For many companies, trade secrets are a core business asset. Things such as customized bidding software, methods to perform work faster, secret recipes, computer algorithms, customer lists, and a wide variety of other items can all, under the right circumstances, qualify as trade secrets. Yet, despite the importance of trade secrets, they appear to be more at risk than ever before. As a recent article from Corporate Counsel reported, “U.S. companies own an estimated $5 trillion in trade secrets, roughly $300 billion of which are stolen every year.”
Many factors are at play – from the increased use of computers, smart phones, tablets, USB drives, and other electronic devices, to the ease of employee mobility – and contribute to increased risk of trade secrets being stolen. This reality was recently underscored by the repeated public disclosure of emails Russian hackers allegedly stole from the Democratic National Committee during the recent presidential election. The risk of computer hacking is significant enough that in a recent survey carried out by Vanson Bourne, 400 Chief Information Officers (“CIOs”) from large companies in the U.S., the UK, and Germany claim that they are “losing the battle against cybercriminals.” Some of the “key results” from the survey include:
- 60% of CIOs surveyed feel they are losing the battle against cybercrime;
- 85% say that end users – human beings – are the weakest link in security, ignoring or forgetting the education, policies and procedures enterprises have put in place to prevent risky behavior;
- 68% believe that because attackers have become more sophisticated, endpoint security tools are less effective.
Of similar concern is a 2012 global survey published by the security firm Symantec, which found that when employees leave a company, regardless of whether they voluntarily resign, are terminated, or laid off, approximately 50% “steal corporate data and don’t believe it’s wrong” and 40 % “plan to use the data in their new jobs.” The survey covered thousands of employee responses in countries such as the United States, the United Kingdom, France, Brazil, and Korea.
In light of the above, it is unsurprising that statistics from an often cited study conducted in 2010 and published in the Gonzaga Law Review explained that: “trade secret cases doubled in the seven years from 1988 to 1995, and doubled again in the nine years from 1995 to 2004. At the projected rate, trade secret cases will double again by 2017.” Those statistics are even more significant than they sound because until last year, trade secret law was primarily based on state laws, which meant that many trade secret cases had to be filed in state courts, and accordingly were not considered in the study.
Given the increasing rise in the danger that trade secrets will fall into the wrong hands, it is more important than ever that companies proactively deal with such issues on a regular basis. New tools and strategies continue to be made available, but their effectiveness is frequently dependent on companies taking actions and adopting policies in advance.
Trade Secret Tools Every Company Should Keep In Mind
In 1979, the Uniform Trade Secrets Act (“UTSA”) was first published. Since then the District of Columbia, Puerto Rico, the U.S. Virgin Islands, and 48 states have adopted a version of the UTSA. The only states not to adopt the UTSA are New York and Massachusetts.
Most versions of the UTSA offer a variety of remedies to stop the misappropriation of trade secrets. The most important are: injunctive relief, which allows a court to order a person or company to immediately stop using trade secrets and to return all copies to their rightful owner; monetary damages for lost sales and other harm, which in egregious cases can be doubled; and awards of attorneys’ fees. However, because these laws are adopted at the state level, lawsuits based on UTSA violations must be filed in state court, not federal court, unless the parties involved are from different states. So, for example, if a company wishes to sue a former employee or a competitor for misappropriating trade secrets under the UTSA, state courts are the only venue unless the former employee and/or competitor are citizens of different states than the company filing the lawsuit.
In May of 2016, however, President Obama signed into law the Defend Trade Secrets Act of 2016 (“DTSA”), which for the first time established laws governing the theft and misappropriation of trade secrets that apply nationwide and allow lawsuits to be filed in federal courts. This can provide key advantages since federal lawsuits often progress more quickly than state actions, and materials can be subpoenaed from third parties more easily in a federal lawsuit.
The DTSA is similar to most states’ version of the UTSA, but contains some important differences:
- The DTSA, unlike the UTSA, allows for ex parte orders – meaning orders issued without advance notice to the other parties in a lawsuit – to seize trade secret materials, such as electronic files, confidential documents, computer drives, or new product samples. 18 U.S.C. § 1836(b)(2)(a)(i) provides in relevant part that:
Based on an affidavit or verified complaint satisfying the requirements of this paragraph, the court may, upon ex parte application but only in extraordinary circumstances, issue an order providing for the seizure of property necessary to prevent the propagation or dissemination of the trade secret that is the subject of the action.
- The DTSA provides individuals with immunity from civil and criminal prosecution if they disclose a trade secret in confidence to a federal, state, or local government official, or an attorney: “solely for the purpose of reporting or investigating a suspected violation of law,” or the disclosure “is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.”
- The DTSA requires that in “any contract or agreement with an employee that governs the use of a trade secret or other confidential information” an employer must give notice of the immunity provision described above. Employee is defined broadly to include employees, contractors, and consultants. Notice can be either given specifically in an agreement, or by “cross-reference to a policy document provided to the employee that sets forth the employer’s reporting policy for a suspected violation of law.” If no disclosure is given, the employer cannot recover attorneys’ fees or exemplary (double) damages in a lawsuit against the employee who did not receive notice.
- The DTSA protects against plaintiffs being forced to disclose their trade secrets to the general public in litigation by allowing plaintiffs to file information about their trade secrets “under seal,” which prevents public access of the information. Further, the statute provides that filing trade secret information under seal “shall not constitute a waiver of trade secret protection unless the trade secret owner expressly consents to such waiver.”
- The DTSA does not allow injunctions based on the inevitable disclosure doctrine – which is consistent with California law that generally prohibits non-compete agreements – and as such cannot be used, for example, to stop a former employee from simply accepting a new job because the former employer is afraid trade secrets the former employee has in her head might be used in her new job.
In addition to the UTSA and the DTSA, employers should also keep in mind laws such as: the Computer Fraud and Abuse Act, which governs unauthorized access to computers; the Economic Espionage Act of 1996; and state and federal RICO laws.
What To Look For In Your Annual Check Up
Given the changes in trade secret laws, as well as the rapidly expanding manner in which trade secrets can be stolen, companies would be well advised to have a plan in place to deal with such issues before they arise, and to update the plan on an annual basis. Examples of things to consider include the following:
- Is the UTSA or DTSA a better option? Considerations include: whether state or federal courts in your jurisdiction offer quicker trial dates; whether you want to ask for an immediate ex parte order to have something seized; specific state law remedies that might exist; the extent to which the trade secret has already been disclosed; and whether you made appropriate disclosures to employees regarding the DTSA.
- Have your employment and other vendor contracts been updated to include DTSA disclosures?
- Have you spoken to your insurance broker about adding to or updating your cyber insurance in the last year?
- Have you involved your IT department in developing plans to detect intrusion into your computer network, and how to respond if one is detected? Do you have an electronic forensic expert ready to conduct an investigation if one is needed?
- Do you have policies in place to: (1) terminate employee logins when they leave; (2) make sure no copies of sensitive documents leave with departing employees; and (3) prevent current employees from downloading sensitive materials onto personal electronic devices?
- Do you have clear policies for employees when using computers and trade secret information in physical form, and do you provide employees with education to make sure they remember to follow such procedures?
If your answer to any of the above questions is “no,” you should seriously consider consulting the appropriate professionals to develop a plan or update your policies and procedures. The costs of protecting yourself in advance are nearly always far lower and less painful than a lawsuit.
Trade secrets can be one of the most important assets a company owns. With advance planning, they can be important weapons in being as successful as possible.