Prosecuting Trade Secret Theft: Legal Actions Against Former Employees in the BPO Sector (Philippines)

Introduction: why trade secret theft disputes are rising in remote BPO work

In the Philippine BPO sector, remote work arrangements can increase exposure to unauthorized copying, transfer, or disclosure of proprietary materials—such as source code, system documentation, pricing models, and client/customer lists. When a former remote worker uses or shares these materials after separation, the employer (including offshore companies operating in or contracting with Philippine-based teams) typically considers two urgent remedies: (1) stopping ongoing use or disclosure and (2) recovering damages.

Philippine law recognizes trade secrets as protectable interests and, in court proceedings, recognizes a privilege against compelled disclosure of trade secrets, subject to narrow exceptions. The Supreme Court has also stressed that an employer’s claim that something is a “trade secret” is not automatically controlling; it must be supported by facts that can withstand judicial review.

Governing authorities and where trade secret protection comes from

Evidence and confidentiality in litigation. If litigation requires testimony or production of information that constitutes a trade secret, the Rules on Evidence provide that a person cannot be compelled to testify about a trade secret unless non-disclosure would conceal fraud or otherwise work injustice. If disclosure is ordered, the court must adopt protective measures to balance interests (2019 Amendments to the 1989 Revised Rules on Evidence, A.M. No. 19-08-15-SC, effective 2019, Rule 130, Sec. 26).

Judicial standards for identifying trade secrets. The Supreme Court has held that management’s unilateral labeling of information as a trade secret is not binding on labor tribunals or courts; there must be a substantial factual basis for the claim. This principle appears in trade secret-related labor controversies and is frequently used as a warning against overbroad “confidentiality” labeling (Cocoland Development Corporation v. NLRC, G.R. No. 98458, 1996; as discussed in Air Philippines Corporation v. Pennswell, Inc., G.R. No. 172835, 13 December 2007).

Tests used by courts. In assessing whether information qualifies as a trade secret, the Supreme Court has cited factors such as: how widely known the information is outside the business, internal access limits, measures taken to guard secrecy, the value to the business and competitors, investment in developing it, and ease of independent acquisition (Air Philippines Corporation v. Pennswell, Inc., G.R. No. 172835, 13 December 2007).

What offshore BPO companies usually treat as “trade secrets” (and what courts examine)

In BPO disputes involving remote workers, employers commonly allege trade secret theft involving:

• Proprietary source code (including repositories, scripts, build pipelines, and internal tooling);
• Client lists and customer relationship data (including lead sheets, renewal cycles, and pricing history);
• System architecture and process documentation (SOPs, automation playbooks, QA rulesets);
• Commercial terms (pricing formulas, margin models, bidding templates).

Courts look beyond labels in employment contracts or handbooks. Overly broad policies that treat “anything the company considers confidential” as a trade secret can be treated as vague or unreasonable for disciplinary purposes (Yonzon v. Coca-Cola Bottlers Philippines, Inc., G.R. No. 226244, 10 November 2021).

Pre-litigation priorities: preserving evidence without creating new risks

Before filing suit (or even before sending a demand), a company should assemble a defensible record showing: (a) secrecy measures, (b) unauthorized access or extraction, and (c) threatened or actual misuse. The goal is to be ready for injunction proceedings where time is limited and the court expects organized proof.

Evidence checklist tailored to remote-work trade secret theft

Typical evidence packages include:

• Access logs (VPN logs, SSO audit trails, repository access history, IP addresses, device identifiers);
• Repository and code activity (unusual cloning, bulk download events, branch exports, tokens created pre-resignation);
• Client data exfiltration markers (bulk CRM exports, mass screenshot activity, file sync events);
• Confidentiality undertakings (employment contract, NDAs, IP assignment clauses, acceptable use policy acknowledgments);
• Offboarding records (exit interview notes, device return forms, account deactivation confirmations);
• Indicators of use (competitor product similarities, solicitation messages to clients, mirrored code patterns).

Because courts can protect trade secrets during proceedings, employers should be ready to ask for protective orders or other safeguards when submission of sensitive materials becomes unavoidable (A.M. No. 19-08-15-SC, 2019, Rule 130, Sec. 26).

Litigation roadmap: damages and injunctions

Step 1: define the protectable secret with specificity

A frequent failure point is pleading trade secrets at too high a level (e.g., “our code” or “our client list”). The safer approach is to identify the secret by category and function while minimizing unnecessary disclosure. Courts expect a substantial factual basis for the claim that the material is truly secret and economically valuable, and that reasonable measures were used to keep it secret (Cocoland Development Corporation v. NLRC, G.R. No. 98458, 1996; Air Philippines Corporation v. Pennswell, Inc., G.R. No. 172835, 13 December 2007).

Step 2: plead and prove secrecy measures (the “reasonable steps” story)

Evidence of secrecy measures often determines whether the court treats the material as a trade secret. Typical measures include: role-based access, least-privilege permissions, segmented repositories, watermarking, DLP tooling, monitoring, written NDAs, and consistent enforcement.

Step 3: show wrongful acquisition, use, or disclosure

In remote-work disputes, “wrongful” conduct is often shown through patterns such as bulk downloading shortly before resignation, use of personal cloud storage, copying repositories to external devices, or direct solicitation of clients using internal customer data.

Step 4: seek interim relief to stop ongoing misuse (injunction strategy)

Where there is imminent risk of further disclosure—such as a former worker joining a competitor—companies typically consider immediate court relief to restrain use or dissemination. In disputes involving alleged trade secrets, courts are careful not to compel unnecessary disclosure, and will consider protective measures when disclosure becomes necessary to resolve the dispute (A.M. No. 19-08-15-SC, 2019, Rule 130, Sec. 26; Air Philippines Corporation v. Pennswell, Inc., G.R. No. 172835, 13 December 2007).

Step 5: claim damages with clear causation theory

Damages claims are stronger when paired with a measurable theory, such as: lost contracts tied to a stolen client list, engineering remediation costs, incident response expenses, delayed product releases, or unjust enrichment indicators.

Special topic: handling “client lists” and customer relationships in PH cases

The Supreme Court has recognized that employers may have a protectable interest in customer relationships cultivated by employees during employment, and that managerial employees and fiduciaries have duties of loyalty and fidelity (Molina v. Pacific Plans, Inc., G.R. No. 165476, 20 March 2006). In a BPO setting, this is relevant when a former supervisor or client-facing manager uses internal customer information to divert accounts.

Employment angle: termination for confidentiality breaches and how it affects civil suits

Even when the former employee has already been terminated or has resigned, employment-case doctrines can influence credibility findings and how tribunals view “confidential information” policies. The Supreme Court has ruled that vague or overly broad company rules defining confidential information can be unfair and unreasonable, and cannot automatically justify severe penalties when applied expansively (Yonzon v. Coca-Cola Bottlers Philippines, Inc., G.R. No. 226244, 10 November 2021). Employers should therefore align internal policies with concrete definitions and consistent implementation.

Telecommuting compliance: data protection duties in remote work policies

For employers using telecommuting arrangements, the IRR of the Telecommuting Act requires employers and employees to agree on minimum standards protecting personal information, and requires employers to take measures for data protection in professional use. It also recognizes supplementary application of the Data Privacy Act of 2012 (Department Order No. 202-19, IRR of R.A. No. 11165, 2019, Sec. 5). While trade secrets are distinct from personal data, the same control environment often supports trade secret protection claims (access control, storage limits, and monitoring rules).

What courts may refuse: attempts to label everything confidential

A recurring defense in BPO disputes is that the information was not genuinely secret, was widely known in the industry, or was accessible to many people without restriction. Courts have warned against allowing employers to label almost anything as a trade secret to create a pretext for sanctions (Cocoland Development Corporation v. NLRC, G.R. No. 98458, 1996; Air Philippines Corporation v. Pennswell, Inc., G.R. No. 172835, 13 December 2007). On the employer side, the response is to document real secrecy measures and explain why the information has competitive value.

Table: aligning your “trade secret package” with Supreme Court factors

Supreme Court factor (Pennswell)	What to show in a BPO/source code or client list case
Known outside the business	Proof the codebase/client list is not publicly available; show internal-only access and absence of public release.
Known by employees internally	Role-based access charts; repository permissions; CRM access groups.
Measures taken to guard secrecy	NDAs, AUP, device controls, DLP alerts, USB restrictions, repository policies, offboarding.
Value to the business/competitors	Business impact statements; development cost summaries; competitive analysis; client revenue dependence.
Effort/money expended	Engineering hours; cost of development; training spend; tooling subscriptions.
Ease of independent acquisition	Explain why recreating the code or list is difficult; show uniqueness and time-to-build.

Citation: Air Philippines Corporation v. Pennswell, Inc., G.R. No. 172835, 13 December 2007.

Typical scenarios and recommended responses

• Scenario: developer cloned repositories weeks before resignation. Preserve logs, disable access, identify what was cloned, and prepare a narrowly described trade secret definition plus request for court confidentiality protections.
• Scenario: former account manager solicits clients using internal pricing and renewal dates. Collect client communications and CRM export logs; prepare damages theory based on lost accounts and unfair advantage, consistent with protectable customer relationship principles (Molina v. Pacific Plans, Inc., G.R. No. 165476, 20 March 2006).
• Scenario: employer policy says “all company information is confidential,” and worker shares pay data or general documents. Expect challenges based on vagueness and overbreadth; refine the claim to genuinely secret materials and show why they meet trade secret criteria (Yonzon v. Coca-Cola Bottlers Philippines, Inc., G.R. No. 226244, 10 November 2021).

Final observations and recommendations

For offshore companies in the BPO sector pursuing Philippine litigation against former remote workers, the strongest cases are built early and are built narrowly: identify the secret precisely, show real secrecy measures, and prove wrongful acquisition/use with reliable audit trails. Expect judicial scrutiny of “trade secret” claims, and avoid overbroad definitions that courts may treat as vague or unfair (Cocoland Development Corporation v. NLRC, G.R. No. 98458, 1996; Yonzon v. Coca-Cola Bottlers Philippines, Inc., G.R. No. 226244, 10 November 2021).

When litigation requires disclosure, use the Rules on Evidence to request protective measures so the case can proceed without unnecessary exposure of sensitive materials (A.M. No. 19-08-15-SC, 2019, Rule 130, Sec. 26). For telecommuting settings, reinforce data governance standards consistent with the Telecommuting IRR’s data protection expectations (Department Order No. 202-19, IRR of R.A. No. 11165, 2019, Sec. 5).

About Nicolas and De Vega Law Offices

 Nicolas and de Vega Law Offices is a full-service law firm in the Philippines.  You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines.  You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com.