Trade Secrets Done Right – Maintaining Secrecy

Business
Written By Michael Severino

This is the second post about trade secrets.  My previous post, found here, discussed criminal trade secret theft and the involvement of law enforcement.  Most trade secret litigation, however, doesn’t involve law enforcement but rather focuses on whether the information is a trade secret.

This post highlights a case out of the Northern District of Illinois that demonstrates the steps a business took to protect its confidential information and maintain its secrecy within and without the organization.  These steps were vital in obtaining preliminary relief from a federal court. 

Before examining the actual steps taken to maintain secrecy, a bit of background is necessary. Most restrictive covenant (non-compete, non-solicit, confidentiality) lawsuits include a trade secret claim.  However, restrictive covenant cases are usually contract based (i.e. breach of non-compete or non-solicitation provisions) with contractual remedies, while a trade secret claim is statutory and provides for statutory remedies.   Thus, it is important for both a plaintiff and a defendant to first evaluate the subject information and determine whether it actually is a trade secret under federal or state law. 

The federal Defend Trade Secrets Act (DTSA), 18 U.S.C. §§ 1831 et seq. and its Maryland state law counterpart, Maryland Comm. Law §§ 11-1201 et seq., define a trade secret as information (a) sufficiently secret to impart economic value because of its relative secrecy and (b) for which the plaintiff has taken reasonable efforts to maintain its secrecy.  Without these two elements, a court will not treat the misappropriated information as a trade secret, although it still may be subject to contractual protections and tort claims (i.e. conversion, etc.).

In Vendavo v. Long, no. 19-cv-1725 (N.D. Ill. Aug. 30, 2019), the Court extensively examined the nature of the allegedly misappropriated information and endorsed the steps the employer took to maintain its secrecy.  In particular, the Court noted the following actions:

•           Physically securing its facilities such as limiting access to particularly sensitive areas (i.e. the local server room);

•           Implementing technological securities such as requiring laptops to be encrypted with complex passwords as well as multi-factor authentication;

•           Limiting access to the Salesforce database (where the confidential information was stored) to only those employees whose jobs required access to it (aka “need to know” access);

•           Requiring its employees and prospective customers to sign nondisclosure agreements prohibiting them from revealing proprietary information; and

•           Providing training to employees on confidentiality upon hiring.

In contrast, the Northern District of Illinois, in Abrasic 90 Inc. v. Weldcote Metals, Inc., 364 F. Supp. 3d 888 (N.D. Ill. 2019), lambasted the employer for failing to take any significant steps to protect the claimed trade secrets: “[Plaintiff] took almost no measures to safeguard the information that it now maintains was invaluable to its competitors. The company's almost total failure to adopt even fundamental and routine safeguards for the information at issue belies its claim that the information has economic value to its competitors and makes it quite unlikely that [Plaintiff] will ultimately prevail on its trade secret claim.”  Ouch!

More specifically, the Court relied on the absence of non-disclosure and confidentiality agreements for those who had access to the alleged trade secrets, as well as the failure to train employees concerning their confidentiality obligations, the absence of entrance and exit interviews, the failure to delineate what company information was confidential and what was not, and utilizing an IT manager with no training in data security.

The steps set forth in Vendavo are a good start.  While bigger organizations will likely take more extensive actions to protect its valuable trade secrets, basic steps are often easy to identify and implement:

•           Exit interviews reminding the employee of his or her post-separation restrictions (i.e. confidentiality, non-solicitation, non-compete);

•           Confidentiality agreements signed by the employee prohibiting use or disclosure of confidential information post-separation;

•           Yearly training concerning confidentiality obligations;

•           Requiring customers, contractors and others outside of the organization to execute non-disclosure agreements;

•           Ensuring that restrictive covenants are reasonable in scope and duration;

•           Designating only truly confidential information as confidential (i.e. if everything is marked as confidential, is anything actually confidential?);

•           Enforcing restrictive covenants and statutory claims against all employees who have misappropriated trade secrets.  (An employer doesn’t file suit against an employee who misappropriated confidential customer data will have a difficult time arguing that the second employee who did this is somehow harming the business.)

Remember, an ounce of prevention is worth a pound of cure.

Michael Severino
Previous

Trade Secrets Done Right – Defining a Trade Secret
Next

Trade Secret Theft and Criminal Liability