Header graphic for print

Trading Secrets

A Law Blog on Trade Secrets, Non-Competes, and Computer Fraud

Webinar Recap! Social Media Privacy Legislation Update

Posted in Computer Fraud, Computer Fraud and Abuse Act, Privacy, Social Media, Trade Secrets

shutterstock_276783140We are pleased to announce the webinar “Social Media Privacy Legislation Update” is now available as a podcast and webinar recording.

In Seyfarth’s eighth installment in its series of Trade Secrets Webinars, Seyfarth social media attorneys discussed their recently released Social Media Privacy Legislation Desktop Reference and addressed the relationship between trade secrets, social media, and privacy legislation.

As a conclusion to this well-received webinar, we compiled a list of  brief summaries of the more significant cases that were discussed during the  webinar:

  • In KNF&T Staffing Inc. v. Muller, Case No. 13-3676 (Mass. Super. Oct. 24, 2013) a Massachusetts court held that updating a LinkedIn account to identify one’s new employer and listing generic skills does not constitute solicitation. The court did not address whether a LinkedIn post could ever violate a restrictive covenant.
  • Outside of the employment context, the Indiana Court of Appeals in Enhanced Network Solutions Group Inc. v. Hypersonic Technologies Corp., 951 N.E.2d 265 (Ind. Ct. App. 2011) held that a nonsolicitation agreement between a company and its vendor was not violated when the vendor posted a job on LinkedIn and an employee of the company applied and was hired for the position, because the employee initiated all major steps that led to the employment.
  • In the context of Facebook, a Massachusetts court ruled in Invidia LLC v. DiFonzo, 2012 WL 5576406 (Mass. Super. Oct. 22, 2012) that a hairstylist did not violate her nonsolicitation provision by “friending” her former employer’s customers on Facebook because “one can be Facebook friends with others without soliciting those friends to change hair salons, and [plaintiff] has presented no evidence of any communications, through Facebook or otherwise, in which [defendant] has suggested to these Facebook friends that they should take their business to her chair.”
  • Similarly, in Pre-Paid Legal Services, Inc. v. Cahill, Case No. CIV-12-346-JHP, 2013 U.S. Dist. LEXIS 19323 (E.D. Okla., Jan. 22, 2013) a former employee posted information about his new employer on his Facebook page “touting both the benefits of [its] products and his professional satisfaction with [it]” and sent general requests to his former co-employees to join Twitter. A federal court in Oklahoma denied his former employer’s request for a preliminary injunction, holding that communications were neither solicitations nor impermissible conduct under the terms of his restrictive covenants
  • The Virginia Supreme Court in Allied Concrete Co. v. Lester, 285 Va. 295 (2013) upheld a decision sanctioning a plaintiff and his attorney a combined $722,000 for deleting a Facebook account and associated photographs that undermined the plaintiff’s claim for damages stemming from the wrongful death of his wife in an car accident. The deleted photographs showed plaintiff holding a beer while wearing a T-shirt with the message, “I Love hot moms.” Subsequent testimony revealed that the plaintiff’s attorney had instructed his paralegal to tell the plaintiff to “clean up” his Facebook entries because “we do not want blowups of this stuff at trial.”
  • PhoneDog v. Noah Kravitz, No. C11-03474 MEJ, 2011 U.S. Dist. LEXIS 129229 (N.D. Cal., 2012) involved a dispute over whether a Twitter account’s followers constitute trade secrets even when they are publically visible. The court denied the defendant’s motion to dismiss and ruled that PhoneDog, an interactive mobile news and reviews web resource, could proceed with its lawsuit against Noah Kravitz, a former employee, who PhoneDog claimed unlawfully continued using the company’s Twitter account after he quit.  The court held that PhoneDog had described the subject matter of the trade secret with “sufficient particularity” and satisfied its pleading burden as to Kravitz’s alleged misappropriation by alleging that it had demanded that Kravitz relinquish use of the password and Twitter account, but that he has refused to do so.  With respect to Kravitz’s challenge to PhoneDog’s assertion that the password and the Account followers do, in fact, constitute trade secrets — and whether Kravitz’s conduct constitutes misappropriation, the court ruled that the such determinations require the consideration of evidence outside the scope of the pleading and should, therefore, be raised at summary judgment, rather than on a motion to dismiss.  The parties ultimately resolved the dispute.
  • The Second Circuit Court of Appeals in Triple Play v. National Labor Relations Board, No. 14-3284 (2d. Cir. Oct. 21, 2015) affirmed an NLRB decision that a Facebook discussion regarding an employer’s tax withholding calculations and an employee’s “like” of the discussion constituted concerted activities protected by Section 7 of the National Labor Relations Act. The Facebook activity at issued involved a former employee posting to Facebook, “[m]aybe someone should do the owners of Triple Play a favor and buy it from them. They can’t even do the tax paperwork correctly!!! Now I OWE money . . . Wtf!!!!” A current employee “liked” the post and another current employee posted, “I owe too. Such an asshole.” The employer terminated the two employees for their Facebook activity. The 2nd Circuit affirmed the NLRB’s decision that the employer’s termination of the two employees for their aforementioned Facebook activity was unlawful.

The following is a collection of social media policies that have been implemented by various companies:  http://socialmediagovernance.com/policies/. While these policies can serve as a helpful guide, companies should tailor their own social media policies and consult with counsel.

For more information, please contact your Seyfarth Shaw LLP attorney, Robert B. Milligan at rmilligan@seyfarth.com, Daniel P. Hart at dhart@seyfarth.com or Joshua Salinas at jsalinas@seyfarth.com.

Eric Barton on What Employers Should Know About Where Social Media Password Laws and Trade Secrets Intersect

Posted in Trade Secrets

Social media is everywhere nowadays. The line between professional and personal with these accounts is growing more and more blurred. As such, lines designed to protect employee privacy are intersecting with trade secret protection in conflicting ways.

Joining LXBN TV to explain is Seyfarth Shaw attorney Eric Barton—author on the firm’s blog, Trading Secrets.

Poor Employer Onboarding and Departure Procedures Can Lead to Horrifying Results Including the Loss of Trade Secrets

Posted in Trade Secrets

shutterstock_186262970This upcoming Halloween reminds us that employers face their own terrors in trying to protect trade secrets and other valuable company information in the workplace, particularly if they have poor onboarding and departure protocols with their employees.

The following video illustrates some of the bad practices committed by both company personnel and employees that can “trick” companies into losing trade secrets or other confidential information or expose them to other liability.

Our recent Halloween-themed best practices presentation provides several “treats” for companies as it highlights some of the practical strategies to avoid the potential horrors illustrated in the video above. These best practices include:

  • Creating a culture where employees understand confidentiality and what information the company considers confidential
  • Making it clear to employees that they should not use or bring any former employer’s confidential information
  • Emphasizing the importance of the company’s non-disclosure and trade secret protection agreements
  • Considering the implementation of computer, network, and social media use and access agreements and policies
  • Conducting exit interviews and ensuring all company property (both hard copy and electronic) is returned when employees depart
  • Training modules with examples of “dos” and “don’ts”
  • Provide access on need to know basis
  • Make security protocol familiar and uniform

Have a safe and happy Halloween!

Proposed US and EU Trade Secrets Laws Progress but Unlikely to be Enacted This Year

Posted in International, Trade Secrets

There’s no doubt that protection of trade secrets is a major concern for most businesses operating in today’s global economy. As we have previously discussed, a fshutterstock_169048001ew years ago CREATe.org and PwC US released a report that highlighted how far-reaching and deeply challenging trade secret theft is for companies operating on a global scale. Notably, in their report, CREATe.org and PwC estimated that trade secrets theft costs anywhere between 1-3% of the GDP of the United States and other industrial economies.

To address the threat to the trade secrets of US businesses, earlier this year Senators Orrin Hatch (R-UT) and Christopher Coons (D-DE) introduced the “Defend Trade Secrets Act of 2015” (S. 1890) in the United States Senate, while Rep. Doug Collins (R-GA) introduced an identical version of the same bill (H.R. 3326) in the United States House of Representatives. As we discussed here, if enacted, the Defend Trade Secrets Act would provide a civil cause of action in federal court to private litigants for “misappropriation of a trade secret that is related to a product or service used in, or intended for use in, interstate or foreign commerce.” In addition, the bill seeks to (1) create a uniform standard for trade secret misappropriation by expanding the Economic Espionage Act; (2) provide parties pathways to injunctive relief and monetary damages to preserve evidence, prevent disclosure, and account for economic harm to companies; and (3) create remedies for trade secret misappropriation similar to those in place for other forms of intellectual property.

Both bills have garnered widespread bipartisan support and are currently pending review by the Judiciary Committees in each chamber. As of publication of this blog post, the Senate bill has 10 cosponsors (6 Republicans, 4 Democrats), while the House bill has 62 cosponsors (42 Republicans, 20 Democrats). Given the bi-partisan and bi-cameral nature of the bills, many commentators have predicted that the Defend Trade Secrets Act of 2015 stands a very strong chance of becoming law. Nevertheless, given the current status of the bills in committee, it is unlikely that either bill be scheduled for a floor vote by the end of the year. Staff on Capitol Hill report that, while the House’s bill’s sponsors hope to see committee action by Christmas, the Chairman of the House Judiciary Committee has only committed to moving the legislation, not to a specific time frame. The Senate bill likewise currently has no scheduled date for Judiciary Committee action.

Meanwhile, across the Atlantic, the European Commission’s proposed Directive to protect trade secrets has now crossed most procedural hurdles necessary for a first reading in the European Parliament. As we discussed here, the proposed Directive (if enacted) would substantially alter the legal landscape in Europe regarding trade secret protection and would require all member states to provide certain minimum standards of legal protection for trade secrets. Earlier this year, the European Parliament’s Committee on the Internal Market and Consumer Protection and Committee on Industry, Research and Energy both reviewed the proposed Directive and published their comments and recommended amendments to the proposal. The Parliament’s Committee on Legal Affairs subsequently published its own report, which includes the other committees’ reports and a draft resolution for vote by the European Parliament.

In its draft resolution, the Committee on Legal Affairs accepted some of the amendments proposed by other committees, particularly amendments to address concerns that the proposed Directive could have an anti-competitive impact or could be used to chill free expression. Among other proposed amendments, the Committee on Legal Affairs has made the following amendments:

  • Adding language to clarify that the Directive “does not provide any ground to trade secret holders to limit the use of experience and skills honestly acquired by employees in the normal course of their employment or to add any restriction for employees to occupy a new position, to those provided for in their employment contract, in compliance with relevant Union and national law;”
  • Adding language to emphasize the importance of trade secrets protection for small and medium-sized enterprises (“SMEs”);
  • Adding language to clarify that the measures and remedies provided under the Directive should not restrict whistleblowing activity and the safeguard the freedom of the press;
  • Changing the statute of limitations for trade secrets misappropriation claims to three years (the Commission’s original text proposed a limitations period of “at least one year but not more than two year after the applicant became aware, or had reason to become aware, of the last fact giving rise to the action”);
  • Amending the Directive’s remedies for protection of trade secrets during litigation to ensure that “those restrictions should not be such as to prevent at least one person from each of the parties and their respective legal representatives from having full access to all the documents in the file” ( in contrast, the Commission’s original text was written broadly enough to permit “Attorneys’ Eyes’ Only” protective orders like those commonly used in litigation in the U.S.).

With the publication of a draft resolution, the proposed directive now awaits a vote in the European Parliament upon the conclusion of additional negotiations between the Parliament and the Council of the European Union (which has already reached an agreement on a general approach for establishing a new legal framework for the protection of trade secrets). Staff of the European Commission in Brussels have reported to us that the Council and the Parliament are attempting to reach an agreement that would permit adoption of the proposed directive on a first reading in the Parliament. Currently, the European Parliament is expected to vote on the initiative around March 2016, but the precise date for a first reading has yet to be determined.

We will continue to track developments on both sides of the Atlantic as these proposed measures continue to be considered in the U.S. Congress and in the European Parliament.

Dan Hart is a Partner at Seyfarth Shaw’s Atlanta office and will be presenting “Protection of Trade Secrets in the US, EU, and Other Countries” at the International Technology Law Association’s 2015 European Conference, which will be held in London from November 4-6.  More information about the conference can be found here.

Nosal Update: Ninth Circuit Hears Oral Arguments on Password Sharing and Scope of Computer Fraud and Abuse Act

Posted in Computer Fraud, Computer Fraud and Abuse Act, Data Theft

shutterstock_299582249On October 20, 2015, a Ninth Circuit panel consisting of Chief Judge Sidney Thomas and Judges M. Margaret McKeown and Stephen Reinhardt heard oral argument from the U.S. Department of Justice and counsel for David Nosal on Nosal’s criminal conviction arising under the Computer Fraud and Abuse Act (CFAA).   In 2013, Nosal was found to have violated the CFAA by allegedly conspiring to obtain access to company information belonging to his former employer, executive search firm Korn Ferry, through the borrowing of another employee’s login password. He was also convicted of trade secret misappropriation under the Economic Espionage Act.

The panel focused most of its questions around one main point of contention between the parties: the interpretation of the “without authorization” language appearing throughout Section (a) of the CFAA.  Such a focus makes sense given that the interpretation of this short phrase could completely change the legal landscape surrounding password sharing, not only in professional settings, but also in personal, consensual settings.

Nosal’s Points

Counsel for Nosal urged the panel to adopt a limited reading of the CFAA, based on the reasoning laid out in the Ninth Circuit’s previous en banc opinion (Nosal I).  Nosal I held that the CFAA was an “anti-hacking” statute and did not contemplate, nor criminalize, the misappropriation of trade secrets.  As an “anti-hacking” statute, the CFAA, the court held, criminalizes “the circumvention of technological access barriers.”  In other words, a person cannot be found to have accessed a computer “without authorization” if he did not circumvent a technological access barrier, or “hack” into a computer.

This time around, counsel for Nosal argued that password sharing is not hacking, and therefore, such an action cannot amount to a federal crime.  Further, counsel urged the panel to limit its interpretation of the “without authorization” language appearing throughout the Act, so as to prevent the over-criminalization of actions otherwise not prohibited by law (e.g., password sharing over a cloud system, or another consensual password sharing arrangement).   Nosal’s counsel also argued that the “without authorization” language be read consistently throughout the Act, so that the same interpretation would apply to both the misdemeanor and felony provisions of the Act.

U.S. Government’s Arguments

On the other side of the spectrum lie the government’s arguments.  Counsel for the government argued that protecting computers with passwords to prevent unintended user access indeed creates a “technological access barrier,” and any circumvention thereof (consensual or otherwise) constitutes a violation of the CFAA.  Such a broad interpretation was met with raised brows from the members of the judicial panel.

Counsel for the government repeatedly argued that the interpretation of the “without authorization” language should mirror the interpretation in the LVRC Holdings LLC v. Brecka case.  Per Brecka, a person accesses information “without authorization” under Sections (a)(2) and (4) of the CFAA when he has not received permission to use a computer for any purpose, or when the person’s employer has rescinded permission to access a computer and the person uses it anyway.  In other words, the government’s counsel seemed to advocate the criminalization of any sort of password sharing.  After receiving some push-back from the panel after making such an argument, counsel suggested limiting this interpretation to the employment context only, but members of the panel shot back because the CFAA includes no such limiting language. The government’s counsel argued that the person must have shared or used the password while also knowing it was prohibited by an employer to do so.

With regard to Nosal’s trade secrets conviction, the panel pressed the government’s counsel for a good portion of her allotted argument time.  Counsel argued the record revealed sufficient evidence to establish the element that source lists derive independent economic value for not being generally known by the general public.

Possible Outcomes for Nosal and Beyond

Though the panel did not give a clear indication one way or the other whose side it was likely to advocate in Nosal’s case, recent Ninth Circuit precedent may prove enlightening on the topic.  In the U.S. v. Christensen (9th Cir. 2015) decision, the Ninth Circuit (composed of a panel of different judges than those deciding Nosal’s fate) vehemently upheld the holdings in Nosal I, despite the different facts of each case.  In particular, the Christensen panel relied heavily on the Nosal I rationale that the CFAA only deals with violations of restrictions on access to information, not restrictions on use.  At the very least, Christensen demonstrates that the CFAA has been on the Ninth Circuit’s radar, even though its rationale may not impact the outcome in Nosal II.

Moreover, the panel’s surprise at the government’s assertion that all password sharing should be subject to criminal sanctions indicates an unwillingness to adopt such an argument.  As a previous post hypothesized, the panel’s final ruling will likely put to bed the password sharing issue, and limit it to certain situations (on which ground is still unclear), at least in the Ninth Circuit.  The ruling will hopefully provide helpful guidance on how to formulate acceptable computer policies prohibiting conduct running afoul of the CFAA. That way, employers and businesses can better protect their trade secrets from escaping the confines of their walls.

Update on Trans Pacific Partnership’s Potential Impact on Trade Secret Law

Posted in International, Legislation, Trade Secrets

shutterstock_299243177As the 2016 presidential race moves into the debate phase, one issue sure to get more and more attention is the proposed Trans Pacific Partnership (“TPP”).  In simplest terms, the TPP is a proposed trade agreement between twelve Pacific Rim countries, including the United States, concerning a wide variety of matters of economic policy.  Together, the countries account for 40 percent of world economic output.  After years of negotiations, an agreement was recently reached on October 5, 2015 after marathon talks in Atlanta, Georgia.

Before negotiations ever began, each of the TPP countries signed confidentiality agreements promising to maintain the secrecy of the negotiations, including the specific terms and provisions being debated.  As a result, even though a “deal” has been reached, the exact terms of that deal remain a mystery.  That said, before the TPP can become official, the text of the agreement has to be signed and ratified in accordance with the procedures of each of the twelve countries involved.  In the United States, that means Congress must accept or reject the TPP within 90 legislative days once the deal is formally submitted for review.  According to Politico, many expect Congress to vote on the bill either during the Summer of 2016 or in the lame-duck session after the 2016 elections.

The final terms of the TPP will obviously need to be provided to Congress before any vote can be taken.  In the meantime, however, WikiLeaks has been publishing purported “drafts” of the TPP on a regular basis since 2013.  According to these leaked materials, the TPP will include a chapter on intellectual property covering copyright, trademarks, and patents, as well as trade secrets.  These disclosures are consistent with a public statement from Office of the United States Trade Representative, indicating that each of the TPP countries have agreed that they will “provide strong enforcement systems, including, for example, civil procedures, provisional measures, border measures, and criminal procedures and penalties for commercial-scale trademark counterfeiting and copyright or related rights piracy. In particular, TPP Parties will provide the legal means to prevent the misappropriation of trade secrets, and establish criminal procedures and penalties for trade secret theft, including by means of cyber-theft […].”

One recently leaked “draft” of the TPP includes language requiring TPP signatories to follow the trade secret language found in the Agreement on Trade Related Aspects of Intellectual-Property Rights (commonly referred to as “TRIPS”), which is essentially the same as the trade secret language in the Uniform Trade Secret Act.  The leaked documents also indicate that the TPP will move many aspects of trade secrecy into the realm of criminal law, which would obviously be a fairly fundamental change to the focus of current trade secret law, where it is generally treated as a purely civil matter.  That said, only when the “official” TPP is finally revealed will we be able to analyze its actual terms.  Based on the leaked versions, though, several groups have already begun publishing highly critical commentaries on the TPP’s various proposals for handling intellectual property rights.

It will also be extremely interesting to see how the TPP’s provisions regarding trade secrets interacts with the proposed Federal Trade Secret Legislation recently introduced in the United States’ House and Senate.  For more on that, please follow this link to Seyfarth’s ongoing updates.  Suffice it to say, 2016 is already shaping up to possible be a watershed year for trade secret legislation on multiple fronts.

Utah Supreme Court Lays Out Pro-Plaintiff Presumption of Harm Standard in Trade Secret Cases

Posted in Trade Secrets

shutterstock_326369231The Utah Supreme Court recently issued a significant decision laying out a presumption of harm evidentiary standard in trade secret cases, which will be very useful for plaintiffs seeking injunctive relief in cases involving trade secret and breach of non-disclosure claims. InnoSys v. Mercer, 2015 UT 80 (August 28, 2015).

The trade secret battle involved a defense industry-focused technology company, InnoSys, Inc., and its former engineer, Amanda Mercer.

InnoSys alleged that Mercer violated a non-disclosure agreement she signed at the time of hire, which memorialized her promise not to copy or transmit any company-protected information.  InnoSys further alleged that Mercer engaged in misappropriation of trade secrets when she sent company information and a confidential company business plan to her personal email account and downloaded it onto a personal thumb drive and used the information in an administrative unemployment hearing following her dismissal from InnoSys.

In district court, Mercer prevailed on her motion for summary judgment based on the determination that InnoSys had not met its burden of showing that Mercer’s acts amounted to actual, irreparable harm.  As a result, InnoSys was slapped with sanctions under Federal Rule 11 and Mercer recovered her attorney’s fees under Utah state law.

The Utah Supreme Court reversed the district court in a 3-2 decision, asserting that “Mercer’s disclosures [of InnoSys’ confidential information] at least arguably sustain[ed] a presumption of harm to InnoSys.”

First, the Court reasoned that InnoSys “at least arguably” asserted a prima facie case of misappropriation of trade secrets under the Utah Uniform Trade Secret Act (UTSA).  Under the UTSA, a prima facie case of misappropriation is established on the basis of two elements: 1) existence of a protectable trade secret by a plaintiff; and 2) demonstration of misappropriation by a defendant. Utah Code § 13-24-2.  The Court found that the business plan and other confidential information indisputably were trade secrets because they derived independent economic value from not being generally known by others.  In determining whether Mercer was entitled to judgment as a matter of law on this issue, the Court reasoned that InnoSys arguably made a prima facie showing of infringement under the UTSA and under its claim of breach of the non-disclosure agreement, which showing sustained a presumption of irreparable harm.

Second, the Court noted undisputed evidence of misappropriation on the summary judgment record, which included proof of unlawful disclosure and unlawful acquisition.  Only a showing of one is necessary under the UTSA.  Id. § 13-24-2(2)(a), (b).  Mercer’s transmission of company information from the company system to a personal email account and thumb drive coupled with her subsequent use of that information in an administrative proceeding “at least arguably amount[ed] to misappropriation” under the UTSA, the Court concluded.  Moreover, the UTSA provides no basis for a defense to the unauthorized disclosure of a trade secret, no matter the circumstances.  Therefore, Mercer had no reasonable basis grounded in the UTSA to disclose company information in the way she did to the administrative body during her proceeding; such a lack of a defense further supported InnoSys’ prima facie showing.

The Court reasoned that InnoSys was able to withstand Mercer’s motion for summary judgment because its prima facie showing gave rise to a rebuttable presumption of irreparable harm, to which Mercer provided no rebuttal.  The court further discussed the presumption of irreparable harm upon the showing of misappropriation, noting that trade secrets, as property rights, are protected by such a legal presumption.  Any trespass on such a right is subject to injunctive relief to “vindicate that right and prevent future harm.”  The Court emphasized that such a presumption is “rarely questioned,” and exists as strong precedent in trade secret law.

The Court later analyzed how Mercer failed to rebut the presumption of irreparable harm.  The Court considered the possibility, given expert testimony supporting such a hypothesis, that Mercer kept other copies of the confidential information elsewhere, despite deleting some documents in the presence of her sister and attorney.  If she did not harbor such information, injury to her upon the issuance of an injunction would harm her little; if she did harbor the information with the intention to further harm InnoSys, then the injunction would be priceless for InnoSys.  In other words, issuing an injunction in favor of InnoSys at the very least would protect it from any fathomable future disclosure by Mercer, with little harm to her.

Even without the presumption, the Court stated that InnoSys provided actual evidence of threatened harm, which would allow its claim to survive summary judgment.  This actual evidence included a showing of Mercer’s use of a web-based personal email account to access InnoSys’ trade secrets.  Transmission of protected company information to an email server not bound to any confidentiality agreement nor capable of ever actually deleting a message, InnoSys argued, amounted to an ongoing threat of harmful disclosure.  Further, the Court noted that Mercer could go and re-access her administrative hearing file, which contained the trade secret information at issue.  Moreover, Mercer’s recurring inconsistent statements made throughout the history of the case undermined her credibility and introduced a “core genuine issue as to her supposed intent to reform and never again harm InnoSys.”

Regarding the breach of the non-disclosure agreement claim, the presumption of irreparable harm in and of itself, the Court noted, was enough to sustain InnoSys’ prima facie case.  The court reversed the summary judgment on the breach of fiduciary duty claim and attorney’s fees as well for the reasons outlined above, and others.  In sum, the Court held that because Mercer made no attempt to rebut the presumption of irreparable harm to InnoSys, the district court’s grant of summary judgment, Rule 11 sanctions, and attorney’s fees was improper.

The majority opinion, authored by Associate Chief Justice Lee (“ACJ Lee”), acknowledged the dissent’s arguments several times throughout the opinion.  Perhaps most interestingly, the dissent asserted that Mercer was entitled to summary judgment because InnoSys failed to show an actual threat of future harm by Mercer.  ACJ Lee directly addressed this argument, noting that it fell short on two grounds: 1) the issue it raised was not preserved; and 2) Mercer’s deletion of emails failed to rebut the presumption of irreparable harm.  Regarding the former, ACJ Lee noted that Mercer’s entire argument was that InnoSys never produced evidence of actual or threatened harm; meaning, InnoSys never showed the economic impact following Mercer’s disclosures.  Such failure to produce was not enough to affirm a summary judgment ruling, in the majority’s opinion.  As to the latter issue, the ACJ recalled that a defendant’s claiming her voluntary compliance moots a case bears “a formidable burden of showing that it is absolutely clear the allegedly wrongful behavior could not be reasonably expected to occur.”  The dissent argued that the fact that Mercer deleted all of the confidential information from her email was undisputed and that InnoSys failed to produce evidence that she would be a future threat of harm, but the majority disagreed because it assumed facts not made of record and gave the benefit of the doubt to the wrong party, the movant.  The majority continued that Mercer failed to meet the aforementioned formidable burden because her acts of deletion could be construed as self-serving and not enough to defeat summary judgment.


This case provides a significant evidentiary tool to plaintiffs who have evidence of illicit data transfer despite claims by the defendant that the data has subsequently been deleted and/or that there has been no harm to the plaintiff. Additionally, the case underscores the importance for trade secret victims to conduct thorough computer forensic investigations to uncover evidence of data misuse to support their claims.

Dueling Dumpling Trade Secret Dispute Heads to District Court

Posted in Practice & Procedure, Trade Secrets

shutterstock_317654018For Dumpling Daughter and its newly opened rival Dumpling Girl, things are heating up in the kitchen and the courtroom, as reported by the Boston Globe, after the former filed a lawsuit in federal court in Boston asserting a host of claims against Dumpling Girl and its three owners, including misappropriation of trade secrets, unfair competition, trademark infringement, conversion, and unjust enrichment.

Dumpling Daughter claims that the individual defendants, two of whom are former Dumpling Daughter employees, opened a virtually identical restaurant using Dumpling Daughter’s confidential and proprietary recipes, a nearly indistinguishable menu, and “ordering, check-out, food preparation, and food delivery operations” that are likewise identical to Dumpling Daughter’s.  The complaint alleges that Dumpling Girl’s actions have already confused several Dumpling Daughter clients, who have asked the latter’s owner if she is opening a new restaurant where Dumpling Girl is currently located (and in fact, the complaint attaches documentary evidence of such queries from customers).

The verified complaint also attaches the aforementioned menus which bear more than a mere resemblance — in fact, Dumpling Girl’s menu is a near duplicate of Dumpling Daughter’s menu.  By way of example, the description for the restaurants’ respective pork ramen dishes are nearly verbatim.  Dumpling Daughter’s description reads:

NOT the instant kind!!!!!!!!  Classic pork broth, fresh ramen noodles, pork belly, soft egg, bamboo red pickled ginger, kombu seaweed, scallions.

In contrast, Dumpling Girl’s pork ramen dish is described as follows:

NOT the instant kind!!!!!!!!  Classic pork broth, fresh ramen noodles, pork belly,
soft egg, bamboo red pickled ginger kombu seaweed, scallions.

The only changes in Dumpling Girl’s description are one fewer exclamation point and a missing comma.  Nearly every other menu item is similarly alike.  With these striking similarities (which, when taken cumulatively, no reasonable person could claim are mere coincidences), it seems like Dumpling Girl will have an uphill battle proving to the that its restaurant is not merely a carbon copy of Dumpling Daughter.  Further compounding Dumpling Girl’s plight are alleged admissions by its employees that the purpose of the restaurant is to copy Dumpling Daughter’s concept, and their alleged attempts to hire Dumping Daughter’s vendor to manufacture dumplings and buns using Dumpling Daughter’s exact recipes.

Of course, to prevail on its misappropriation claim, Dumpling Daughter will have to prove to the court that its recipes are trade secrets; while we frequently see client lists and highly technical inventions as the alleged trade secrets in misappropriation cases, there’s no reason why recipes can’t be trade secrets under the right circumstances.  In fact, an oft-cited Massachusetts case, Peggy Lawton Kitchens, Inc. v. Hogan, 18 Mass. App. Ct. 937 (1984), held that a chocolate chip cookie recipe constituted a trade secret.  Accordingly, Magistrate Judge Donald Cabell will likely consider the following six-factor test utilized by Massachusetts courts in determining whether Dumpling Daughter’s recipes are trade secrets:

  1. The extent to which the information is known outside of the business;
  2. The extent to which the information is known by employees and others involved in the business;
  3. The extent of Dumpling Daughter’s measures to guard the information’s secrecy;
  4. The information’s value to Dumpling Daughter and its competitors;
  5. The amount of effort or money Dumping Daughter spent to develop the information; and
  6. The ease or difficulty for others to properly acquire or duplicate the information.

Given the complaint’s many allegations regarding the secrecy with which Dumpling Daughter protected the restaurant’s recipes and the time and expense its owner devoted to their development, the court very well may determine that the recipes are indeed trade secrets, assuming discovery supports these allegations.

Thus far, Dumping Girl has not responded to the suit, and it remains to be seen whether it will get its just desserts.  Stay tuned for the outcome of this delicious dispute.

Upcoming Webinar: Social Media Privacy Legislation Update

Posted in Privacy, Social Media, Trade Secrets

WebinarSocial media and related issues in the workplace can be a headache for employers. There is no denying that social media has transformed the way that companies conduct business. In light of the rapid evolution of social media, companies today face significant legal challenges on a variety of issues ranging from employee privacy and protected activity to data practices, identity theft, cybersecurity, and protection of intellectual property.

On Tuesday, October 27, 2015 at 10:00 a.m. Central, Robert B. Milligan, Daniel P. Hart and Joshua Salinas will present the eighth installment in its series of Trade Secrets Webinars. They will discuss their recently released Social Media Privacy Legislation Desktop Reference and address the relationship between trade secrets, social media, and privacy legislation.

The Seyfarth panel will specifically address the following topics:

  • ​​Discussing recent and proposed employee privacy legislation, and how it may impact policies dictating mandatory turnover of social networking passwords and employee privacy concerns.
  • Discussing the National Labor Relations Board’s (NLRB) treatment of employer social media policies, whether it applies to you, and what steps should be taken to avoid potential penalties for violating NLRB rulings.
  • Discussing the interplay between social medial privacy laws and workplace investigations, and how developing internal company policy and/or contracts can protect companies’ assets.
  • Defining, understanding, and protecting trade secrets in social media.
  • How courts are interpreting ownership of social media accounts and whether social media sites constitute property and preventing trade secret misappropriation or distribution through social media channels.
  • Discussing the interplay between protection of company information and ownership of company accounts in the social media age.


There is no cost to attend this program, however, registration is required.

*CLE Credit for this webinar has been awarded in the following states: CA, IL, NJ and NY. CLE Credit is pending for GA, TX and VA. Please note that in order to receive full credit for attending this webinar, the registrant must be present for the entire session.

If you have any questions, please contact events@seyfarth.com.

Michigan Federal Court Rejects As Dicta Sixth Circuit’s Broad Computer Fraud and Abuse Act Interpretation

Posted in Computer Fraud, Computer Fraud and Abuse Act, Cybersecurity, Data Theft

shutterstock_242602567While employee Lehman was employed by Experian and allegedly subject to various employment covenants, he incorporated Thorium, a competitor.  After Experian laid him off, he operated Thorium.  Experian sued Lehman and Thorium in a Michigan federal court, accusing them of wrongdoing including violations of the federal Computer Fraud and Abuse Act.  Holding that the CFAA is intended to criminalize hacking and that Experian’s allegations of hacking were oblique at best, the court dismissed most of Experian’s claims under that statute.

Status of the case.  Because some of Experian’s common law causes of action and one of its CFAA contentions were not dismissed, discovery is proceeding. Experian Marketing Solutions, Inc. v. Lehman, Case No. 15:cv-476 (W.D. Mich., Sept. 29, 2015).

Background.  Experian is part of a world-wide marketing services conglomerate that collects and analyzes business data.  At the time he was laid off, Lehman was Experian’s executive vice president.  He was based in Grand Rapids, Michigan, and was authorized to access the company’s computer files.  As a condition of his initial hire, and again later in connection with settlement of a claim he brought against the company while still its employee, he executed non-compete, non-solicitation, and confidentiality agreements.  He allegedly violated those agreements and the CFAA by creating and operating Thorium and by downloading Experian’s confidential information (both while he was an Experian employee and after he was laid off) to a hard drive that company had provided to him.  He also was accused of violations by purportedly instructing three Experian employees, whom Thorium later hired, to provide him with data from Experian’s computers, and by erasing all information on Experian’s hard drive before returning it.

Broad and narrow interpretations of the CFAA.  Federal courts are divided on the meaning of the phrases “[access] without authorization” and “exceeds authorized access” as used in the CFAA with respect to computers.  Four courts of appeal have interpreted the statute broadly, ruling that the purpose for accessing a computer is relevant in determining whether access was authorized.  Two federal appellate courts disagree.

The Sixth Circuit Court of Appeals.  The Sixth Circuit has not ruled definitively as to the meaning of those statutory phrases.  However, that court seemed to signal that it favored the majority position when it wrote, in a 2011 decision (quoting from a 2009 Ninth Circuit opinion), that “an individual who is authorized to use a computer for certain purposes but goes beyond those limitations . . . has exceed[ed] authorized access.”  Pulte Homes, Inc. v. Laborers’ Int’l Union of N. Amer., 648 F.3d 295, 304.

The ruling in Experian.  Concluding that the Sixth Circuit has not weighed in definitively on the meaning of “authorized” as used in the CFAA, and that the quote from Pulte Homes is mere dicta, the district court found the minority interpretation to be the most satisfying.  Since Lehman was “authorized” to access Experian’s computers when he downloaded its confidential data before he was laid off, the court held that the CFAA was not violated regardless of what he did with the data.  Similarly, the court ruled that the defendants did not violate the statute by obtaining, from three Experian employees who had “authorization” to access its computers, the company’s proprietary secrets after Lehman was terminated.  Although his continued use of an Experian computer after he was terminated clearly was not “authorized,” such use was held to be not actionable under the CFAA because Experian failed to allege that he or Thorium thereby obtained anything of value.

One of Experian’s CFAA claims was not dismissed.  The allegation that Lehman caused “impairment to the integrity or availability of data” by wiping the hard drive clean before returning it was held to state a statutory violation.

Takeaways.  A CFAA claim for unauthorized use of a computer not based on hacking is likely to be dismissed in the Fourth and Ninth circuits.  Four other Courts of Appeal — the First, Fifth, Seventh and Eleventh — disagree, holding that the CFAA also prohibits accessing a computer for an unauthorized purpose even though the user has authority to use the computer.  Individual district court judges in the circuits that have not ruled have reached varying decisions on this issue.  Eventually, either Congress must amend the statute to resolve this inconsistencies or the U.S. Supreme Court may be asked to do so.  In the meantime, litigants and their counsel can only guess how those circuit courts which have yet to decide, and the district courts in those circuits, will rule.