Header graphic for print

Trading Secrets

A Law Blog on Trade Secrets, Non-Competes, and Computer Fraud

Webinar Recap! How and Why California is Different When it Comes to Trade Secrets and Non-Competes

Posted in Trade Secrets

We are pleased to announce the webinar “How and Why California is Different When it Comes to Trade Secrets and Non-Competes” is now available as a podcast and webinar recording.

In Seyfarth’s eighth installment of its 2014 Trade Secrets Webinar series, Seyfarth attorneys focused on recent legal developments in California trade secret and non-compete law and how it is similar to and diverse from other jurisdictions, which included: a discussion of the California Uniform Trade Secrets Act, trade secret identification requirements, remedies, and the interplay between trade secret law and Business and Professions Code Section 16600, which codifies California’s general prohibition of employee non-compete agreements. The panel discussed how these latest developments impact litigation and deals involving California companies.

As a conclusion to this well-received webinar, we compiled a list of key takeaway points, which are listed below.

  • While California has rejected the inevitable disclosure doctrine, threatened misappropriation can be a viable theory for relief when there is evidence of data theft and intent to use company data.
  • California’s recent appellate decision in Altavion, Inc. v. Konica Minolta Sys. Laboratory, Inc., 226 Cal. App. 4th 26 (2014)  has broadened the scope of trade secret protectable information to include ideas.
  • Federal district courts in California have increasingly elected to enforce forum selection clauses in noncompete agreements of California employees and found that enforcement of such clauses does not violate California’s strong public policy of employee mobility. See, e.g., Hegwer v. American Hearing and Associates, 2012 WL 629145 (N.D. Cal., Feb. 27, 2012) (granting motion to dismiss California action based upon Pennsylvania forum selection law clause – alleged illegality of non-compete irrelevant to enforcement of forum selection clause); Hartstein v. Rembrandt IP Solutions, 2012 WL 3075084 (N.D. Cal., July 30, 2012) (court agrees to enforce Pennsylvania forum selection clause, disregarding ultimate affect that Pennsylvania court will enforce improper non-compete clause against California citizen).
  • The recent decision in Cellular Accessories For Less, Inc. v. Trinitas LLC, No. CV 12–06736 D, DP (SHx), 2014 WL 4627090 (C.D. Cal. Sept. 16, 2014) illustrates that LinkedIn contacts and other social media connections could be protectable as trade secrets If the methods used to compile the contact information are “sophisticated,” “difficult,” or “particularly time consuming.” Nonetheless, the purported trade secret holder will also have to establish that the contacts were not made public.

Our next and final webinar of our series will take place in December. Seyfarth attorneys will have a high-level discussion on protecting trade secrets and intellectual property in business transactions. Details to come at www.seyfarth.com/seyfarth-events

 

Cybersecurity: Coming to an Office Near You

Posted in Cybersecurity, Data Theft

Way back in the 1980’s, there was a very simple way to keep computer information from being stolen. Every disk containing confidential information was locked in a Sargent and Greenleaf safe. 

Of course, even then, there were problems: 22,000 or so 3.5 inch “microfloppy” disks hold the same amount of data as a 32 GB thumb drive can hold today. The safe got a bit full, and it was difficult to find your disk in that haystack.

Now there is the internet, and tablets that are fully-functioning computers, and cellular telephones the size of…tablets. Cell phones can take pictures, record conversations, and send data anywhere in the world.

For example, Stephen Ward of Owensboro, Kentucky sold a digital copy of a confidential manual for the RQ-21A Blackjack drone aircraft to an FBI undercover agent. For more on Mr. Ward’s conviction, see the Yakima Herald article. Of course, some people just give electronic copies of government secrets away, like Edward Snowden and Bradley Manning.

The insider threat to data security, also called “cybersecurity” is no longer somebody else’s problem, nor merely an information technology (IT) problem.  Cyber crimes are everyone’s problem.  And everyone at your company needs to be part of the solution.

This does not mean that everyone must be subjected to lie detector tests or threatened with waterboarding if they accidentally lose their cell phone.  It does mean that everyone must use a little common sense about their use of company resources, and it also means the company should have reasonable IT safeguards.

Many people use workplace-provided laptop computers to do their jobs from somewhere other than the office. That alone isn’t a problem, but having open access to sensitive corporate data via the coffee house wi-fi, or allowing wireless access to proprietary data, might be. Some employees absolutely must have the latest and greatest devices to be more productive. These next-generation devices may also have…the ability to access confidential data without leaving a trace. Then there are personnel that just leave devices lying around unattended.  All of these situations must be addressed.

Because not all data is proprietary, a good place to start is determining what data needs protection.  For example, if your company stores or works with Protected Health Information (PHI), that data probably needs to be secured. Although this step may seem somewhat obvious, in July 2013, four million people had their PHI and social security numbers compromised, and another breach in 2011 affected 4.9 million people.

Once the confidential data is identified, secured storage for that data may be appropriate.  Separate storage that is only accessible by certain employees, or other limitations on access may provide your proprietary data with additional protection. To ensure your secrets remain secret, you may want to do what the CIA and NSA do: encrypt your data. 

No matter how safe the computer systems are, if you have inexperienced or untrained personnel, you have a big hole in your security system. Training your employees how to maintain data security on an ongoing basis should help maintain their awareness that the data is important and needs to be protected.  Update your security training and your security system if new projects or data needs additional protection. 

When you disseminate proprietary information, just because the data is no longer in your control doesn’t mean you shouldn’t take steps to protect it. Secure all data, and record the dissemination that is outside of normal avenues of access. 

In other words, have a cybersecurity program that fits your business. Keep your employees aware of how to maintain security of the data in your systems. And every now and then, make sure that your confidential data cannot be retrieved by a teenager using their newest cell phone.

Or you can go back to the floppy disks and a safe. Kind of difficult to drag that into a business meeting, though.

Non-Compete And Non-Solicitation Covenants Contained In Bovine Artificial Insemination Employment Agreements Held Unenforceable

Posted in Non-Compete Enforceability, Restrictive Covenants, Trade Secrets

Several ex-employees now may compete with their former employer, and may solicit its employees and customers, after a federal judge in the Eastern District of Washington held that the restrictive provisions in their employment agreements are unenforceable. 

The agreements, drafted by the former employer, contained a choice-of-law provision which the former employer tried unsuccessfully to invalidate.  The court also held that a low-level at-will employee’s non-compete covenant lacked sufficient consideration to be enforceable where all he received for signing it was a job offer.  Genex Cooperative, Inc. v. Contreras, Case No. 2:13-cv-03008-SAB (Oct. 3, 2014) (Bastian, J.).

Summary of the Case

Genex was in the business of, among other activities, inseminating dairy cows and marketing bovine semen.  Four of its employees resigned and the next day began servicing its customers on behalf of its competitor.  Genex filed a complaint against all four, seeking in part to enforce non-competition covenants signed by three of the four defendants and non-solicitation covenants signed by two of the four.  The court invalidated all of the covenants on the ground that they were unnecessary in order to provide reasonable protection to Genex or were otherwise contrary to applicable law.  

Choice of Law Provision in Defendant Verduzco’s Agreement.

The employment agreement signed by Verduzco stated that it was governed by Wisconsin law (Genex is incorporated there).   Although the provision was drafted by Genex, the company argued that the court should apply the law of the forum, Washington, for three reasons: (a) Verduzco worked there both for Genex and, subsequently, for its competitor, (b) he signed the agreement there, and (c) Wisconsin law violated “a fundamental policy” of Washington because its judges have the power to blue pencil otherwise unenforceable contracts whereas Wisconsin jurists are not permitted to do so.  Judge Bastian held that judicial discretion to blue-pencil is a “general rule of contract law” in Washington, not “a fundamental policy.”  Therefore, the agreement’s designation of Wisconsin law is enforceable. 

Covenants Not to Do Business with Genex Customers.

Defendant Contreras’ non-compete agreement prohibited him, for one year after termination, from doing business with any Genex customer with whom he had had contact during the 18 months prior to his leaving Genex.  Judge Bastion held that Genex failed “to meet its burden to establish reasonableness of the covenant.”  He noted that “Contreras — who cannot read or write in English — was a low-level agricultural worker with an at-will employment relationship with Genex.”  The question of “Whether non-compete agreements can ever be enforceable against at-will employees, without providing specific consideration such as a promise for future employment or training, is an open question in Washington.”  However, both nationwide and in Washington, a covenant with “an at-will employee who did not have unique or professional skills” is unlikely to be deemed reasonable. 

Verduzco’s covenant prohibited post-termination solicitation of anyone from whom he had sought new or increased business in the last 18 months of his Genex employment.  The court observed that this prohibition forbad him from soliciting prospects who placed no orders with him during those 18 months, and that such a covenant is unenforceable under the law applicable to his agreement, that of Wisconsin.

Defendant Senn’s agreement restricted him, for 18 months after termination, from engaging “in either the artificial insemination of cattle or the sale of semen in the area in which [he] has been employed [by Genex] and rendered service.”  Because, once again, even local dairy farms not previously serviced by Genex were out of bounds, the court held that the covenant was not “necessary for the protection of Genex’s business or goodwill.”

Covenants Not to Solicit Genex’s Employees.

The non-solicitation clause in Verduzco’s employment agreement directed him not “to induce or attempt to induce” any Genex employee to terminate his or her employment with Genex.  Judge Bastian stated that under Wisconsin law a “no-hire” prohibition like that is invalid because it constitutes “a ‘harsh and oppressive’ restriction on the rights of an employee.”

Contreras’ agreement committed him not to “directly or indirectly encourage any Genex employee to terminate his/her employment with Genex.”  The company admitted that this provision was intended to prohibit him from seeking to “inspire” employees to leave Genex’s employ.  The court held this restriction was unenforceable, especially since his “decision to terminate his at-will employment may have inspired the other defendants with the courage to quit as well.”  Emphasis added.

Takeaways

The Genex opinion deals with and resolves a variety of issues.  It teaches that the draftsperson of a rational choice of law provision in an employment agreement has an uphill battle trying to avoid it.  Further, the opinion tells us that employers should be wary of trying to enforce covenants signed by low-level employees or those without separate, meaningful consideration.  Finally, restrictive employment covenants are less likely to be enforced if they are intended to expand the prohibitions beyond those necessary to provide the former employer with reasonable protection. 

Please Join Us for an In-Person Seyfarth Shaw Briefing: Trade Secret Protection Best Practices

Posted in Data Theft, Restrictive Covenants, Trade Secrets

Who Should Attend:  In-house counsel, IT professionals, HR professionals, Privacy professionals, corporate executives, risk managers, and directors.

When & Where: This program will be held at three different locations.

November 13th at Seyfarth Shaw’s San Francisco Office (lunch and registration will begin at 11:30 a.m., program will begin at noon and go until 1:30 p.m.).

November 18th at Seyfarth Shaw’s Los Angeles – Century City Office (lunch and registration will begin at 11:30 a.m., program will begin at noon and go until 1:30 p.m.).

December 3rd at the Westin Palo Alto in Palo Alto (breakfast and registration will begin at 8:30 a.m., program will begin at 9:00 a.m. and go until 1:30 p.m.).

In today’s highly mobile and competitive world, employees frequently move between companies within the same industry.  Rarely a day goes by without a news report of another high-profile theft of important data from a company, or the loss of key employees to competitors.

Employee mobility, coupled with the digitalization of company assets, has increased the need for creative and thoughtful protections of valuable company data.  It has become extremely easy for employees, especially disgruntled or irresponsible ones, to take and disseminate confidential information to the detriment of their current and former employers.  The need to protect company trade secrets and other confidential data against departing employees and to follow best practices when hiring a competitor’s employees has never been greater.

Seyfarth attorneys Robert Milligan and Jim McNairy will be joined by Jim Vaughn of iDiscovery Solutions, Kathleen Deibert of Intel, and Joshua Kagan of PCH International, to present a lively discussion that focuses on:

Best practices when hiring new employees: 

  • Proper employee onboarding — a cradle to grave approach
  • Employing effective non-disclosure and invention assignment agreements and computer access and bring your own device policies

Best practices for protecting your company when employees depart:

  • Proper exit interview techniques and certifications
  • Reducing risk of disclosure of trade secrets in social media and via online repositories and other electronic means
  • Identifying the unauthorized taking/disclosure of trade secrets through the use of digital forensics

Discussion of recent cases/legislation:

  • The current circuit split on the Computer Fraud and Abuse Act
  • Trade secret preemption
  • Forum selection/choice of law clauses

High level strategies for addressing California’s prohibition on non-compete agreements

Registration: Attendance is limited to enable attendee participation so please RSVP as soon as possible. There is no cost to attend, but registration is required and seating is limited. This program is designed for company representatives and not outside counsel.

For questions, please contact Seyfarth Events at events@seyfarth.com and reference this program.

Customer Non-Solicitation Covenant Runs From Date Employment With Asset Seller Terminated, Not From Later Date Employment With Asset Purchaser Ended

Posted in Non-Compete Enforceability, Practice & Procedure, Restrictive Covenants, Trade Secrets

An employee executed an employment agreement which included a two-year covenant not to solicit the employer’s customers.  When the employer sold the company’s assets, the sale included that agreement.  The employee then went to work for the assets purchaser but subsequently resigned.  The Texas Appellate Court held that the two-year period began to run on the date the assets seller ceased to be the signer’s employer.  Lasser v. Amistco Separation Products, Inc., No. 01-14-00432-CV (Tex. App. Court, Oct. 2, 2014).

Summary of the Case

The employment agreement between Lasser and the assets seller, ACS, included a confidentiality provision as well as the non-solicitation covenant.  Lasser worked for the assets purchaser, Amistco, for 15 months and then resigned, accepting a job with its alleged competitor.  Amistco sued and sought a preliminary injunction.  The trial court’s first injunction order was dissolved by the Texas Court of Appeals because of a lack of specificity.  After the lower court issued a more detailed order, the appellate tribunal affirmed as to confidentiality but dissolved the non-solicitation injunction, holding that the covenant expired two years after Lasser left ACS’ employ. 

Chronology

Lasser’s employment with ACS terminated on February 29, 2012.  He went to work for Amistco the next day and remained employed by that company until June 1, 2013.  He immediately went to work for Woven Metal Products which assigned him to head a new division that allegedly competed with Amistco. 

Amistco’s lawsuit and first injunction motion

Amistco promptly sued Lasser, claiming that he was about to violate the confidentiality provision and non-solicitation covenant in his ACS employment agreement.  Amistco moved for entry of a preliminary injunction against Lasser’s (a) solicitation of Amistco’s customers, and (b) use of Amistco’s trade secrets and confidential information.  The trial court entered the injunction, and Lasser appealed. 

Two Appeals

Early in 2014, the appellate court reversed the injunction order on the ground that it was insufficiently specific (Lasser I).  Amistco then moved for entry of a more detailed preliminary injunction which the trial court entered.  Lasser appealed again.  Last week, the appellate court affirmed the injunction order insofar as it related to confidentiality but reversed the remainder of the order, holding that the non-solicitation clause lapsed on March 1, 2014 (Lasser II).

The holdings in Lasser II.  

(a) The holding regarding the non-solicitation clause.  The appeals court held that Lasser covenanted with ACS not to solicit its customers for two years after termination of his employment.  By the time Lasser II was decided in October 2014, the non-solicitation prohibition had expired and no longer was enforceable.

(b) The holding regarding the confidentiality clause.  After Lasser left Amistco, that company retained a computer forensics expert to analyze Lasser’s company computer to determine whether he had downloaded any of Amistco’s trade secrets.  The expert concluded that Lasser had taken with him more than 1000 confidential Amistco files.  On appeal, Lasser denied that the files contained secret data.  He also challenged the second injunction as insufficiently specific. 

The first injunction restrained Lasser simply from “using, . . . [or] directly or indirectly disclosing, copying or otherwise reproducing, or giving others access to any of [Amisco’s] confidential information and trade secrets.”  Commenting in Lasser I that “the order neither defines nor in any manner indicates from its context the meaning of the phrase ‘confidential information,’” the Court of Appeals held that the injunction was “not sufficiently clear to provide Lasser with adequate notice of what acts he is compelled to complete and what conduct he is restrained from performing.  In other words, he is left to speculate what conduct might satisfy or violate the order.  This is impermissible.”

The trial court’s second injunction identified two dozen categories of “confidential information and trade secrets” that were the subject of the order.  In Lasser II, the Court of Appeals held that “The specific examples of the items comprising ‘trade secrets’ and ‘confidential information,’ when read in the context of the suit, provided Lasser with adequate notice of the information that he is prohibited from using or disclosing.”

Takeaways

Assignment of Lasser’s employment agreement provided Amistco (a) a cause of action to prevent his disclosure of confidential information, but (b) no defense against his post-termination solicitation of Amistco’s customers.  In order to protect against such soliciting, apparently, Amistco would have had to obtain its own covenant from Lasser.

“Bridgegate” Triggers Proposed Expansion of New Jersey Whistleblower Protections

Posted in Practice & Procedure, Restrictive Covenants, Trade Secrets

By Ada W. Dolph, Robert T. Syzba and Jade Wallace

In an effort to preempt another “Bridgegate” scandal, New Jersey State Senator Loretta Weinberg has sponsored a bill to extend whistleblower protection to employees who disclose incidents of wasted public funds, governmental abuse, or gross mismanagement. On October 9, 2014, the New Jersey Senate’s Labor Committee approved Bill S-768, which, if passed, will significantly expand New Jersey’s Conscientious Employee Protection Act (“CEPA”).

Last year, in a scandal dubbed “Bridgegate” by the media, Governor Chris Christie and his administration were accused of ordering a number of lane closures on the George Washington Bridge. The lane closures caused massive traffic jams that gridlocked Fort Lee, New Jersey (home of the New Jersey side of the bridge) during the morning rush-hour on Monday, September 9, 2013, which was Fort Lee’s first day of school. Christie’s administration was accused of retaliation against the Mayor of Fort Lee, Mark Sokolich, for not supporting Christie in New Jersey’s 2013 gubernatorial election. As co-chair of the Legislative Select Committee on Investigation and a representative of Bergen County (home of Fort Lee), Senator Weinberg was a natural choice to propose legislation intended to preclude another “Bridgegate.”

The proposed bill would expand CEPA, New Jersey’s whistleblower protection statute. CEPA currently protects employees against employer retaliation when they disclose, testify, or refuse to participate in actions by their employer that are criminal or fraudulent, or that risk public safety and health. S-768 broadens employee safeguards by adding protection for employees who report waste of public funds or abuse or gross mismanagement of government authority. The bill defines “abuse of authority” as “a pattern of illegal, malicious, fraudulent, arbitrary or capricious actions” by a government employer “in a manner clearly deviating from the standard of care or competence that a reasonable person would observe in the same situation.” “Gross mismanagement” is defined as requiring negligence or incompetence that has a “substantial adverse affect on the operations, clients, customers or employees” of the government agency.

Passed by the committee with a 3-1 vote, the bill now moves forward to the full Senate for consideration. Although the proposed bill’s direct impact is limited to public employers, quasi-public and private employers should nevertheless be mindful of these efforts to expand CEPA, which pattern efforts across the country to increase protections for whistleblowers, especially in connection with drafting and enforcing non-disclosure obligations.

 

Seyfarth Attorneys Facilitate Discussion On Trade Secret Protections and Legislative Developments in US and EU at ITechLaw 2014 European Conference

Posted in Data Theft, International, Legislation, Trade Secrets

Seyfarth IP, International and Trade Secret Attorneys are participating in the ITechLaw 2014 European Conference in Paris, France this week.

ITechLaw is a not-for-profit organization established to inform and educate lawyers about the unique legal issues arising from the evolution, production, marketing, acquisition and use of information and communications technology.

Seyfarth partner Robert Milligan, an ITechLaw Member of the Board of Directors, will facilitate a discussion with some of the over 300 international attorneys in attendance on “Trade Secret Protections and Legislative Developments in the US and EU,” on Friday, October 17th.

Trade secrets and proprietary information are an often overlooked form of intellectual property in some countries or not considered intellectual property in others. Nevertheless, many companies derive tremendous value from such information, and litigation often ensues when misappropriation or breach occurs. Additionally, advances in technology continue to facilitate and encourage the proliferation of information.

The discussion will cover the latest developments in the United States and EU to enhance trade secret protections, including the proposed federal legislation to create a civil cause of action for trade secret misappropriation in federal court and the EU Directive to increase the trade secrets protections afforded to companies with operations in the EU which may greatly enhance cross-border certainty and uniformity across Europe.

The IP workshop will discuss the proposed legislation, the various interests involved, and the pros and cons of such legislation, its chances of success, and it will facilitate a lively discussion of the basic principles any legislation should contain. The discussion will also address whether increase protections for trade secrets will stifle creativity and employee mobility.

The outcome of the discussion will provide a critical assessment of trade secrets, how they are presently protected, and how the United States and Europe are proposing to increase protections for trade secrets, as well as a greater insight on the pros and cons of providing greater protections for trade secrets, while still promoting creativity and innovation.

For reference, please find a discussion paper prepared on these issues for the presentation.

Seyfarth will have a staffed table at the event, Seyfarth attorneys Ilan Barzilay, Ming Henderson, and Robert Milligan are scheduled to attend and participate. For more information, please click here.

Pythagoras and the Geometry of Intellectual Property: Where Do Trade Secrets Fit In?

Posted in Practice & Procedure, Trade Secrets

Most people stop taking math in high school.  Geometry was often the culprit that either made someone enjoy solving problems involving Greek letters or become completely disinterested.  All those arcs and triangles…how does any of that apply to life as an attorney?

Well, here comes another geometry lesson: the Venn Diagram of intellectual property (IP), once thought to have only a minimal intersection between patents and trade secrets, may now include copyrights, and possibly trademarks, as protectable through trade secret law. 

Where did this new math come from?

The California Court of Appeal, in Altavion, Inc. v. Konica Minolta Systems Laboratory Inc., held that ideas can be protectable as trade secrets.

Contrary to the Court’s opinion in Altavion, patents do NOT protect “ideas.” Patentable subject matter is limited to: new and useful processes, machines, articles of manufacture, or composition of matter, or any new and useful improvements thereof. Abstract ideas are specifically excluded from patent protection.

Lexicography aside, the Court of Appeal relied, at least in part, on the definition of a trade secret as “information” to determine if an idea (whatever the court meant by “idea”) can be protected.

The Uniform Trade Secrets Act (UTSA), adopted in California as Civil Code § 3426 et seq., “creates a statutory cause of action for the misappropriation of a trade secret.” The statute defines a trade secret as “information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (1) Derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and (2) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”

The Court of Appeal concluded in Altavion that “if a patentable idea is kept secret, the idea itself can constitute information protectable by trade secret law.” The logic of Altavion suggests that secrets that are legally protectable elsewhere could fall under the definition of “information” in California even absent that other protection. Perhaps I should keep this secret.

Don’t lawyers apply the holding in one case to the facts in another case to show the court why one side should win?  Wouldn’t Altavion’s exact holding apply to, say, facts involving “an expressible form of an idea or information that is substantive and discrete?”

The (summary judgment) argument might go: since an idea is protectable as a trade secret, and information is protectable as a trade secret, a substantive, discrete, expressible form of an idea or information must be protectable as a trade secret.

In the vernacular of a mathematical proof, “quid erat demonstratum.” 

By the way, a substantive, discrete, expressible form of an idea is … a copyright.

Would a trademark-eligible logo (isn’t a logo just a “pattern”?) or character development in a script (a “compilation”?) provided to another under reasonable secrecy also be protected under the USTA? 

Who was that Pythagoras guy again?

Trade Secret Attorneys Discuss Latest Issues in Trade Secret Litigation in Corporate Disputes Magazine

Posted in Cybersecurity, Data Theft, Espionage, International, Legislation, Privacy, Social Media, Trade Secrets

On October 1, 2014, Michael D. Wexler and Robert B. Milligan, partners and co-chairs of Seyfarth Shaw’s Trade Secrets, Computer Fraud & Non-Competes practice group participated in a Q&A mini-roundtable from Corporate Disputes Magazine on current trends in trade secret disputes and the steps companies can take to reduce these disputes.  Below are fielded questions from the Seyfarth Shaw Reprint of Corporate Disputes Magazine, OCT-DEC Issue. We hope you find this informative.

CD: Could you provide a brief snapshot of current trends in trade secret disputes?  Do companies need to be more aware of the potential risks in this area?

Milligan: Data theft of valuable company trade secrets through the use of portable electronic storage devices is occurring more and more, as is theft through cloud storage.  We are also seeing an increase in more sophisticated hacking of company networks to obtain proprietary data by organised crime and foreign companies or states.  Technological tools and employee use of personal mobile devices such as smartphones and tablets have given rise to a parallel trend of employers allowing – or requiring – their employees to use their own personal mobile devices at work.  This ‘Bring Your Own Device’ (BYOD) movement can provide benefits to employees and employers, such as convenience, greater flexibility and productivity, as well as cost savings.  However, BYOD programs can also create risks for employers.  Companies need to be aware of potential data security issues, BYOD policies in a unionised workforce, employee privacy concerns and intellectual property issues.  Moreover, the recovery of stolen information and workplace investigations can be hampered by employee-owned devices, not to mention challenges in litigation when trying to gain access to such devices where privacy considerations are often leveraged.  Additionally, attacks on reasonable secrecy measures – part of the definition of a trade secret – is also on the rise: one court recently ruled that password protection alone was not enough to demonstrate reasonable secrecy measures.

Wexler: Further, like the EU, the United States is considering enhancing trade secret protections through additions to its laws.  There are two bills pending in the United States Congress to create a civil cause of action for trade secret misappropriation in federal court.  If passed, the legislation would provide companies with an additional forum and remedy to combat trade secret theft.  With the increasing accessibility of data from a variety of electronic devices and threats by insiders and outsiders, companies also need to be more aware of potential risks to their data and ensure that they have appropriate policies and agreements in place with employees, vendors and business partners, as well as top of the class data security protections.

CD: How severe is the threat of losing trade secrets to a departing employee or departing executive?  What are some of the common scenarios in which trade secrets can be compromised in this manner?  Does the threat level change depending on the size of the company – small cap, mid cap, Fortune 50?

Wexler: The threat of losing trade secrets to a departing employee is real and not a matter of if, but when.  Prudent companies will make sure that they have appropriate processes in place to address the threat when it occurs.  As today’s businesses meet the challenges of intensifying global competition, a more volatile workforce and information being transmitted at an unprecedented speed, they also face a greater risk of losing their valuable proprietary information to theft, inadvertent disclosure or coordinated employee departures.  At a minimum, failure to take both proactive and immediate reactive measures could result in significant loss of profitability and erosion of an established employee and customer base.  The threat of losing trade secrets to a departing employee or executive is enhanced if you don’t have appropriate policies and agreements in place to prevent such theft or hold employees accountable for their unlawful conduct.  And it can happen so easily and rapidly: one thumb drive can carry millions of pages of proprietary information and company information transferred to a personal email account or in a personal cloud all pose means for theft.

Milligan: Just look at recent headlines involving some of the world’s largest companies who have seen their proprietary information compromised by insiders and outsiders.  The crown jewels of many companies are at risk, and millions of dollars are in play.  Lack of market secrecy measures, sloppy practices including poor supply side protections, lack of employee education and stale agreements and policies, poor security and different standards for executives who say one thing and do another are all common scenarios that put a company at risk.  Common scenarios in which trade secrets can be compromised include letting an employee take company data when he or she leaves.  Another red flag scenario is not utilising non-compete or non­disclosure agreements.  There can also be scenarios where the particular industry is highly competitive and competitors are willing to take the enhanced risks to acquire the business or technology.  In such scenarios, companies need to make sure they have in place appropriate onboarding and off-boarding practices and procedures, and use the appropriate agreements so they are not exposed.  In our experience, the threat level does not necessarily change depending on the size of the company, but the magnitude of harm may increase.  The larger the company, the more information to protect and the more employees and third parties to regulate and police.  But small and mid-cap companies have similar concerns because they oftentimes have innovative technology that competitors or other third parties want, so these companies can also be vulnerable.

CD: What steps can companies take during the hiring process to reduce the threat that it may later be sued for trade secret misappropriation – particularly executives or those employees with higher level access to sensitive IP assets?

Milligan: Companies need to have a thoughtful, proactive process in place when hiring employees from competitors that is calculated to ensure that new employees do not violate their lawful agreements with their former employers, including using or disclosing their former employers’ trade secrets, and retaining any of their former employers’ property.  It is important to regulate who interviews the job candidate and evaluate the candidate’s non-compete or confidentiality agreement.  Advise company personnel who are interviewing the candidate not to ask about a competitor’s confidential information during the hiring process.  Focus the interview on the recruit’s general skills and experience in the industry.  It’s also important not to disclose company trade secrets to the candidate – be careful of the access permitted to the candidate.  Candidates for employment should sign certifications that they will not disclose any trade secrets of their current employer.  Additionally, make sure you analyse a recruit’s agreements in advance of an offer being made.  Should the candidate accept an offer, provide clear instructions to the employee that you don’t want the former employer’s trade secrets or property and use agreements with the employee documenting the same.  There are unique issues surrounding the retention and departure of high-level executives, particularly related to non-compete and trade secret issues.  Since businesses can become targets of trade secret-related lawsuits if they hire executives and senior management who have worked at a competitor and misappropriate trade secrets or otherwise violate their restrictive covenants, it’s important for companies to conduct due diligence on prospective employees and make sure that they have thoughtful plan in place before bringing on any high risk hires.

Wexler: Simple steps such as retaining hard drives when an employee leaves and inspecting computers, devices, cloud storage, and e-mail accounts can alert an employer to theft of information.  More sophisticated methods such as forensic exam and monitoring software can also detect theft.  Most of all, create a culture in which recruits and new employees are told ‘we do not want anything from your prior employer’.  Some additional best practice considerations follow below.  Do not allow a recruit to do any work for your company until he or she has left his or her prior employer.  Assist the employee in announcing the change in employment upon commencement of employment as appropriate.  Focus on making the transition as smooth as possible for the current employer and encourage the departing employee to give proper notice and work out a mutually agreeable transition schedule with his or her current employer.  With respect to the employee’s new position, don’t put the employee in a position in the company where he or she will necessarily need to reveal trade secrets.  Finally, HR personnel needs to follow up with the employee to make sure that she is following her agreements and not pushing the envelope, and also follow up with managers to make sure the employee is doing the same.

CD: In what ways is the technology now available to employees changing the playing field in terms of loss or theft of trade secrets?

Milligan: The constant evolution of technology, particularly in mobile devices, data storage and security, and social media, has created legal challenges for companies and the playing field has changed tremendously.  Portable electronic storage devices, online data storage and personal email are available to employees for nominal to no expense and can provide the means to trade secret theft.  Additionally, business leaders often want data and information immediately and often want to make it accessible to various constituents, but companies don’t necessarily keep up with the latest security in protecting such data.  Companies need to stay on top of technology, including the latest in data storage and security and storage devices.  Hacking of computers and mobile devices is more of a concern these days, and more mobility for employees also means more potential security issues for companies.  Companies also need to stay on top of social media.  Given its rapid and somewhat haphazard growth, social media carries with it a set of issues that traditional avenues of trade secret disclosure do not.  For instance, unlike the departing employee who knowingly takes with him a box of documents, the relaxed and non-professional environment of social media sites could lead to employees disclosing confidential information without even realising they are doing so.  Exposure of confidential company information and employee privacy rights are all issues that companies are now struggling with.

Wexler: Social media privacy legislation has become increasingly common in the United States and often impacts trade secret investigations.  Issues related to social media privacy in the workplace are not going away and we expect to see more disputes to define acceptable practices in this area.  In light of this uncertainty, employers should determine whether their company has employees in any of the states that have adopted or are planning to adopt social media privacy laws in order to ensure compliance with such laws.  Employers should also be aware that state laws may restrict requests for information about such activity.  Counsel should review the applicable state social media access law before asking an employee for any account-related information.  Additionally, employers should not overlook social media evidence in conducting employee investigations, and trade secrets and restrictive covenant lawsuits, but make sure that their company’s review and access of such information does not violate applicable law.

CD: How can companies avoid trade secret misappropriation and what should they do if they suspect misappropriation has occurred?  What forensic investigation options might be available?

Wexler: Apart from civil liability, the Economic Espionage Act makes it a federal crime to steal trade secrets, and companies can be liable if they hire employees who misappropriate trade secrets for their new employers’ benefit.  Make sure your executives know the importance of playing by the rules.  Employers can best avoid trade secret misappropriation with solid hiring practices and strong off-boarding procedures which are calculated to protect trade secrets and honour lawful agreements, coupled with effective ongoing employee training on trade secret protection and fair competition.  Protecting your company information is critical to avoid trade secret misappropriation, and companies should work with their outside counsel to create solid policies and agreements, and solutions for onboarding to avoid exposure on restrictive covenants and trade secrets.  It’s also crucial to know your business partners, and have them vetted, so that they don’t expose your valuable trade secrets.  Critical to any trade secret matter is the thorough investigation of what, if any, wrongdoing occurred.  Companies should work with legal counsel who is experienced in conducting such investigations.  Comprehensive interviews and a review of relevant files, emails and workspaces are often the starting points of a competent investigation.

Milligan: We also regularly collaborate with forensic experts and computer specialists to find out how secrets were taken, and by whom, and to preserve any evidence necessary to future litigation.  It is important to preserve data, review emails and talk to relevant witnesses to interpret the forensic data.  A digital forensics examination often includes collecting and analysing artefacts from the operating system, internet history, and unallocated space.  Routine e-discovery does not typically delve into questions about the source computer or storage device and ESI, although e-discovery may uncover the need to ask questions related to internet history, webmail, cloud storage, mobile devices and phone back-ups, and removable devices.

CD: How should companies interact with criminal prosecutors and federal/state law enforcement to complement civil claims for trade secret misappropriation?

Milligan: Private companies can investigate misappropriation claims and provide information to authorities for purposes of prosecuting Economic Espionage Act or Computer Fraud & Abuse Act claims as well as similar state criminal laws, but businesses need to be aware of two important points.  First, allowing law enforcement access to the business can be a double edged sword creating interference with operations and disclosure of more information than the business may want.  Second, when conducting an investigation, be certain to follow accepted forensic practices and chains of custody in collecting information.  In sum, ensure that you have your house in order so you don’t become the target of an investigation.  When considering criminal prosecutions, always be cognizant of the ethical rule required of attorneys that generally prohibits threatening or initiating criminal proceedings to gain an advantage in a civil proceeding.  Consultation with criminal authorities should be done in secrecy and ideally by non-attorneys so as not to run afoul of ethical rules.  However, note an attorney can have contact with authorities; it is not prohibited in and of itself.

Wexler: It should also be noted that criminal prosecutors may make a request regarding the secrecy of the investigation or to hold off taking certain actions in the civil matter — or pursing the case altogether while the criminal case is ongoing — as they are focused on the criminal matter whereas a company and its counsel may be focused on the civil matter and damages.  These differing interests can collide at times, so coordination is key.  No private right of action exists yet under the Economic Espionage Act.  The US Senate and House are currently considering legislation on this issue.

To view the full Article, click here.

Webinar Recap! Protecting Trade Secrets: The Current Landscape, Top Threats, Best Practices for Assessing and Protecting Trade Secrets, Proposed Legislation and Future Scenarios

Posted in Cybersecurity, Data Theft, Espionage, Trade Secrets

We are pleased to let you know that the webinar “Protecting Trade Secrets: The Current Landscape, Top Threats, Best Practices for Assessing and Protecting Trade Secrets, Proposed Legislation and Future Scenarios” is now available as a podcast and webinar recording.

Robert B. Milligan, partner and co-chair of Seyfarth Shaw’s Trade Secrets, Computer Fraud & Non-Competes practice group, Daniel Hart associate in Seyfarth’s Atlanta office and member of the Trade Secrets, Computer Fraud & Non-Competes practice group along with the Center for Responsible Enterprise and Trade, CREATe.org’s CEO Pamela Passman and Marissa Michel, Director in PriceWaterhouseCoopers’ Forensic Services Group took a rigorous look at the issue or trade secret theft and discussed insights from a recent PwC – CREATe.org report: Economic Impact of Trade Secret Theft: A framework for companies to safeguard trade secrets and mitigate potential threats.

As a conclusion to this well-received webinar, we compiled a list of key takeaway points, which are listed below.

  • Theft of trade secrets poses a substantial threat to companies throughout the world and will likely remain a significant challenge in the next 10-15 years as companies face increasing threats from competitors, malicious insiders, nation states, transnational organized crime, and hacktivists.
  • Companies should carefully assess their existing trade secrets portfolio and the steps needed to protect their trade secrets by following a detailed and comprehensive 5-step framework: (1) identifying their trade secrets, (2) assessing the threats to their trade secrets portfolio and possible exposures, (3) analyzing the relative priorities of their trade secrets to assess which trade secrets require the highest level of protection, (4) assessing the likely economic impact that would be caused by a theft of trade secrets, and (5) secure the trade secrets portfolio by implementing a management system (including policies, protocols, training, and other measures across the organization).
  • Effective protection of trade secrets requires a coordinated and deliberative effort across all business units in a company, including IT, HR, legal, and other business leaders.  The only way to effectively protect a company’s trade secrets portfolio is to carefully analyze the threats to the company’s trade secrets and thoughtfully develop a comprehensive and customized strategy with buy-in from all stakeholders across the organization.

Please join us for our next webinar on October 28, How and Why California is Different When it Comes to Trade Secrets and Non-Competes