shutterstock_306198368Apparently there may be some life left yet in the Massachusetts Legislature’s attempt to pass non-compete reform this year.  As we previously reported, the House and the Senate were unable to bridge their differences and agree on a compromise bill before the formal session wrapped up on July 31.

According to the Boston Business Journal, however, “House and Senate leaders involved in the negotiations that came up just short at the close of formal sessions in July have continued talking, with a White House summit on non-competes serving as a spark plug to rekindle some hope that a compromise could still be brokered.”  Among other differences, the Senate bill would have limited non-compete agreements to three months, whereas the House version had a one year limit.  Both versions also provided for garden leave clauses, wherein an employee is paid during the restricted period, but the House set the compensation during the garden leave at 50% and the Senate recommended 100%.  The major disagreement, however, was over language that would have allowed both the employer and the employee to substitute garden leave pay for a different, mutually agreed upon, arrangement negotiated at the commencement of employment.  Even if a compromise deal is reached by the House and the Senate before the end of the year, it may be difficult to get passed in the full Legislature, as a single lawmaker can defeat any bill during an informal session by simply objecting to it.

The Associated Industries of Massachusetts and the Massachusetts High Technology Counsel have both said that they are in favor of something more akin to the House bill.

We will continue to monitor these developments and report back with any updates.  It may be that 2016 is the finally year for non-compete reform in Massachusetts after all . . . But we have said that before.

shutterstock_370595594We are pleased to announce the webinar “Trade Secret Audits: You Can’t Protect What You Don’t Know You Have” is now available as a webinar recording.

In Seyfarth’s ninth installment in the 2016 Trade Secrets Webinar Series, attorneys Robert Milligan, Eric Barton, and Scott Atkinson focused on trade secret audits. It is not uncommon for companies to find themselves in situations where important assets are overlooked or taken for granted. Yet, those same assets can be lost or compromised in a moment through what is often benign neglect. Experience has shown that companies gain tremendous value by taking a proactive, systematic approach to assessing and protecting their trade secret portfolios through a trade secret audit.

As a conclusion to this well-received webinar, we compiled a summary of three takeaways that were discussed during the webinar:

  • As part of any trade secret audit, confidentiality agreements should be updated to include the new immunity language required by the Defend Trade Secrets Act (DTSA) to preserve the company’s right to exemplary damages and attorney’s fees under the DTSA.
  • A trade secret audit, and the resulting protection plan, should have three primary goals:

(1)  Ensure that a company’s trade secrets are adequately identified and protected from disclosure;

(2)  Ensure that a company has taken adequate steps to protect itself in litigation if a trade secret is misappropriated; and

(3)  Limit the risk of exposure to other companies’ claims of trade secret misappropriation.

  • As part of a trade secret audit, onboarding and off-boarding procedures are evaluated to ensure that the intellectual property rights of third parties and the company are respected.

WebinarDo you and your firm have adequate cybersecurity to prevent yourself (and your confidential client data) from getting hacked?

On Wednesday, December 7, at 11:00 a.m. Pacific, Richard Lutkus, a partner in Seyfarth Shaw’s eDiscovery and Information Governance Practice; and Joseph Martinez, Chief Technology Officer and Vice President of Forensics, eDiscovery & Information Security at Innovative Discovery, will present “A Big Target: Cybersecurity for Attorneys and Law Firms.”

This webinar will cover any considerations that attorneys should take into account when in possession of any client data from an information security perspective. Coverage will include both technical considerations, best practices and policies, as well as practical advice to steer clear of ethical violations.

This program will specifically address the following topics:

  • Information storage, retention, and remediation
  • Device management
  • Phishing and social engineering
  • Security considerations
  • Cloud storage and ethical considerations

Please join us for this informative webinar.

register

As tshutterstock_163690979he Obama administration winds down, its regulators are showing no signs of letting up.  Last week the Commodities Futures Trading Commission (CFTC) decided that it should no longer be constrained by its subpoena power when it seeks to obtain highly confidential and propriety algorithms used by electronic trading firms.  In a 2-1 vote, the CFTC commissioners proposed a new rule under which a majority of the commissioners could vote to issue an order that requires CFTC-regulated companies to hand over the source code to their complex mathematical models that drive their trading decisions.  The power would allow the agency to force automatic trading companies to hand over what is seemingly their most valuable assets and closely held secrets upon the mere suspicion of wrongdoing and without the need to show any probable cause.  As noted in the Wall Street Journal, “[t]his is like asking Apple to turn over the source code for the iPhone.”

The majority vote was led by Chairman Timothy Massad and Commissioner Sharon Bowen, with Commissioner Christopher Giancarlo dissenting.  Massad reasoned that the current rules favor automatic trading firms over traditional trading companies, as the former are able to simply “hide behind their machines” to avoid agency surveillance.  Dissenting Commissioner Giancarlo criticized the majority for seeking to go above and beyond the subpoena process, thereby eliminating any due process protection that the companies may have under the Constitution.

The new rule would also require algorithmic trading firms to register with the CFTC if they trade on average 20,000 futures contracts a day over a six-month period.  This would broaden the agency’s coverage and potentially its ability to obtain highly coveted secrets that form the foundation for some firms.  And there is reason for concern.  Some may recall in 2001 when Senator Bernie Sanders released confidential CFTC data on oil trading positions, and it is not a far reach to think that a firm’s proprietary algorithms could similarly be used for political purposes.

While this proposed rule may only impact a small industry at the moment, that other agencies may now seek the same power is worrisome.   With Obama on his way out the door and Trump on the way in, it is yet to be seen whether this type of power grab will continue.  We will continue to monitor and report the development and public comment on this proposed rule.

shutterstock_361749602The Computer Fraud and Abuse Act (“CFAA”) gives rise to an actionable claim if someone “knowingly access[es] a computer without authorization or exceed[s] authorized access.” 18 U.S.C. § 1030(a)(1). The term “exceeds authorized access” is defined as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6). In recent years, plaintiffs have attempted to argue that someone “exceeds authorized access” under the CFAA when they access work related information on their employer issued computer for non-work related reasons. In Georgia, courts appear to be divided on whether such an allegation gives rise to a valid CFAA claim.

For example, in United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir. 2010), the Eleventh Circuit adopted a broad view of the definition “exceeds authorized access,” holding that when an employer has a policy limiting an employee’s computer access to that done for business purposes, an employee who accesses that information for non-business purposes exceeds authorized access. In Rodriguez, the defendant worked for the Social Security Administration, which had a policy that the use of its databases to obtain personal information was authorized only when done for business reasons. 628 F.3d at 1263. The defendant conceded that his access of personal information at issue was not done in furtherance of his duties as a teleservice representative. Id. As such, the court ruled that the defendant had exceeding his authorized access under the CFAA.

The following year, the Northern District of Georgia applied Rodriguez’s broad interpretation of “exceeding authorized access,” holding that an employee’s e-mailing of confidential employer information to herself without a business purpose exceeded any authorized computer access and, therefore, violated the CFAA. See Amedisys Holding, LLC v. Interim Healthcare of Atlanta, Inc., 793 F.Supp.2d 1302, 1315 (N.D. Ga. 2011) (“[T]here is no question that [an employee] exceeded any authority she had when she sent [documents] to herself after accepting a position at [another company] for use in competing with [the plaintiff].”)

Since Rodriguez and Amedisys, however, several district courts in the Eleventh Circuit, including in at least one in Georgia, have applied a more narrow definition of “exceeds authorized access,” concluding that if a defendant has full administrative access to a computer, a claim for unauthorized access cannot be stated under the CFAA. See, e.g., Power Equip. Maint., Inc. v. AIRCO Power Servs., Inc., 953 F.Supp.2d 1290, 1297 (S.D. Ga. 2013); Enhanced Recovery Co. LLC v. Frady, No. 3:13-cv-1262-J-34JBT, at *26 n.7 (M.D. Fla. Mar. 31, 2015).

The Power Equip. decision is particularly instructive on the issue, explaining that:

the CFAA focuses on an individual’s unauthorized access of information rather than how a defendant used the accessed data. More specifically, the proper inquiry is whether an employer had, at the time, both authorized the employee to access a computer and authorized that employee to access specific information on that computer. 953 F.Supp.2d 1290, 1295 (S.D. Ga. 2013) (emphasis in original).

The court further held that the CFAA

does not confer upon employers the ability to sue their employees in federal court for violations of company policy regarding computer usage… [It] does not speak to employees who properly accessed information, but subsequently used it to the detriment of their employers: either one has been granted access or has not. Employers cannot use the CFAA to grant access to information and then sue an employee who uses that information in a manner undesired by the employer.

Id., at 1296 (emphasis added). Other courts in the Eleventh Circuit have held the same. See Trademotion, LLC v. Marketcliq, Inc., 857 F.Supp.2d 1285, 1291 (M.D. Fla. 2012) (concluding that plaintiff failed to state a claim under CFAA because plaintiff admitted that defendant had “full administrative access” to plaintiff’s computer system).

Takeaway

When deciding whether to assert a cause of action under the CFAA based on “exceeding authorized access,” the safest course of action in Georgia is to only do so when the facts demonstrate that the individual in question did not have permission to access the information in question. If the individual was given access to the information in question, but you believe accessed that they accessed that information for a non-work related purpose, consider relying on alternative theories of liability, such as conversation, breach of contract, or misappropriation.

WebinarOn Wednesday, November 2, at 1:00 p.m. Central, Seyfarth attorneys Karla Grossenbacher, Ari Hersher, Stacey Blecher, Meredith-Anne Berger, Elizabeth Levy and Selyn Hon will present “Navigating Employee Privacy Issues in the Workplace.”

The rise of technology in the workplace has resulted in a myriad of complex privacy issues. Employee privacy concerns are impacting employer decision-making more than ever. Is your company equipped to navigate these issues? In this cutting-edge webinar we will discuss:

  • The legal issues presented by an employer’s review of employee texts, emails and social media postings during workplace investigations;
  • The latest decisions from the NLRB regarding an employer’s ability to take action against employees based on social media postings;
  • Privacy considerations presented by the implementation of a BYOD policy; and
  • Private data security risks that arise from the use of cloud-based storage in the workplace

Please join us for this informative webinar so you will be prepared to confront the ever-increasing amount of privacy issues facing employers.

register

OverviewWe are pleased to announce the webinar “The Intersection of Trade Secrets Violations and the Criminal Law” is now available as a webinar recording.

In Seyfarth’s eighth installment in the 2016 Trade Secrets Webinar Series, attorneys Andrew Boutros, Katherine Perrelli and Michael Wexler focused on criminal liability for trade secret misappropriation. Trade secret misappropriation is increasingly garnering the attention of federal law enforcement authorities. This reality creates different dynamics and risks depending on whether the company at issue is being accused of wrongdoing or is the victim of such conduct.

As a conclusion to this well-received webinar, we compiled a summary of three takeaways that were discussed during the webinar:

  • The theft of trade secrets is not only a civil violation — it is also a criminal act subject to serious fines and imprisonment.  In an ever-increasing technological age where a company’s crown jewels can be downloaded onto a thumb drive, victims and corporate violators must be mindful of the growing role that law enforcement plays in this active area.  And, in doing so, working with experienced counsel is critical to interfacing with law enforcement (especially depending on which side of the “v.” you are on), while still maintaining control of the civil litigation.
  • With the advent of the Defend Trade Secrets Act, intellectual capital owners have a powerful new tool to both protect assets with as well potentially defend against.  As such, processes must be in place to carefully screen new employees as well as provide vigilance over exiting employees so that one can guard against theft and be prepared to address purported theft brought to ones doorstep with a new hire.  Finally, it is important to review and update agreements with the latest in suggested and required language to maximize protections which is best accomplished through annual reviews of local and federal statutes with one’s counsel.
  • “Protect your own home” by putting tools in place before a trade secret misappropriation occurs. This includes taking a look at your employment agreements to make sure they are updated to comply with the Defend Trade Secrets Act (DTSA) and that they have been signed. In addition, make sure you have agreements in place with third parties (e.g., clients, vendors, contractors, suppliers) to protect your proprietary information. Finally, secure your network and facilities by distributing materials on a need-to-know basis: Don’t let your entire workforce have access.

shutterstock_338783330Fresh off of signing the Defend Trade Secrets Act, the White House released a report yesterday entitled “Non-Compete Reform: A Policymaker’s Guide to State Policies,” which contains information on state policies related to the enforcement of non-compete agreements. Additionally, the White House issued a “Call to Action” that encourages state legislators to adopt policies to reduce the misuse of non-compete agreements and recommends certain reforms to state law books.

The “Non-Compete Reform: A Policymaker’s Guide to State Policies,” which relied heavily on Seyfarth Shaw’s “50 State Desktop Reference: What Employers Need to Know About Non-Compete and Trade Secrets Law,” suggests that non-compete clauses have recently become more widespread, impacting 18% of all workers and 15% of employees without a college degree. The report analyzes the various states that have enacted statutes governing the enforcement of non-compete agreements and the ways in which those statutes address aspects of non-compete enforceability, including durational limitations; occupation-specific exemptions; wage thresholds; “garden leave;” enforcement doctrines; and prior notice requirements.

Continue Reading The White House’s Call to Action: A Step in the Right Direction or a Bridge Too Far?

WebinarOn Wednesday, November 16, at 12:00 p.m. Central, Seyfarth attorneys Robert B. Milligan, Daniel P. Hart and Scott E. Atkinson will present “Trade Secret Audits: You Can’t Protect What You Don’t Know You Have,” the tenth installment in Seyfarth’s 2016 Trade Secrets Webinar series.

Trade secrets are critical intellectual property for most businesses, whether they realize it or not. The risk of trade secret theft to businesses has increased in recent years, with greater employee mobility between companies, the alarming frequency of targeted data theft attacks, and the explosion of social media and cloud computing. Companies cannot simply react to these real business risks to their data after the data is compromised. By then, it’s too late. Instead, companies should employ a thoughtful and comprehensive approach to the protection of their trade secrets and confidential information.

It is not uncommon for companies to find themselves in situations where important assets are overlooked or taken for granted. Yet, those same assets can be lost or compromised in a moment through what is often benign neglect. Authoritative sources estimate that companies lose hundreds of billions of dollars as a result of trade secret theft. At the same time, companies sometimes find themselves exposed to potential liability when they inadvertently obtain others’ trade secrets. Recent jury verdicts across the nation demonstrate the risk is real. Moreover, once the trade secret is lost, it is lost forever — along with the value the company derives from the information.

To address these recurrent issues, Seyfarth Shaw helps clients protect their important assets and effectively manage risk by conducting Trade Secret Audits. Our experience has shown that companies gain tremendous value by taking a proactive, systematic approach to assessing and protecting their trade secret portfolios through a Trade Secret Audit.

Please join us for our webinar on Trade Secret Audits, which will cover:

  • Identifying trade secrets and secrecy protections
  • Effective secrecy protections, including employment and non-compete agreements.
  • Effective hiring and termination protocols, including effective exit interviews and termination protocols
  • Employing a comprehensive approach and trade secret protection plan
  • Managing and working to protect computer-stored data, including responding to emergency issues related to computer fraud and security breaches

This informative presentation will include a question and answer portion and checklists.

register

By Michael Tamvakologos & Justine Giuliani. Cross Posted from Workplace Law and Strategy.

14-1621-AU-Post-Employment-Map_R9_PAGE-11-640x4521-320x226Effective restraints of trade protect businesses which rely heavily on human capital from damage that sometimes can’t be undone. These restraints – usually sitting in an employment contract – can be a key business asset.

Others might think about it as an insurance policy. The capacity to preserve customer connections, protect confidential information and discourage key executives from setting up their own business or moving to a competitor can be critical to information rich businesses operating in a competitive market. As we pointed out in our previous blog piece on post-employment protections, The difference between winning and losing restraint litigation is often good housekeeping, ensuring the currency of your restraint provisions is an important exercise in risk management.

Our experience in this area is that one key distinction separates cases where restraints are successfully upheld and those where compromise outcomes are required. When seeking to enforce a restraint, an employer will need to demonstrate to the court there is a protectable interest capable of supporting the restraint. In successful cases, typically, the restraint provision has been drafted quite neatly around the key protectable interests. This is the first limb of the test for enforceability. The scope, duration and geographical operation of the restraint are logically tied to the protectable interest (see our map, above). An employer will need to make out each of these elements to meet the second limb of the test.

This success can be attributed to the practice of regularly revisiting the questions of which key executives or employees should be subject to restraints, and how those restraints should operate. Think about their knowledge and relationships (their human capital) as key business assets that have to be protected – or protected against. The yearly promotion, pay rise or management re-shuffle cycles are perfect opportunities to update restraint provisions. Often, this is when operational changes (such as the make-up of roles) become effective, so restraints can be tweaked to align with these changes. A promotion or pay rise can be tied to a new contract or restraint provision.

Instead of adopting a one-size-fits-all approach when an employee first joins the business, employers can increase the likelihood that a restraint will be enforceable by showing it was the subject of specific negotiation during the employment.