JAPAN Trends and Developments Contributed by: Makoto Hattori, Rikita Karakawa, Wataru Takagishi and Taku Shibazaki, Abe, Ikubo & Katayama
information asset inventory, classify information from the perspective of high or low importance and confidentiality, and implement tiered protection. • Measures to ensure secrecy management – secre - cy management is the core requirement for a trade secret being recognised as such. In recent judicial precedents, importance is placed on the substance of whether employees are in a “state where they can reasonably recognise the information as a secret”. Therefore, it is necessary to implement a combination of normative measures and techni - cal measures. Examples include clarifying confi - dentiality obligations through employment rules and written undertakings, confidentiality markings on file names and the attribution of digital labels, access restrictions by ID and password, monitor - ing the access status of those scheduled to resign, and periodic e-learning and the preservation of attendance records. The preservation of access logs, training records, and other evidence is not a statutory requirement in itself, but is an impor - tant factual element in assessing whether secrecy management functions effectively in practice. In the AIST case, facility management, login manage - ment, and internal rules were comprehensively evaluated, and secrecy management was affirmed. What is important is whether the measures function effectively in practice. • Response to generative AI and cloud use – the spread of generative AI presents new challenges. The 2025 revised Trade Secret Management Guidelines suggest that, if information input into an external AI service is used for training purposes, secrecy management may be denied. Companies should consider implementing a system whereby information is not used for training in contracts for corporate AI services, where they preserve usage logs, restrict and audit input to external AI through DLP (data leakage prevention) and proxy control, and clearly define categories of information that may be input as well as prohibited items. “Shad - ow AI” constitutes a significant risk to secrecy management, so awareness needs to be raised. Furthermore, in cloud governance, it is necessary to pay attention to data location, access control, and log preservation in accordance with their risk profile and operational standards.
• Information management at business partners – Leakage of trade secrets is not limited to those by internal personnel. Joint research partners and contractors are also major risk factors. The IPA survey shows the reality that many companies are unable to sufficiently grasp the management status of their business partners. In contracts, restrictions on re-entrustment, access management obliga - tions, audit rights, and reporting obligations at the time of an incident should be clearly defined, and monitoring of the information management at busi - ness partners permitted under the contract should be carried out as necessary. • Internal control to avoid infringing on the trade secrets of others – Protection of trade secrets also includes measures to avoid committing infringe - ment of the trade secrets of others. If information illegally taken by a person changing jobs from a competitor is used in-house, the receiving com - pany may also be held responsible. Therefore, written undertakings at the time of hiring, confirma - tion of confidentiality obligations at previous jobs, establishment of a development system using the clean-room method, and set-up of procedures to confirm the source of information should be carried out. The UCPA broadly covers acquisition, use, and disclosure, and civil liability under the UCPA is triggered by malice or gross negligence regard - ing the illicit nature of the disclosure. Furthermore, it should be noted that new legal issues may arise when AI agents autonomously collect information. Emergency response • When one’s own trade secrets are leaked – initial response is extremely important. First, evidence such as access logs, emails, and records on the cloud should be preserved through forensic inves - tigations. Second, civil remedies, such as filing for a provisional injunction, should be considered promptly to prevent the spread of damage. Third, for malicious cases, a criminal complaint should be considered. In Japan, where a discovery system does not exist, there is room to utilise evidence and records obtained by the police or prosecutors in criminal cases for civil cases. • When the trade secret of another is acquired unintentionally – if the trade secret of another is received unintentionally through a new employee,
128 CHAMBERS.COM
Powered by FlippingBook