Update Your Confidentiality Agreements and Policies *Now*

Tidea netheft of trade secrets by rogue employees is frighteningly common. When employees leave or lose their jobs, about half “steal corporate data and don’t believe it’s wrong” and forty percent “plan to use the data in their new jobs,” according to a 2012 global survey published by Symantec, a security firm. The survey was based on responses from thousands of employees in the United States, United Kingdom, France, Brazil, China, and Korea.

To help businesses crack down on trade secret theft, on Wednesday President Obama signed the Defend Trade Secrets Act of 2016. When someone willfully and maliciously steals another’s trade secrets, the Act gives the trade secret owner a powerful weapon: a right to seek exemplary damages and attorney’s fees. Exemplary damages may be up to twice the amount of the damages that may be awarded under the Act.

But if the trade secret owner is an employer and the thief is an employee, contractor, or consultant, there is a special requirement to preserve the employer’s right to exemplary damages and attorney’s fees. The employer must have given them notice of a subsection of the Act relating to immunity. Continue Reading

Obama Signs Federal Trade Secret Act

Today, President Obama signed the Defend Trade Secrets Act (DTSA) into law. The DTSA amends the existing Economic Espionage Act that was previously limited to criminal cases on behalf of the Department of Justice. The DTSA now allows companies to pursue trade secret claims in federal court under federal law. A copy of DTSA can be found here.

House Passes Federal Trade Secrets Bill

downloadWe recently reported that the U.S. Senate passed the Defend Trade Secret Act (“DTSA”), which would create a federal private cause of action for trade secret theft.

This week was the U.S. House of Representatives turn. The House overwhelmingly voted to approve the DTSA by a margin of 410-2. The bill is now headed to President Obama, whose administration has indicated strong approval.

And the Obama administration is not alone in voicing support. The Under Secretary of Commerce for Intellectual Property was vocal in praising the bill, as were corporations like Microsoft and General Electric and lobbying groups like the U.S. Chamber of Commerce, who issued a statement “urg[ing] President Obama to sign this legislation into law as soon as possible.”

We will continue to update you with any new developments and will also begin a new series of posts analyzing important aspects of the new legislation.

Federal Trade Secrets Bill Passes Senate

200px-US_senate_sealOn Monday, the Senate unanimously passed the Defend Trade Secrets Act (“DTSA”) — a bill that would allow companies to pursue trade secret theft through civil litigation in federal court. This long-awaited measure is a major step towards elevating trade secrets to the level of federal protection enjoyed by the other intellectual property, such as patents, copyrights, and trademarks. Currently, if companies want to sue for trade secret theft, they are generally relegated to state courts where there is a patchwork of inconsistent laws modeled after the Uniform Trade Secrets Act (“UTSA”). The DTSA would create a uniform standard for trade secret misappropriation and provide companies with pathways to injunctive relief and monetary damages to preserve evidence, prevent disclosure, and account for economic harm suffered from misappropriation.

The Legislation.  The DTSA would authorize a private civil action in federal court for the misappropriation of a trade secret that is related to a product or service used in, or intended for use in, interstate or foreign commerce. The proposed legislation defines “misappropriation” consistently with the UTSA, and provides for similar remedies, including injunctive relief, compensatory damages, exemplary damages and attorneys’ fees for willful or malicious cases of misappropriation. But the DTSA also differs from the UTSA in several important aspects that could greatly assist companies.  Most importantly, the DTSA provides a direct avenue for companies to use the federal court system to protect trade secrets. The DTSA also provides preemptive measures that companies may utilize to preserve evidence, and to thwart dissemination or theft before it occurs. For instance, companies who suspect that the confidentiality of their trade secrets may be compromised could apply for an ex parte order that allows the government to seize its trade secrets before giving any notice of the lawsuit to the defendant. This seizure protection goes well beyond what courts are typically willing to order under existing state and federal law. The DTSA’s statute of limitations period is also five years, as compared to just three under the UTSA. Additionally, the DTSA allows for treble exemplary damages and, unlike the UTSA, contains no language preempting other causes of action that arise under the same common nucleus of facts.

The Implications. Of the four types of intellectual-property rights — copyrights, trademarks, trade secrets, and patents — trade secrets are unique. Trade secrets are not registered with any federal agency, and companies currently have no direct avenue to protect them under federal law through civil litigation. The DTSA addresses these unique qualities by opening the doors of federal courts to companies looking to protect what they consider to be valuable trade secrets. If the House and Senate come together on final legislation, it would be the federal government’s most aggressive response to trade secret theft. We will keep you updated as the DTSA moves to through Congress and the White House.

“Cannibal Cop” Decision Deepens Circuit Split On Federal Hacking Statute

imagesProsecutors and employers take notice — one of the most robust, wide-reaching tools against computer fraud and abuse could be blunted. The Second Circuit recently joined the Fourth and Ninth circuits in narrowly interpreting the Computer Fraud and Abuse Act (CFAA) in United States v. Valle, 807 F.3d 508 (2d Cir. 2015). Valle, an ex-cop, was convicted of using his access to police databases to aid his gruesome plot to kidnap, torture, and eat a woman, but the Second Circuit overturned that conviction based on its reading of the CFAA. While the Valle case made lurid headlines in the New York press, it has further reaching consequences for the CFAA. The decision deepens the circuit split against the First, Fifth, Seventh, and Eleventh circuits, which give prosecutors and employers more room to bring claims under the CFAA with a broader interpretation of the act.

At stake is the ability of prosecutors and employers to use the CFAA for a common fact pattern in both criminal and civil actions under the statute — when an employee uses his work computer to access information that he is otherwise permitted to access for a non-work purpose in contravention of company policy. The Second Circuit’s Valle decision joins the Fourth and Ninth circuits to say that the CFAA cannot be used for this purpose and is actually meant to only cover traditional hacking activity. On the other side, the First, Fifth, Seventh, and Eleventh circuits still permit a prosecutor, or an employer in a civil CFAA case, to use the act when an employee improperly uses his company access for a non-work purpose.

With a 4-3 circuit split, the stage is set for a potential review by the U.S. Supreme Court. Internet scholars, criminal defense lawyers, and employers have already been filing amicus briefs at the appellate level, arguing both sides of the issue. And all of it turns on the interpretation of a single phrase – what does “exceeds authorized access” mean under the CFAA?

Continue Reading

Sixth Circuit Highlights Importance of Non-Disclosure Agreements

confidentialThe Sixth Circuit recently held that an employer’s “playbook” was protected from disclosure and use, even if the business information was not a “trade secret.” (Orthofix, Inc. v. Hunter, No. 15-3216 (Nov. 17, 2015))  Fortunately for Orthofix, its employment agreements included non-disclosure provisions. The Sixth Circuit found that those provisions protected more than just “trade secrets” and that the former employee breached his contractual obligations by disclosing Orthofix’s confidential business information to a competitor.

Background. Orthofix sells medical devices and hired Eric Hunter as a salesman for its bone growth simulators. Hunter signed an employment agreement that included non-compete and non-disclosure provisions. Orthofix assigned Hunter to a specific territory, where he developed customers and acquired detailed information about doctors’ schedules, idiosyncrasies, and medical device preferences. After nearly 12 years of employment, Hunter and another Orthofix employee (Bob Lemanski) began to negotiate employment with an Orthofix competitor. A plan was developed for Hunter and Lemanski to work for the competitor while avoiding non-competed issues: Hunter would stop selling devices to customers he previously serviced after introducing them to Lemanski, and Lemanski would do the same with his customers. Hunter also disclosed Orthofix’s “playbook” to the competitor — including Orthofix’s customer lists, wholesale price information, sales data, staff contacts, physician schedules and preferences, and physicians’ prescribing habits. Hunter also drew on his “knowledge” about customers’ prescribing habits, schedules, and contact information when introducing the competitors’ representatives to these customers.

District Court Decision. Orthofix sued Hunter for misappropriating trade secrets and breaching his employment agreement’s non-disclosure provisions. The suit was pending in the U.S. District Court for the Northern District of Ohio, where a bench trial was eventually held. The district court dismissed the claims, finding that Hunter was not liable because Orthofix did not protect its trade secrets with reasonable measures and because the non-disclosure provision was an unenforceable non-compete agreement that prohibited Hunter from using general skills and knowledge.

Sixth Circuit Decision. The Sixth Circuit overturned the district court’s decision. Its opinion began with a discussion about the “three separate categories of business information” — trade secrets; contractually protected information; and general skills and knowledge. The Sixth Circuit ultimately held that the district court erred by confusing “Orthofix’s contract claim against Hunter for disclosure of ‘confidential information’ with a claim for misappropriation of trade secrets.” The Sixth Circuit held that Orthofix’s non-disclosure provision protected information that may not qualify as a trade secret and that went beyond Hunter’s “general skills and knowledge.” In holding that Hunter breached his employment agreement, the Sixth Circuit also held that the non-disclosure provision’s scope did not transform it into an unenforceable non-compete agreement, as Hunter did not rely on his “general skills and knowledge” when using and disclosing Orthofix’s “playbook.” The Sixth Circuit remanded the case for the district court to calculate damages, which Orthofix’s expert valued at $1,623,877 in lost profits.

Take-Away. This decision should prompt all employers to confirm that they have non-disclosure agreements in place. If drafted properly, these agreements can provide substantial protection, even if the business information does not technically qualify as a trade secret.


The Donald Offers A Lesson To Trade Secret Litigators

This may come as a shock. But Donald Trump has unwittingly offered trade secret litigators a teachable moment. It arose in his recent squabble with fellow presidential hopeful Senator Lindsey Graham. After Trump mocked Senator John McCain for being a POW, Graham told CNN that Trump was “becoming a jackass” and later called Trump “the world’s biggest jackass” on “CBS This Morning.” Trump unsurprisingly escalated the bickering. During a campaign speech, Trump called Graham a “lightweight” and an “idiot”—and then disclosed Graham’s personal cell phone number, encouraging his supporters to “give it a shot.” After the phone was inundated with calls and texts, Graham responded by letting us know what he planned to do with the phone (my personal favorite is the Red Bull shake):

So what does this have to do with trade secret cases? Defendants may experience a Grahamesque reaction when they suspect that a trade secret case is brewing. That is, get rid of the phones—or computers, flash drives, email accounts, etc.—as soon as possible and before we’re sued. But litigators on both sides of a trade secret dispute must ensure that Graham’s instructional video is not followed. Especially since these devices and accounts often hold the central evidence for the plaintiffs and defense.

Counsel for trade secret plaintiffs need to act immediately. As soon as a client alerts you to potential trade secret concerns, you should notify the potential defendants and their counsel about not only your client’s underlying trade secret concerns but also the obligation to preserve their devices and accounts and the information stored on them. You don’t want defendants to claim that they discarded devices without realizing the need to preserve them. The notification letter should trigger their obligation to preserve evidence and will be exceedingly helpful if they don’t. A court considering a spoliation motion can rely on your notification letter to determine when the obligation to preserve evidence arose and whether the evidence was destroyed intentionally.

And this is exactly what you don’t want to face as defense counsel. A plaintiff’s successful spoliation motion will often lead to a victory on the underlying claim. So you don’t want your client accused of spoliation or to be faced with the challenge of trying to convince a judge or jury that the destruction of evidence was accidental, understandable, or not as bad as it seems. It’s thus imperative to instruct your clients as soon, as clearly, and as often as you can. They can’t take Senator Graham’s lead. Meat cleavers, blenders, golf clubs, lighter fluid, samurai swords, and baking ovens are off limits. The devices, accounts, and information stored on them must be preserved. If not, the likely consequence is that—unlike Senator Graham—your clients won’t have the last word—and may in fact be deprived of the right to defend themselves entirely.

The Donald has given us a chance to revisit how important it is to communicate early and often about preserving evidence in trade secret disputes. Just as he intended.

Time To Review Your Non-Competes

timeCompanies with employees across multiple states face an administrative challenge. How do they ensure that their non-compete programs remain up to date with the various states law requirements for enforcement? Four states have recently passed legislation that reinforces the importance of addressing this question. The highlights below from the changing non-compete landscape should prompt companies to review their current non-compete programs and discuss strategies for ensuring that their non-competes comply with any new state laws that may affect their enforcement.

Arkansas Reforms. Arkansas’s new non-compete law takes effect on August 6, 2015, and provides non-compete drafters with some stress relief. Previously, Arkansas courts refused to reform non-competes that were overly broad. But now, the Arkansas legislature has stepped in, specifically instructing that courts “shall reform” overly broad non-competes so that they are reasonable with restraints “not greater than necessary to protect the protectable business interest.” Arkansas employers can now be more aggressive when drafting their non-compete’s geographic scope.

Hawaii Bans. Hawaii recently passed legislation banning non-competes and non-recruitment agreements within “technology businesses”— essentially, for software developers. This new law took effect on July 1, 2015, and unlike the Arkansas law that requires courts to enforce more non-competes, the Hawaii legislature found that these agreements do more harm than good within the software space. And it turned to academic studies as support: “Hawaii has a strong public policy to promote the growth of new businesses in the economy, and academic studies have concluded that embracing employee mobility is a superior strategy for nurturing an innovation-based economy. In contrast, a noncompete atmosphere hinders innovation, creates a restrictive work environment for technology employees in the State, and forces spin-offs of existing technology companies to choose places other than Hawaii to establish their businesses.” The Hawaii legislature also noted that technology businesses already receive trade secret protections through other state laws and that enforcing non-competes would allow duplicative relief. Many Hawaiian employers would likely disagree–but the act is now law.

New Mexico Aids. New Mexico’s new law became effective July 1, 2015, and allows doctors and healthcare practitioners to avoid non-compete restraints in employment contracts. But the New Mexico legislature pointed out that the law does not affect other clauses in these types of employment contracts, including non-disclosure covenants; liquidated damage clauses; and requirements to repay a loan, relocation expenses, signing bonuses, or educational expenses for doctors and practitioners who resign within three years of employment. So while doctors may not be restricted from competing, they still can be required to pay to compete.

Alabama Clarifies. Alabama repealed its old non-compete law and replaced it with a new one that will become effective January 1, 2016. Like the old law, the new one prohibits non-competes that do not preserve a “protectable interest.” But unlike the old law, the new law defines the types of interests that a non-compete can protect. The act limits the potential “protectable interests” to the following five categories: trade secrets; confidential information; commercial/customer relationships; good will; or specialized and expensive employee training. But the new law not only provides employers with some clarity on what is required, it also alleviates previous burdens of proof. Whereas employers were required to prove that the non-compete would not cause undue harm—now—the employee must prove undue harm before that affirmative defense will be applied. Not all aspects changed, though. The new law, for instance, still bans non-competes for professionals like doctors, lawyers, and accountants.

*             *            *            *           *

These brief highlights demonstrate that non-compete laws remain fluid. Whether through court decisions or state legislatures, these laws are subject to change—which can cause unexpected consequences for employers overly confident in their non-compete’s validity. Companies should, at least, implement a policy to routinely confer with their counsel about whether their current non-competes still comply with current state laws.

A Trade Secret Reminder — Take “Reasonable Steps”

White PaperThe Center for Responsible Enterprise and Trade (CREATe.org) just released a new White Paper“Reasonable Steps” To Protect Trade Secrets: Leading Practices in an Evolving Legal Landscape. It’s a must read for companies grappling with how best to protect and manage their trade secrets.

We have discussed a previous CREATe report that discussed the devastating economic effect that trade secret theft and misuse can have on a company’s profits, market share, and reputation. But this new White Paper provides concrete, practical advice on how companies can protect their trade secrets and potentially prevent trade secret theft.

In the US, a company must take “reasonable steps” to protect the secrecy of their business information for it to qualify as a “trade secret.” CREATe succinctly summarizes the consequences if “reasonable steps” are not implemented:

Aside from the practical usefulness of implementing “reasonable steps” to prevent trade secret theft and misuse, taking such steps can also have crucial legal significance. Where the legal definition of trade secrets includes a “reasonable steps” or similar requirement, a court can find that a company’s information is not a trade secret if such steps are not taken. Failing to take adequate precautions to protect such information can preclude a company from getting any legal redress if the worst happens and unauthorized disclosure or use of the information takes place.

And that’s where this paper offers value. It recommends an eight-part strategy of leading practices to ensure that companies are taking “reasonable steps” to protect their trade secrets. We have highlighted some of the most salient recommendations for each category:

Policies, Procedures, and RecordsIt should go without saying that companies should have confidentiality policies to protect information. But CREATe recommends that companies should also institute procedures to ensure the policies are being disseminated and followed—and that there are records to demonstrate this compliance. This can include using confidentiality clauses in contracts with employees, contractors, vendors, etc.; using NDAs with customers or potential business partners; and creating inventory of trade secret activity.

Security and Confidentiality Management. Companies should limit trade secret access on a “need to know” basis and should design “reasonable” ways to restrict this access. IT personnel should be involved in the strategy to ensure that information is stored on a company’s computer networks with the appropriate database and shared-drive restrictions.

Risk Assessment. Before companies can assess their “reasonable steps,” they must first identify what their trade secrets are, where the trade secrets are located, and who has access to the trade secrets.  Essentially, CREATe recommends that companies should conduct a trade secret audit so that a “risk mitigation plan” can be implemented to hopefully prevent trade secret theft.

Third Party ManagementBefore disclosing trade secrets to a contractor, client, or customer, companies need to make their policies known—”upfront and regularly”—and require NDAs and confidentiality terms where possible.

Information Protection TeamCREATe recommends that companies should consider developing a committee with oversight responsibilities for the company’s trade secret protections.

Training and Capacity BuildingCompanies need to create a corporate culture that emphasizes the importance of trade secret protections. This should begin during on-boarding and continue throughout the employees’ tenures, with specialized training for IT personnel and other executives with access to the most valuable business information.

Monitoring and MeasurementCREATe recommends annual or even more regular reviews of the company’s trade secret protection program, which should include a rating system to assess the effectiveness of the program and to address potential weaknesses.

Corrective Actions and ImprovementsCompanies must have a rapid response when it learns about potential trade secret theft. This should include a response plan that not only addresses the immediate theft or disclosure but also identifies the root cause, so that strategies can be developed—and added to the trade secret protection program—to prevent similar breaches from reoccurring.

U.S. Supreme Court To Review Fifth Circuit CFAA Decision

US Supreme CourtWe frequently discuss the Computer Fraud and Abuse Act (“CFAA”), which prohibits obtaining information from protected computers through unauthorized access or access that exceeds such authorization. Violating the CFAA can have serious consequences, as the statute carries both criminal and civil penalties. But must a defendant obtain information through unauthorized access and exceed authorized access? Ordinarily not. Yet the U.S. Supreme Court will soon consider this question. On June 29, 2015, the Court agreed to hear a criminal defendant’s appeal, in which he argues that federal prosecutors were required to prove both elements for his CFAA conviction.

The Conviction. Michael Musacchio was the president of Exel Transportation Services (ETS), a transportation brokerage company, until he resigned in 2004.  In 2005, Musacchio founded a competing company, Total Transportation Services (TTS), and then used independent agents to access ETS’s computer servers to obtain proprietary information. ETS’s new president began hearing rumors about a data breach and hired a forensic investigator, who uncovered what Musacchio was up to. ETS sued Musacchio, TTS, and others, and the parties ultimately settled the civil dispute for $10 million. But in 2010, the federal government indicted Musacchio for violating and conspiring to violate the CFAA the CFAA. The jury returned a guilty verdict, and Musacchio filed an appeal with the United States Court of Appeals for the Fifth Circuit.

The Conviction Affirmed. On appeal, Musacchio did not attack CFAA’s language, which is fairly clear: 18 U.S.C. § 1030(A)(2) prohibits one from obtaining information from a protected computer by accessing this computer without authorization or exceeding such authorization. Instead, Musacchio’s question was this. What happens when the trial court erroneously instructs the jury (without objection) that the underlying CFAA offense is defined as “to intentionally access a protected computer without authorization and exceed authorized access”?  Ordinarily, “an instruction that increases the government’s burden and to which the government does not object becomes law of the case.”  United States v. Jokel, 969 F.2d 132, 136 (5th Cir. 1992).  However, under Fifth Circuit procedure, that rule does not apply where (1) “the jury instruction…is patently erroneous and (2) the issue is not misstated in the indictment.”  United States v. Guevara, 408 F.3rd 252, 258 (5th Cir. 2005). On Musacchio’s appeal, the Fifth Circuit held that the indictment correctly set forth the standard and that the jury instruction was patently erroneous.  Musacchio v United States, No. 13-11294, slip op. at 5 (5th Cir. Nov. 10, 2014).

Before The Supreme Court. The Supreme Court likely agreed to hear Musacchio’s appeal to resolve a circuit split. Unlike the Fifth and First Circuits, the Eight and Tenth Circuits require the government to meet any standard imposed by a jury instruction when the government fails to make an objection. Though the Supreme Court likely will not resolve differing interpretations of the CFAA itself—such as the conflicting views on what it means to “exceed authorized access”—the Court will consider an interesting question that highlights the importance of the CFAA in modern trade secret cases and will likely resolve the circuit split on whether an erroneous jury instruction can become the standard when an the government fails to object.  Argument on this case is expected during the Supreme Court’s October term, and we will continue to monitor and report on any new developments in the case.