R. Milligan, K. Kappes, T. Nelson Contributed to California Trade Secrets Book

Posted on December 14, 2009 by Erika Birg

Our own Robert Milligan, Kurt Kappes, and Timothy Nelson contributed a chapter, "Trade Secret Audits and Protection Plans," to the November 2009 update of the Continuing Education of the Bar's Treatise Trade Secrets Practice in California. Robert also co-authored a second chapter entitled "Litigation Issues." The book is the preeminent treatise in California on trade secret law, and it is cited by practitioners and courts for its reasoning on trade secret issues.

In Robert, Kurt, and Tim's chapter on trade secret audits, the authors recommend that "companies should ensure that they have adequate trade secret protections in place by conducting a thorough analysis of their protections through a formal trade secret audit." The authors also note that "Experience has shown that companies gain tremendous value by taking a proactive, systematic approach to assessing and protecting their trade secret portfolios through regular trade secret audits."

Robert's litigation chapter identifies issues in trade secret misappropriation cases from the perspective of both the trade secret owner and the accused misappropriator. In analyzing litigation procedure, the chapter identifies preliminary issues, pretrial motions, trial issues, and post-resolution issues. The chapter also addresses other remedies against trade secret misappropriation not based on the Uniform Trade Secrets Act (UTSA). The relationship of trade secret protection under the UTSA and protection under other state and federal statutes is also discussed.

Tags: , ,

The Ninth Circuit Holds that "Authority" Requirement Prevent Employer From Bringing Computer Fraud and Abuse Act Claim Against Former Employee

Posted on September 21, 2009 by Carolyn Sieve

In a recent decision, the federal Ninth Circuit Court of Appeals joined a growing number of federal courts that have limited the use of the Computer Fraud and Abuse Act ("CFAA") in suits brought against former employees accused of taking data from a company’s computer system before leaving the company.

In LVRC Holdings LLC v. Brekka, Case No. 07-17116, 2009 WL 2928952 (9th Cir. September 15, 2009), the Court held that an employer could not maintain its claim under the CFAA, 18 U.S.C. § 1030, against a former employee accused of e-mailing company property to his personal e-mail account because the employer could not establish that the former employee accessed its computer system “without authorization” or “in excess of authorization,” causing a loss. The employee argued that he was authorized to access the computer system in connection with his job duties, and was, therefore, authorized to access the computer system. 

In its opinion in Brekka, the Ninth Circuit explicitly rejected the Seventh Circuit Court of Appeals’ reasoning in International Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2006) (Judge Posner, presiding), in which the Seventh Circuit held that a defendant employee’s authorization to access his employer’s computer files terminated when he violated his duty of loyalty to his employer.

Concluding that “[n]o language in the CFAA supports [plaintiff’s] argument that authorization to use a computer ceases when an employee resolves to use the computer contrary to the employer’s interest,” the Ninth Circuit switched the focus of inquiry from the former employee’s motive to an objective standard: What actions did the employer take to define what was authorized access and what was not? “If the employer has not rescinded the defendant’s right to use the computer, the defendant would have no reason to know that making personal use of the company computer in breach of a state law fiduciary duty to an employer would constitute a criminal violation of the CFAA.” 

In Brekka, plaintiff allowed its employee to e-mail company documents to his personal computer in the course of his duties. In addition, plaintiff promulgated no employee guidelines to prohibit employees from e-mailing company documents to personal computers. These were facts fatal to its CFAA claim and may provide a basis to distinguish subsequent cases where employers attempt to assert CFAA claims against former employees accused of e-mailing company information to their personal accounts, provided that they have clear policies prohibiting such activities.

The Brekka Court held “that a person uses a computer ‘without authorization’ under §§ 1030(a)(2) and (4) when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone’s computer without any permission), or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.” 

The Brekka decision is a wake-up call to employers to take measures to define for their employees the type of computer activity that is permissible (and impermissible) so that the employers can, to the extent allowable, avail themselves of a CFAA claim.

Tags: , , , , ,