“Shark Tank” Shouldn’t Forget About Trade Secrets

I recently started watching Shark Tank on CNBC. For those who haven’t seen it, the concept is simple: entrepreneurs pitch “sharks”—prominent wealthy investors like Mark Cuban—in an effort to win funding, usually in exchange for equity in the company.

In the episodes I’ve seen thus far, many of the entrepreneurs are pitching companies that sell a single product. Inevitably, the sharks ask whether the company holds a patent. For those products that can be reverse engineered, that’s obviously a critical question. But I’ve noticed that the sharks don’t ask about trade secrets.

For example, I watched one episode where the entrepreneurs sold a disposable, single-use wipe that was designed to clean heavy grease. It was similar to the wet naps you get at a BBQ restaurant. They pitched it as a product to keep in your car. One of the sharks, “Mr. Wonderful,” wanted to know if they had a patent. When they said they did not, Mr. Wonderful decided not to invest.

Even without a patent, this company could have valuable trade secrets. For example, the wipes used concentrated citrus oil. It’s entirely possible that the company’s oil formula could be protected as a trade secret.

Companies need to be aware whether their proprietary information can qualify as a trade secret. That way, the company can take the actions necessary to protect that information. And when trying to raise funding, those trade secrets can be featured, alongside (or in lieu of) the company’s patents. Of course, make sure that the potential investors sign a nondisclosure agreement before providing them with nonpublic details about the trade secrets.

AZ Supreme Court: Trade Secrets Act Does Not Preempt Claims for Misappropriation of Confidential Info

I’ve previously written about the Uniform Trade Secrets Act’s (UTSA) preemption provision, which preempts tort and other claims providing civil remedies for trade-secret misappropriation. Yesterday, the Arizona Supreme Court held that the Arizona Trade Secrets Act (ATSA), which is based on the UTSA, does not preempt common-law claims for misappropriation of information that is not a trade secret.

In this case, the former president of a public relations firm was sued by that firm when she left to start a competing PR firm. The plaintiff PR firm brought a claim for unfair competition, which was based on the use of confidential information the defendant learned while working for the plaintiff. The trial court dismissed the claim, finding that the ATSA preempts claims arising from the misuse of confidential information, even where the information does not rise to the level of a trade secret.

The Arizona Supreme Court disagreed, relying primarily on the plain language of the ATSA. The court did acknowledge the fact that other states have held that these types of claims are preempted. In states where misappropriation claims based on non-trade-secret confidential information are viable, it is often advisable to bring both a trade-secrets misappropriation claim and an alternative (or independent) claim for misappropriation or conversion of confidential information.

This case contains one other point of note. The defendant argued that allowing claims for misappropriation of confidential information would result in an “absurd” result. She noted that a plaintiff could obtain more in punitive damages on the misappropriation claim than it could on an ATSA claim, which allows for exemplary damages of twice actual damages where the misappropriation is willful and malicious.

In response, the court offered very helpful language to a plaintiff seeking to prove exemplary damages under the ATSA:

That AUTSA authorizes a trial court, rather than a jury, to award exemplary damages of no more than twice the amount of actual damages . . . is not necessarily anomalous. In cases of willful and malicious misappropriation, punitive damages might be easier to obtain under AUTSA than under our common law, which requires clear and convincing evidence of a defendant’s “evil mind” for a punitive damages.

Since many misappropriation of trade secrets are based on willful conduct, this case may be worth citing when seeking exemplary damages.

 

Trade Secrets Summit — December 4-5, 2014

The American Intellectual Property Law Association’s Trade Secrets Committee will be presenting its Trade Secrets Summit this December 4-5, at Intel’s headquarters in Santa Clara, CA.

The Summit features a number of very interesting presentations, from judges, prosecutors/FBI agents, professors, and in-house and outside counsel. I will be moderating a panel debating whether Congress should pass a federal cause of action for trade-secrets misappropriation.

Registration costs $350 for AIPLA members and $695 for non-members, with discounts offered for in-house and governmental attorneys, and students. This includes 13 hours of CLE credits.

Sign up here. I hope to see many of you there!

 

Best Practices for Protecting Trade Secrets: Categories of Employee Contracts

This is the first in a series of posts addressing best practices for protecting trade secrets. I’m starting with employee/independent contractor contracts, which are one of the most important and effective ways to protect proprietary information.

Contracts are critical for multiple reasons. First, they inform your employees of their legal responsibilities. Second, it’s generally easier to prosecute a breach-of-contract claim instead of relying solely on a trade-secrets misappropriation claim. Third, a competitor that hires your former employee may be more likely to cut ties with that employee when presented with a cease-and-desist letter attaching a contract. Finally, requiring these types of agreements can help you win a misappropriation case, since their existence bolsters the argument that you reasonably protected your trade secrets (a prerequisite to establishing a trade secret under the Uniform Trade Secrets Act).

There are three general categories of contractual protections: confidentiality/nondisclosure, nonsolicitation, and noncompete. Remember that the law applicable to these contracts varies widely from state-to-state, so you need to consult with an attorney who can make sure your agreements comply with and will be enforced under the applicable law.

Confidentiality/NDA

This is the lowest level of contractual protection. It’s also the easiest to implement, since employees are less likely to push back when asked to sign a NDA. From a best-practices perspective, it’s worth at least considering whether to require that all employees sign a NDA. Even low-level employees may have access to some proprietary information. The trick is drafting the language in a way that best defines what precisely needs to be kept confidential. In particular, you need to decide whether to define “confidential information” broadly vs. specifically. Each comes with benefits and risks. Speak with a lawyer who can learn about your unique situation to determine what language best suits your business.

Nonsolicitation Agreements

A nonsolicitation agreement prohibits your employee from soliciting some or all of your current or prospective customers and/or employees once she leaves your company, for a certain period of time. These contracts offer an intermediate level protection, more than a NDA but not as much as a noncompete. It’s best to have all employees with access to proprietary customer information, or who have relationships with prospective/actual customers, sign a nonsolicitation agreement. Again, consult with an attorney who can help craft the scope of the restrictions to your company, based on the applicable law.

Noncompete Agreements

These agreements offer the highest level of protection, since they prohibit your employee from working for your competitors or in your industry, within a certain area and for a certain amount of time. Recently, there has been media coverage of corporate overuse of noncompete agreements. For example, Jimmy Johns took a lot of heat for having its sandwich makers sign noncompete agreements. This type of practice can turn off a judge.

There’s no question that noncompete agreements can be a powerful tool for protecting your proprietary information. But you should consider only requiring that key employees sign a noncompete agreement. The other contracts above may be sufficient to protect against misappropriation by lower-level employees.

You also need to think about the noncompete’s temporal and geographic scope. Depending on the law in your state, an overbroad agreement may not be enforceable. In Florida, where judges are required to narrow an overbroad agreement, I’ve seen judges soured towards employers that overreached when drafting the agreement. Generally, it’s best to limit the agreement the area in which you can prove you compete. An attorney can work with you to determine the proper scope.

Procedure

Deciding to require some or all of the above agreements, and having an attorney draft the agreements, is only the first step. Next, you need to make sure the agreements are actually signed and dated. Then, you need to make sure the signed agreements are properly maintained. You would not believe how often companies forget to have an employee sign or date the agreement. Or how often I’ve seen a company struggle to find the signed agreement when it became necessary to enforce it.

The key is to develop a protocol that can be repeated for each new employee. When the decision is made to hire a new employee, a designated person should be responsible for creating a checklist of all documents that she needs to sign. Of course, the checklist may be different for each employee. Either the person who creates the checklist or another designated person needs to be responsible for making sure all items on the list are actually completed. I recommend including on the checklist the signing, dating, and filing of all required contracts. The responsible person should sign the checklist once everything has been completed, and the checklist should be filed along with the signed documents.

If the contracts are to be signed electronically, your IT people need to set up the software so it will not allow a signature unless all mandatory clickwrap “boxes” are checked. If you are old school and the contracts are manually signed, I recommend keeping an electronic copy along with the original.

In future posts, I’ll discuss specific contractual provisions that should be included in these agreements, as well as best practices for contractual protections when dealing with third parties, like vendors, consultants, and joint-venture partners.

 

Data Breaches Increase Seven-Fold In One Year

According to a report by California’s attorney general, 18.5 million Californians were victims of cyber intrusions or data breaches in 2013. Remarkably, this was up from 2.5 million in 2012, a seven-fold increase. (Note that two major data breaches at Target and LivingSocial account for much of the increase.) A copy of the report is linked below, and this article summarizes the report.

The study breaks down the cause of the various breaches, with 53% caused by cyber incursions (e.g., hacking and malware), 26% arising from physical loss or theft, and the remainder coming from unintentional errors or deliberate misuse.

This report is yet another sign that the threat of data loss continues to increase dramatically. While the report focuses on breaches affecting consumer information, it has broader application to companies seeking to protect their proprietary information. Measures necessary to enhance data security and protect trade secrets overlap. Network security is at the heart of these efforts, and companies need to be willing to invest significant resources to keep their networks safe.

But network security is not the only area of concern. This report shows that the loss or theft of computers and other storage media presents another significant risk. For companies seeking to protect their trade secrets, this problem presents on various fronts. For example, companies need to make sure that company-issued computers, smartphones, and media have sufficient protections in case they are lost or stolen. Also, and more problematic, companies need to understand how their employees are using company documents and information on their personal devices. Similarly, companies need to keep tabs on how third parties, like vendors and consultants, are protecting shared proprietary documents.

I have frequently written about the need for companies to implement a trade-secrets policy. This policy would address these issues. For example, it could require that all proprietary documents are encrypted. And it could make sure that these documents are disseminated narrowly, to those employees who need them to do their jobs. For those companies that fail to implement and enforce necessary restrictions, the loss of proprietary information may be inevitable.

2014 California Data Breach Report

Recycled Passwords Can Trash Your Trade Secrets

Recently, a hacker posted a number of usernames and passwords for Dropbox. Considering how many companies are now using Dropbox and other cloud-based providers to share documents, this is obviously a problem. But it does not appear that Dropbox itself was hacked. Instead, as noted by this Slate article, the hacker likely targeted smaller sites with weaker security:

The most likely source of the information is a third-party site that had poor security. Hackers know that most internet users re-use their passwords, so they often target smaller apps made by amateur developers. These easy targets have poor security — so usernames, passwords or files may be stored in a way that’s easy for hackers to steal them.

In other words, most people use the same passwords across multiple sites. Including your employees. This is a BIG problem. Forgive the cliché, but password protection is only as good as the weakest link in the chain. You can spend millions of dollars protecting your network and proprietary information. But if another site where your employees have accounts is hacked, and your employees use the exact same passwords there as they use for your network, your network and information is at risk.

I cannot overstate the importance of making sure that your employees don’t use the same password for your system that they use for other sites. You need to make employees aware of this rule, and strictly enforce it. One option is to create passwords for your employees instead of allowing them to create their own. And change the passwords routinely. Also, as biometric technology develops and becomes more affordable, it presents another option.

There’s a reason we all use the same passwords across multiple sites: it makes life easier. But you need to ensure that your employees don’t allow their convenience to threaten your company.

Are Your Smartphone Apps Leaking Your Trade Secrets?

As the online world shifts increasingly to mobile devices, new and unexpected threats to your company’s proprietary information emerge. Many apps on your smartphone contain in-app internet browsers. For example, when you open the twitter app, you can click on links within tweets, which you will then view in twitter’s in-app browser.

This blog post by web developer Craig Hockenberry shows that in-app browsers on iPhones and iPads have a serious security flaw: the app can record your keystrokes. Thus, any sensitive information entered in the in-app browser can be recorded by the app. So, for example, if one of your employees uses an in-app browser to send an email containing your proprietary information, that information could be at risk.

Hockenberry has a simple recommendation for avoiding this problem:

You should never enter any private information while you’re using an app that’s not Safari. An in-app browser is a great tool for quickly viewing web content, especially for things like links in Twitterrific’s timeline. But if you should always open a link in Safari if you have any concern that your information might be collected. Safari is the only app on iOS that comes with Apple’s guarantee of security.

Problems like this are hard to predict, since technology is changing so rapidly. The best way to avoid unexpected security risks is to implement a trade-secrets policy that restricts the manner in which your proprietary information can be circulated.

Will the “Internet of Things” Be A Nightmare for Trade Secrets?

I’ve been on a bit of a hiatus from posting over the past couple of weeks, during which I had a bench trial on a trade-secrets injunction. Since that case is still pending, I’m not going to write about it just yet.

Today, let’s look at the so-called “internet of things” — the increasing number of household, business, and other objects that are now internet enabled. I love being able to access things like my home alarm and thermostat remotely via my iPhone. And there’s no question that the “internet of things” will be growing exponentially in the near future. But does this present a threat to trade secrets and proprietary information?

A recent blog post by Michael Jordon shows the risks. He exposed security weaknesses in internet-enabled printers by getting a Cannon Pixma wireless printer to run the classic video game “Doom.”

The post contains a lot of technical details. But most importantly, his exercise shows that internet-enabled printers lag far behind traditional network devices when it comes to security. This is critical: if someone can hack into your company’s printers, they could have access to all of the documents that were printed.

Jordon’s organization recommends avoiding the internet of things entirely:

Context recommends that you do not put your wireless printers on the Internet, or any other ‘Internet of Things’ device.  To defend against the CRSF [cross-site request forgery] attack, well don’t follow any dodgy links is the best advice I can come up with.  Context is not aware of anyone in the wild actively using this type of attack, but hopefully we can increase the security of these types of devices before the bad guys start to. Finally, make sure that you always apply the latest available firmware to your devices. This is often not an automatic process and may require checking on the manufacturer’s website for updates.

As time goes on, it will be very difficult, if not impossible, to avoid using the “internet of things” in a business context. When you do connect devices to the internet, assume that they have security vulnerabilities. Thus, before connecting the device to the internet, you need to work with your IT department/consultants to make sure that it has adequate security features.

 

Law Professors Oppose Federal Trade Secrets Acts, Ignore Their Benefits

I’ve written about the Defend Trade Secrets Act and the Trade Secrets Protection Act previously. I’ve expressed enthusiastic support for these laws, which have bipartisan and widespread corporate backing. Today, 31 law professors issued a letter opposing these proposed statutes. Their harsh critique ignores clear benefits and overstates the statutes’ risks.

These professors’ thesis is explained at the end of the letter: “[T]he Acts are dangerous because the many downsides explained above have no—not one—corresponding upside.”

This statement and attitude ruins the letter’s credibility. These statutes have real, concrete benefits. They provide for federal jurisdiction, allowing for federal magistrates—experts in e-discovery—to oversee the complicated e-discovery issues often attendant to trade-secrets-misappropriation cases. They would allow for a uniform national trade-secret-misappropriation standard, thereby providing companies with greater certainty regarding enforcement. And the provision creating the most controversy, the ex parte seizure provision, will reduce the real risk of deliberate evidence destruction.

If these professors are not able to acknowledge that these proposed statutes offer benefits to companies facing the threat of misappropriation, I find it hard to take their critique seriously. But let’s look at their five reasons to reject these statutes:

1. Effective and uniform state law already exists. True, most states have adopted the Uniform Trade Secrets Act, with slight variations. But the state-by-state patchwork of statutory interpretation is not uniform. For example, different states apply different standards to determine whether a customer list is a trade secret. And state courts are often overburdened. I have personally experienced difficulty getting expedited hearing dates for emergency temporary injunction motions in state courts. Federal courts are better equipped to hear these types of motions expeditiously.

2. The Acts will damage trade secret law and jurisprudence by weakening uniformity while simultaneously creating parallel, redundant and/or damaging law. Despite this heading, the professors do not explain how applying a uniform federal standard will weaken uniformity. Instead, the professors argue that the Acts do not preempt state law, but only apply to trade secrets used in interstate or foreign commerce. Apparently, they believe that giving companies a choice between filing a misappropriation action in federal or state court is a bad thing. If companies want to litigate in state court, based on state law, these Acts permit them to do so. But these statutes would provide a second option. Given the tremendous corporate support for these statutes, companies themselves seem to want this new option.

The professors also criticize the interstate commerce provision, calling it “unclear and unsettled.” But like all statutes, this provision will become settled once tested in the courts. And the concept of interstate commerce is certainly not a new one, since federal courts routinely apply this standard to many federal statutes.

The professors also criticize the ex parte seizure provisions. Of all their critiques, this one has the most merit. I responded to this issue here. Keep in mind that evidence destruction is a real threat. I believe that it occurs routinely, particularly in misappropriation cases. In the end, I have faith that the federal judiciary will limit these orders to those cases where they are justified.

3. The Acts are imbalanced and could be used for anti-competitive purposes. The professors next argue that the Acts do not explicitly limit the length of injunctive relief. But the proper length of an injunction can vary widely based on the circumstances of a case. The judge hearing the supporting evidence is in a much better position than Congress to determine its length.

The professors are also concerned that parties will misuse the ex parte seizure provisions for anticompetitive purposes. This ignores the fact that (1) the moving party will have to convince a federal judge that the ex parte seizure order is necessary, and (2) the defendant will have the opportunity to challenge the order very soon after its entry. Again, I believe that the benefits of this provision outweigh its risks, given the built-in protections.

4. The Acts increase the risk of accidental disclosure of trade secrets.  Here, the professors argue that because of possible jurisdictional challenges based on the interstate commerce provision, plaintiffs will face motions to dismiss for lack of subject-matter jurisdiction that will “require the plaintiff to identify and disclose its trade secrets early in the litigation.” It’s hard to reconcile the professors’ concern for anticompetitive uses of the Act (number 3 above) with their concern that plaintiffs will have to identify the trade secrets at issue. Regardless, in reality, defendants already seek more detailed information about the trade secrets at issue at the case’s outset as a matter of routine, either through a motion to dismiss/for more definite statement, or through discovery requests. This new statute will have a marginal effect, if any at all, on the timing for identifying the trade secrets at issue.

5. The Acts have potential ancillary negative impacts on access to information, collaboration among businesses and mobility of labor. The letter discusses how companies are able to label information as a trade secret to prevent public and regulatory access to important information. (Again, this is inconsistent with point 4, where the professors wanted to enable companies to delay disclosure of the trade secrets at issue.) But the professors don’t explain how the Acts would increase this practice, other than to mention the ex parte seizure provision. Yet any company (and its attorneys) that obtains an ex parte seizure order in bad faith will have to face the ire of a federal judge who they manipulated into entering the order. I think the risk is overblown.

Look, neither of the Acts are perfect. But the threat of misappropriation is real. Companies need stronger weapons in their arsenal to protect their proprietary information. These Acts accomplish that, with limited real—as opposed to academic—downside.

 

Congressmen Explain Why You Need to Be Proactive About Trade-Secret Theft

In today’s partisan political climate, it’s rare to see an issue that unites members of both parties. But trade-secrets theft has become such a significant threat to our economy that there is now a bipartisan effort to pass federal trade-secret legislation.

Last week, Congressmen Hakeem Jeffries (D-NY), Howard Coble (R-NC), John Conyers Jr. (D-MI), Steve Chabot (R-OH), Jerrold Nadler (D-NY), and George Holding (R-NC), all members of the House Judiciary Committee, published an article explaining why they introduced the “Trade Secrets Protection Act of 2014.”

The Congressmen’s article does a great job detailing the threat that companies face.

They start off with a sobering statistic: “The devastating reality is that theft of trade secrets costs the American economy billions of dollars per year.” They cite to a 2013 study by the Executive Office of the President that found that “the pace of economic espionage and trade secret theft against U.S. corporations is accelerating.” That study gave examples of large-scale trade-secret theft, including stolen trade secrets from Dupont and Goldman Sachs valued at $400 million and $500 million, respectively.

They close by making the point that the current scheme, under which each state has its own trade-secret-misappropriation laws, is inadequate to confront the threat:

The current patchwork is simply not enough to combat organized trade secret theft. All other forms of intellectual property – patents, copyrights, and trademarks – are afforded a civil cause of action in federal law. It is time we confer trade secrets with a similar level of protection to substantially mitigate the billions of dollars lost annually through theft of our intellectual property.

Hopefully, either this or the similar Defend Trade Secrets Act (discussed here and here) will pass. But regardless, companies must be proactive about protecting their trade secrets. State and federal laws creating causes of action for trade-secret theft are great, but litigation is never ideal. You should consult with an attorney with expertise in this area to make sure you are taking all reasonable steps to protect your proprietary information. Doing so will help you avoid the need for expensive and time-consuming litigation.