shutterstock_519689296Seyfarth Shaw is pleased to announce the launch of Carpe Datum Law, a one-stop resource for legal professionals seeking to stay abreast of fast-paced developments in eDiscovery and information governance, including data privacy, data security, and records and information management. Seyfarth’s eDiscovery and Information Governance (eDIG) practice group created Carpe Datum Law to serve as a timely and unique resource for executives and corporate in-house counsel to obtain reports on developments, trends and game-changing decisions in these data-driven areas of the law.

Click here to access the new Carpe Datum Law blogsite.

The Carpe Datum Law blog takes a comprehensive view of the legal and practical aspects of corporate data challenges, reflecting the broad strength across the spectrum of data law by Seyfarth’s veteran 14-lawyer eDIG practice group, which has served clients since 2004. Regular readers will benefit from its comprehensive perspective and guidance on how the law is adapting to the interrelated challenges of keeping corporate data secure and in compliance with data privacy laws, adapting to new best practices in information governance, and maintaining defensible data preservation, collection and review when eDiscovery is required.

Carpe Datum Law is a must-read for anyone expected to stay ahead of the curve on how best to manage the growing risks in these areas, in particular:

  • C-Level Executives whose portfolios of responsibility include managing risks with respect to their corporate data
  • In-House Counsel responsible for eDiscovery, data and cybersecurity, data privacy compliance and/or the enterprise’s information governance
  • eDiscovery, IT, IT Security and Privacy Managers who work closely on these issues with their organization’s executives and legal teams
  • Consultants, Academics and Thought Leaders who must stay up-to-speed on legal developments in order to serve their organizational clients

Whether steering policy or implementing it, Carpe Datum Law provides well-informed news and analysis that will keep you and your team up-to-speed. From judicial decisions implementing the new eDiscovery amendments to the Federal Rules of Civil Procedure to guidance on compliance with the upcoming European Union General Data Protection Regulation, Carpe Datum Law provides the news and seasoned analysis you would expect from Seyfarth’s eDIG group.

Carpe Datum Law can be accessed at www.carpedatumlaw.com.

shutterstock_413782369There were significant developments and a near miss in trade secret and restrictive covenant law both federally and in Massachusetts in 2016, including the passage of the federal Defend Trade Secrets Act and the failure again of the Massachusetts legislature to pass noncompete reform legislation.  In addition, the Obama White House issued a “Call to Action” with respect to noncompete agreements in its waning days.  Understanding the impact of these changes, and what to expect in 2017, will help your company safeguard its most valuable assets and maintain its advantage over competitors.

On Wednesday, December 14th at 8:00 a.m. Eastern, the Boston office is hosting a Breakfast Briefing entitled “Change is in the Air: 2016 Developments in Trade Secret and Restrictive Covenant Law in Massachusetts and Beyond, and What to Expect in 2017.” Attorneys Katherine Perrelli, Erik Weibust, and Dallin Wilson will discuss recent developments in restrictive covenant and trade secrets law, and what to expect in 2017.

The program will focus on practical responses to the following issues and questions:

  • What you need to know about the federal Defend Trade Secrets Act of 2016
  • What to expect with respect to noncompete reform in Massachusetts in 2017
  • What does the White House’s Call to Action mean for Massachusetts businesses, and will it stick with the new Administration?
  • Important decisions of 2016 in Massachusetts and beyond

register

There is no cost to attend but registration is required and seating is limited. Members of the general counsel’s office, HR professionals, corporate executives, risk managers, and directors are invited to attend. The breakfast briefing will take place from 8:00 a.m. to 10:00 a.m. Eastern at Seyfarth’s Boston office: Two Seaport Lane, Suite 300, Boston, MA 02210.

webinarOn Tuesday, December 13, at 12:00 p.m. Central, Seyfarth attorneys, James McNairy and Justin Beyer, joined by computer forensics expert Jim Vaughn of iDiscovery Solutions, will present the final installment of the 2016 Trade Secrets Webinar Series. This program will provide attendees with best practices for assembling the evidence most often needed to prosecute a claim for misappropriation of trade secrets.

Topics covered will include:

  • Preventative measures to alert companies of potential trade secret theft
  • Once theft is suspected, steps for identifying and preserving evidence
  • Considerations for deciding on forum and state vs. federal court
  • Injunctive relief: what to seek and how to be effective
  • Early discovery: foundation for preliminary injunction and fleshing out case theme

Please join us for this informative webinar.

register

shutterstock_526574593On October 27, 2016, the Fort Worth Court of Appeals affirmed a lower court’s order denying an application for temporary injunction seeking to enjoin Thomas Musgrave, the former president of Henry F. Coffeen III Management, Inc., d/b/a Coffeen Management Company (“CMC”), from competing with and soliciting its business. By doing so, the court emphasized the importance of carefully drafting noncompete and nonsolicitation provisions in employment agreements to ensure that an employee’s post-termination activities remain subject to the restrictive covenants.

CMC is an insurance agency that sells insurance products to car dealerships. Musgrave began working for CMC in 2011 as an independent contractor and, as its president, was responsible for managing CMC’s day-to-day operations. Musgrave signed a “Non-Compete Agreement” barring him from competing with CMC or soliciting its customers for a specified term. In August 2015, Musgrave began travelling to New Mexico to visit Tate Branch Automotive (“TBA”), a CMC client that owns several car dealerships. A short time later, Musgrave started assisting TBA with acquiring car dealerships. In December 2015, Musgrave resigned from CMC, but he continued to advise TBA on the acquisition of car dealerships.

On the heels of Musgrave’s resignation, CMC filed a lawsuit against him in Texas state court for, among other things, breach of contract based on the noncompete and nonsolicitation provisions he signed, and sought a temporary restraining order and temporary and permanent injunctions. The trial court granted CMC a temporary restraining order, blocking Musgrave from soliciting or marketing any products or services that comprise part of CMC’s business to specified clients of CMC, including TBA. Shortly thereafter, the trial court, following a hearing, denied CMC’s application for a temporary injunction, finding, inter alia, that the Non-Compete Agreement was unsupported by consideration and lacked geographical boundaries.

On interlocutory appeal, CMC maintained that the term of the restrictive covenants applied for two years from the date of Musgrave’s resignation in December 2015; therefore, it established a likelihood of success on the merits of its breach-of-contract claim. The court of appeals began its analysis by reciting the text of the Non-Compete Agreement, which provided that Musgrave would remain subject to the restrictive covenants “[d]uring the Term of this Agreement and for a period of two (2) years after the ‘CMC Account Development Sub Agent Agreement’ is terminated.” Despite being capitalized, the word “Term” from the Non-Compete Agreement was undefined. The court reasoned that because the covenants specify the restrictions expire two years after the termination of the “CMC Account Development Sub Agent Agreement,” and it was undisputed that Musgrave, as an independent contractor and president of CMC, was not a subagent or sales representative, the noncompete period was inapplicable, so the provisions at issue never restricted Musgrave’s post-termination conduct. Accordingly, CMC did not show a probable right to recovery on its contract claim, and thus, the trial court did not abuse its discretion in denying CMC’s application for temporary injunction.

The court reached this result even though the findings of fact supporting the trial court’s order did not rest on the ground that the noncompete period was inapplicable. According to the court, it was unconstrained by the lower court’s findings because “[t]he trial court’s stated reasons for denying CMC’s application for temporary injunction do not meet the requirements of civil procedure rule 299a [which requires that findings of fact be separately filed from the judgment or order] and do not control the outcome of this case.” Thus, the court effectively reviewed the trial court’s order based on the legal fiction that no findings of fact were made, such that it was free to uphold the trial court’s decision on any legal theory supported by the record—even one not embraced by the lower court’s findings.

This opinion underscores the importance of the requirement that findings be filed separate and apart from the judgment or order they support. Otherwise, as CMC learned, litigants will face an uphill battle obtaining reversal on appeal. Ist-termination activities, and to properly define their terms.

Henry F. Coffeen III Mgmt., Inc. v. Musgrave, 02-16-00070-CV, 2016 WL 6277375 (Tex. App.—Fort Worth Oct. 27, 2016, no. pet. h.)

shutterstock_306198368Apparently there may be some life left yet in the Massachusetts Legislature’s attempt to pass non-compete reform this year.  As we previously reported, the House and the Senate were unable to bridge their differences and agree on a compromise bill before the formal session wrapped up on July 31.

According to the Boston Business Journal, however, “House and Senate leaders involved in the negotiations that came up just short at the close of formal sessions in July have continued talking, with a White House summit on non-competes serving as a spark plug to rekindle some hope that a compromise could still be brokered.”  Among other differences, the Senate bill would have limited non-compete agreements to three months, whereas the House version had a one year limit.  Both versions also provided for garden leave clauses, wherein an employee is paid during the restricted period, but the House set the compensation during the garden leave at 50% and the Senate recommended 100%.  The major disagreement, however, was over language that would have allowed both the employer and the employee to substitute garden leave pay for a different, mutually agreed upon, arrangement negotiated at the commencement of employment.  Even if a compromise deal is reached by the House and the Senate before the end of the year, it may be difficult to get passed in the full Legislature, as a single lawmaker can defeat any bill during an informal session by simply objecting to it.

The Associated Industries of Massachusetts and the Massachusetts High Technology Counsel have both said that they are in favor of something more akin to the House bill.

We will continue to monitor these developments and report back with any updates.  It may be that 2016 is the finally year for non-compete reform in Massachusetts after all . . . But we have said that before.

shutterstock_370595594We are pleased to announce the webinar “Trade Secret Audits: You Can’t Protect What You Don’t Know You Have” is now available as a webinar recording.

In Seyfarth’s ninth installment in the 2016 Trade Secrets Webinar Series, attorneys Robert Milligan, Eric Barton, and Scott Atkinson focused on trade secret audits. It is not uncommon for companies to find themselves in situations where important assets are overlooked or taken for granted. Yet, those same assets can be lost or compromised in a moment through what is often benign neglect. Experience has shown that companies gain tremendous value by taking a proactive, systematic approach to assessing and protecting their trade secret portfolios through a trade secret audit.

As a conclusion to this well-received webinar, we compiled a summary of three takeaways that were discussed during the webinar:

  • As part of any trade secret audit, confidentiality agreements should be updated to include the new immunity language required by the Defend Trade Secrets Act (DTSA) to preserve the company’s right to exemplary damages and attorney’s fees under the DTSA.
  • A trade secret audit, and the resulting protection plan, should have three primary goals:

(1)  Ensure that a company’s trade secrets are adequately identified and protected from disclosure;

(2)  Ensure that a company has taken adequate steps to protect itself in litigation if a trade secret is misappropriated; and

(3)  Limit the risk of exposure to other companies’ claims of trade secret misappropriation.

  • As part of a trade secret audit, onboarding and off-boarding procedures are evaluated to ensure that the intellectual property rights of third parties and the company are respected.

WebinarDo you and your firm have adequate cybersecurity to prevent yourself (and your confidential client data) from getting hacked?

On Wednesday, December 7, at 11:00 a.m. Pacific, Richard Lutkus, a partner in Seyfarth Shaw’s eDiscovery and Information Governance Practice; and Joseph Martinez, Chief Technology Officer and Vice President of Forensics, eDiscovery & Information Security at Innovative Discovery, will present “A Big Target: Cybersecurity for Attorneys and Law Firms.”

This webinar will cover any considerations that attorneys should take into account when in possession of any client data from an information security perspective. Coverage will include both technical considerations, best practices and policies, as well as practical advice to steer clear of ethical violations.

This program will specifically address the following topics:

  • Information storage, retention, and remediation
  • Device management
  • Phishing and social engineering
  • Security considerations
  • Cloud storage and ethical considerations

Please join us for this informative webinar.

register

As tshutterstock_163690979he Obama administration winds down, its regulators are showing no signs of letting up.  Last week the Commodities Futures Trading Commission (CFTC) decided that it should no longer be constrained by its subpoena power when it seeks to obtain highly confidential and propriety algorithms used by electronic trading firms.  In a 2-1 vote, the CFTC commissioners proposed a new rule under which a majority of the commissioners could vote to issue an order that requires CFTC-regulated companies to hand over the source code to their complex mathematical models that drive their trading decisions.  The power would allow the agency to force automatic trading companies to hand over what is seemingly their most valuable assets and closely held secrets upon the mere suspicion of wrongdoing and without the need to show any probable cause.  As noted in the Wall Street Journal, “[t]his is like asking Apple to turn over the source code for the iPhone.”

The majority vote was led by Chairman Timothy Massad and Commissioner Sharon Bowen, with Commissioner Christopher Giancarlo dissenting.  Massad reasoned that the current rules favor automatic trading firms over traditional trading companies, as the former are able to simply “hide behind their machines” to avoid agency surveillance.  Dissenting Commissioner Giancarlo criticized the majority for seeking to go above and beyond the subpoena process, thereby eliminating any due process protection that the companies may have under the Constitution.

The new rule would also require algorithmic trading firms to register with the CFTC if they trade on average 20,000 futures contracts a day over a six-month period.  This would broaden the agency’s coverage and potentially its ability to obtain highly coveted secrets that form the foundation for some firms.  And there is reason for concern.  Some may recall in 2001 when Senator Bernie Sanders released confidential CFTC data on oil trading positions, and it is not a far reach to think that a firm’s proprietary algorithms could similarly be used for political purposes.

While this proposed rule may only impact a small industry at the moment, that other agencies may now seek the same power is worrisome.   With Obama on his way out the door and Trump on the way in, it is yet to be seen whether this type of power grab will continue.  We will continue to monitor and report the development and public comment on this proposed rule.

shutterstock_361749602The Computer Fraud and Abuse Act (“CFAA”) gives rise to an actionable claim if someone “knowingly access[es] a computer without authorization or exceed[s] authorized access.” 18 U.S.C. § 1030(a)(1). The term “exceeds authorized access” is defined as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). In recent years, plaintiffs have attempted to argue that someone “exceeds authorized access” under the CFAA when they access work related information on their employer issued computer for non-work related reasons. In Georgia, courts appear to be divided on whether such an allegation gives rise to a valid CFAA claim.

For example, in United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir. 2010), the Eleventh Circuit adopted a broad view of the definition “exceeds authorized access,” holding that when an employer has a policy limiting an employee’s computer access to that done for business purposes, an employee who accesses that information for non-business purposes exceeds authorized access. In Rodriguez, the defendant worked for the Social Security Administration, which had a policy that the use of its databases to obtain personal information was authorized only when done for business reasons. 628 F.3d at 1263. The defendant conceded that his access of personal information at issue was not done in furtherance of his duties as a teleservice representative. Id. As such, the court ruled that the defendant had exceeding his authorized access under the CFAA.

The following year, the Northern District of Georgia applied Rodriguez’s broad interpretation of “exceeding authorized access,” holding that an employee’s e-mailing of confidential employer information to herself without a business purpose exceeded any authorized computer access and, therefore, violated the CFAA. See Amedisys Holding, LLC v. Interim Healthcare of Atlanta, Inc., 793 F.Supp.2d 1302, 1315 (N.D. Ga. 2011) (“[T]here is no question that [an employee] exceeded any authority she had when she sent [documents] to herself after accepting a position at [another company] for use in competing with [the plaintiff].”)

Since Rodriguez and Amedisys, however, several district courts in the Eleventh Circuit, including in at least one in Georgia, have applied a more narrow definition of “exceeds authorized access,” concluding that if a defendant has full administrative access to a computer, a claim for unauthorized access cannot be stated under the CFAA. See, e.g., Power Equip. Maint., Inc. v. AIRCO Power Servs., Inc., 953 F.Supp.2d 1290, 1297 (S.D. Ga. 2013); Enhanced Recovery Co. LLC v. Frady, No. 3:13-cv-1262-J-34JBT, at *26 n.7 (M.D. Fla. Mar. 31, 2015).

The Power Equip. decision is particularly instructive on the issue, explaining that:

the CFAA focuses on an individual’s unauthorized access of information rather than how a defendant used the accessed data. More specifically, the proper inquiry is whether an employer had, at the time, both authorized the employee to access a computer and authorized that employee to access specific information on that computer. 953 F.Supp.2d 1290, 1295 (S.D. Ga. 2013) (emphasis in original).

The court further held that the CFAA

does not confer upon employers the ability to sue their employees in federal court for violations of company policy regarding computer usage… [It] does not speak to employees who properly accessed information, but subsequently used it to the detriment of their employers: either one has been granted access or has not. Employers cannot use the CFAA to grant access to information and then sue an employee who uses that information in a manner undesired by the employer.

Id., at 1296 (emphasis added). Other courts in the Eleventh Circuit have held the same. See Trademotion, LLC v. Marketcliq, Inc., 857 F.Supp.2d 1285, 1291 (M.D. Fla. 2012) (concluding that plaintiff failed to state a claim under CFAA because plaintiff admitted that defendant had “full administrative access” to plaintiff’s computer system).

Takeaway

When deciding whether to assert a cause of action under the CFAA based on “exceeding authorized access,” the safest course of action in Georgia is to only do so when the facts demonstrate that the individual in question did not have permission to access the information in question. If the individual was given access to the information in question, but you believe accessed that they accessed that information for a non-work related purpose, consider relying on alternative theories of liability, such as conversation, breach of contract, or misappropriation.

WebinarOn Wednesday, November 2, at 1:00 p.m. Central, Seyfarth attorneys Karla Grossenbacher, Ari Hersher, Stacey Blecher, Meredith-Anne Berger, Elizabeth Levy and Selyn Hon will present “Navigating Employee Privacy Issues in the Workplace.”

The rise of technology in the workplace has resulted in a myriad of complex privacy issues. Employee privacy concerns are impacting employer decision-making more than ever. Is your company equipped to navigate these issues? In this cutting-edge webinar we will discuss:

  • The legal issues presented by an employer’s review of employee texts, emails and social media postings during workplace investigations;
  • The latest decisions from the NLRB regarding an employer’s ability to take action against employees based on social media postings;
  • Privacy considerations presented by the implementation of a BYOD policy; and
  • Private data security risks that arise from the use of cloud-based storage in the workplace

Please join us for this informative webinar so you will be prepared to confront the ever-increasing amount of privacy issues facing employers.

register