Introduction
This article provides an overview of a threat every company is facing today - the risks posed by the theft of company trade secrets and confidential information in the employment setting. In addition to providing an overview of trade secret law throughout the United States, this article focuses specifically on best practices for companies during the "onboard" and "exit" stages of the employment relationship to protect their trade secrets and most confidential information. By adopting the preventative steps recommended in this article, companies can be better assured that their information is not at risk of being compromised by a thieving employee or third party - and, to the extent a theft occurs, they will be much better prepared to protect their trade secrets through litigation.
What is a Trade Secret?
In general, confidential business information that provides a business a competitive edge is eligible for trade secret protection. Trade secrets can include sales methods, distribution methods, pricing lists, formulas, software algorithms, and customer information. From a high level, therefore, various types of confidential information that are used in a company's business and are not generally known to the public can be claimed as a trade secret.
Trade secret protection is separate and distinct from patent protection. Patents grant a limited monopoly on a publicly disclosed invention that meets certain requirements - including that the invention meets a certain threshold of novelty not anticipated by the prior art in the field. Also critical to obtaining a patent is the willingness of the owner publicly to disclose the invention. Trade secret protection, in contrast, can apply to any confidential business information which gives a business a competitive edge, as long as the information is the subject of reasonable confidentiality safeguards. Also, as long as these requirements are satisfied, trade secret protection can be perpetual. Thus, trade secrets provide companies and owners with an alternative method of intellectual property protection that is uniquely appropriate for information that should not be publicly disclosed and that might warrant protection for an indefinite duration.
As a member of the World Trade Organization (WTO) and a party to the Agreement on Trade Related Aspects of Intellectual-Property Rights (TRIPS), the United States is obligated to provide trade secret protection. Article 39 paragraph 2 requires member nations to provide a means for protecting information that is secret, commercially valuable because it is secret, and subject to reasonable steps to keep it secret. The U.S. fulfills its obligation by offering trade secret protection under state laws.
While state laws differ, there is reasonable similarity among the laws because 48 states and the District of Columbia have adopted some version of the Uniform Trade Secrets Act. The language of the UTSA is very similar to the language in TRIPS.
For example, Massachusetts passed a trade secrets statute of its own based on common law. Mass. Gen. Laws. ch. 266, § 30. Unlike the UTSA, Massachusetts law does not use the word "misappropriation," but instead lists a number of activities that trigger civil liability.
New York courts apply a common law definition based on the Restatement (First) of Torts § 757 (1939). Under New York law, misappropriation consists of use or disclosure of a trade secret that was acquired through a relationship of trust (such as employment), or through fraud or other improper means, such as theft, bribery, or hacking. Importantly, under New York law, trade secret protection does not apply unless the trade secret is in continuous and current use.
Under the UTSA, trade secrets are defined as:
- assets which derive economic value from not being generally known, and
- are subject to reasonable degrees of protection.
So long as these two requirements are met, a vast range of proprietary information can be claimed as a trade secret.
Trade Secret Misappropriation
To pursue a trade secret misappropriation claim, a party must first establish that the information in question is a trade secret. Next, the party must prove that the information was misappropriated, i.e. that the information was wrongly acquired by another party. Trade secret misappropriation frequently occurs in the context of a former employee who shares company information with a new employer or a third party vendor or contractor. Indeed, studies have shown that the vast majority of trade secret thefts occur in situations in which the victim of the theft had some familiarity or relationship with the misappropriating individual - either through an employment relationship or a business relationship.
Protecting Trade Secrets
For a company to prevail in a trade secret case, there must be evidence that the trade secret was the subject of reasonable measures to ensure its secrecy. Consequently, businesses should always ensure their trade secrets are subject to reasonable protections. Whether a company took adequate measures to protect the information is generally the critical issue in a trade secret litigation. If a court finds a failure to adopt reasonable measures to safeguard confidentiality, the information is not a trade secret, the misappropriation claim fails, the trade secret may already be disclosed, and the company has little recourse.
New Employees
It is crucial to guard against theft of trade secrets during the employee intake process, both from the employee's previous employer and new employer. If an employer fails to guard against the receipt of confidential information that an incoming employee may possess from a previous position, the new employer may be held liable for trade secret misappropriation (even if there was no intent to use the information). Courts in several jurisdictions have recognized an employer's potential liability for an employee's use of the trade secrets of a prior employer, even if the new employer has no knowledge of such use. These courts rely on the theory of respondeat superior - that the employer is vicariously liable for the wrongful acts of its employee that are performed (at least implicitly) for the benefit of the employer. See, e.g., Newport News Indus. v. Dynamic Testing, Inc., 130 F. Supp. 2d 745, 754 (E.D. Va. 2001) (holding that employee who acts within scope of employment when improperly using another party's trade secrets allows the new employer to "reap the benefit" who "therefore should be liable for the harm.")
Companies can guard against this risk of liability by requiring new employees to execute an acknowledgment that the employee has been instructed not to use the trade secrets of a former employer and that any use of the trade secrets of another party is outside the scope of the employment relationship.
The onboard process is also the perfect opportunity to remind employees of their obligations to their new employer and ask new employees to sign confidentiality agreements. Some key steps for new employees are:
- Require confidentiality and non-disclosure commitments from employees.
- Identify most valuable confidential information.
- Insist that new hires do not bring/use any information from former employers.
Current Employees
As mentioned above, a trade secret must be the subject of reasonable measures to ensure its security. While "absolute secrecy" is generally not required to protect a trade secret, employers should take the following security measures with respect to current employees:
- Control employee access to information;
- Distribute information on a "need to know" basis;
- Employ password protection for electronic files and servers;
- Use "confidential" designations on documents and files;
- Employ copy protection and embedded codes to trace copies;
- Regulate visitor facility and premises access (security badges, access cards);
- Use global employee "tip line";
- Consider anti-eavesdropping techniques;
- Enforce employee compliance with prior confidentiality obligations;
- Conduct ongoing employee training.
Technology Use and Bring-Your-Own-Device ("BYOD") Policies
Many employees bring personal computing devices and external hard drives into the office. For example, employees may use a flash drive to store documents or to transfer files from one device to another. Because email can potentially contain proprietary company trade secrets, such as customer information, a host of legal issues have arisen due to the use of employee-owned devices. See, e.g., Integral Dev. Corp. v. Tolat, Case No. C-12-06575, 2013 WL 2389691 (N.D. Cal. May 30, 2013) (former employee transferred confidential, proprietary company files and source code to external hard drive and cloud drive prior to terminating his employment).
To guard against risks, a company should have written BYOD policies that demonstrate reasonable measures to protect trade secrets. For example, a technology use policy should establish a protocol for the appropriate use and protection of company data by employees:
- establish the confidentiality of trade secrets by expressly identifying them;
- explain the company's expectations for employees' use of cloud storage (e.g. Dropbox) as well as external thumb drives and external devices;
- create consent to access and curtail privacy expectations;
- retain the right of the employer to review and/or wipe external devices upon departure;
- prohibit the sending of company email using personal accounts;
- obtain consent to search personal devices.
If an employee walks away with trade secrets on a personal device, such as a mobile phone, courts may be reluctant to require an employee to turn over that device. Therefore, it is prudent for an employer to obtain consent to control the device electronically, such as through the installation of software that will ensure security and facilitate the employer's ability, in specific situations, to disable access. With respect to BOYD (mobile phones and tablets), employers should also consider the following:
- requiring employees to use passcodes to lock their devices, and automatically lock after a period of time;
- allowing the ability for the company to remotely wipe the device if it is lost or stolen.
Departing Employees
The exit interview is the best way to remind the employee of confidentiality agreements previously executed and explain the ongoing obligations. Also during the exit interview, companies should confirm that the employee does not possess any confidential or trade secret information by asking questions along the lines of the below:
- "Do you have any company documents or materials at home?"
- "Have you returned all flash drives containing company information?"
- "Have you stored any company documents in the cloud?"
- "Do you understand that your non-disclosure obligations remain in effect?"
Conclusion
Trade secret protection is a valuable legal tool for businesses, providing protection to confidential information that provides a competitive edge. In order to be protectable as a trade secret, information must be subject to reasonable degrees of protection. Accordingly, businesses should ensure reasonable security measures are used during all steps of the employment process, including with new, current, and departing employees.
Additional Resources
- Inevitable Disclosure of Trade Secrets is Not an Independent Cause of Action in Georgia - Joel D. Bush, Audra A. Dial, Jeffrey H. Fisher
- The Computer Fraud and Abuse Act and Disloyal Employees: How Far Should the Statute Go to Protect Employers from Trade Secret Theft? - Audra A. Dial, John Moye
- Safeguarding Trade Secrets - Wendy Choi, Eugene Joswick, and Buddy Toliver
- Cos. can guard against trade secret thefts - Joel D. Bush
- Protect Your Trade Secret - Keith M. Gregory and Stephen J. Baumgartner
- Corporate Espionage and Unclean Hands - Lessons Learned from a $309 Million Judgment - Audra A. Dial, Clay C. Wheeler, Aaron J. Ross
About the Authors
Joel D. Bush II and John M. Moye, Kilpatrick Townsend & Stockton LLP