trade secrets was an important step forward, which was made following numerous claims and requests issued by the representatives of private Romanian companies.

  41. The decision was also taken as part of the obligations assumed by the Romanian Government in order to restructure and harmonise national laws with the applicable E.U. laws and regulations on trade secrets protection.

  42. As a rule, the sole manager or the chairman of the board of directors of a private company may officially enlist the documents concerning trade secrets information. A register shall also be drafted in this respect.

  43. Furthermore, the companies' management shall appoint a security person/department in order to supervise the enforcement of the companies' internal procedures on access to trade secrets. Approval of such access shall be made based only on the existence of a special permit, valid up to four years and reproducing the owner's name and attributions. The permit shall be issued after verifications as to the morality and professional background of the owner and following the execution of a confidentiality agreement.

  44. Although the provisions of Law No. 182/2002 and GD No. 781/2002 grant important benefits to the management of private companies, the issuance by the Registrar of certain additional rules would be useful, in order to clarify certain issues remaining unclear. In this respect, reference must be made particularly to the issue concerning the RSS right or obligation to deliver documents relating to private companies' correspondence on trade secrets. Also, the issue concerning the right of the companies' managers to adapt the format of the access permits beyond the sample format used in Addendum 2 to GD No. 781/2002 needs further clarification.

Notes

[1] Presently, the provisions of GD No. 845/2002 were replaced by the provisions of the Emergency Government Ordinance No. 153/2002 on attributions of the National Register for Evidence of Classified Data, as published in the Official Gazette No. 826 of November 15, 2002.

[2] The term of "classified data", as generally used for the purpose of this study, shall include not only national classified data, but also data referring to the company's trade secrets. Law No. 182/2002 provides rules and procedures applicable to both national and company's classified data.

[3] The conclusion was made following the provisions of Law No. 31/1990 on Romanian companies, as modified.

[4] The Romanian identity card system provides each Romanian citizen with a unique registration number, known as the "personal numeric code", starting with an individual's date of birth. Basically, all the identity documents of a Romanian citizen bear the personal numeric code, such as the birth certificate, the identity card, the passport, the driving license or the social security card.

[5] The letter "S" is used as an abbreviation of the word "Secret", having a similar meaning in both English and Romanian.

[6] For the sake of wider comprehension, the English translation of the Romanian original wording "Secret de Serviciu", meaning "trade secret" was used.

AustLII: Feedback | Privacy Policy | Disclaimers
URL: http://www.austlii.edu.au/au/journals/MurUEJL/2003/10.html