Understanding the Importance of Trade Secret Preemption
Simply put, trade secret preemption or supersession is the concept that the Uniform Trade Secrets Act (adopted in 47 states) preempts or supersedes all other civil claims for the theft and/or wrongful use of information, except for breach of contract claims. Such claims are typically conversion, unfair competition (common law or statutory), tortious interference with contractual relations or business expectancy, breach of fiduciary duty or breach of duty of loyalty. Additionally, some states do not even permit such claims based upon the theft of confidential information that does not rise to the level of a trade secret. These non-UTSA claims can often be easier to prove than trade secret claims and can provide for tort remedies, rather than mere contract remedies.
In many states, non-UTSA claims are preempted by the UTSA and its preemption provision. Some states, however, still permit plaintiffs to bring such non-UTSA claims along with the trade secret claim and only preclude plaintiffs from pursuing the non-UTSA claims if a determination has been made that the information at issue is a trade secret. There is even variety within states, such as California, where three separate approaches have been followed by various courts.
While typically viewed as a “lawyers’ topic,” trade secret preemption is a much more significant and important topic that companies must be educated about to effectively protect their information assets. Many are surprised that some courts (following the strict preemption approach) view the UTSA as statute that actually “limits liability” for information theft. In those states following the strict preemption approach, companies are typically left with only two potential claims for the theft of information by former employees or other third parties, breach of contract and trade secret misappropriation. This reality underscores that employers should use confidentiality and non-disclosure agreements, rather than merely employee handbook policies to protect their proprietary information, so that they are not left with only one claim against a misappropriator.
Additionally, juries typically have high standards for what information qualifies for trade secret protection so trade secret preemption places added importance on companies thoughtfully classify their information assets and ensuring that valuable information is properly protected through reasonable secrecy measures. It also highlights that companies must have effective onboarding and termination procedures to ensure that employees are effectively educated regarding the importance of protecting company information and to ensure that companies obtain the return of their valuable information when employees leave. Valuable information assets that are not adequately protected will leave companies with little to no legal recourse if they are later stolen. Please see our previous webinar concerning best practices for protecting trade secrets in the hiring and termination of employees.
Importance of Protecting Trade Secrets Throughout Litigation
Companies often need to be reminded when they initiate a trade secret lawsuit that the information at issue must be protected throughout the litigation process. The parties to the litigation will typically enter into a protective order which limits who may obtain access to documents and information exchanged in the litigation subject to strict confidentiality and non-disclosure obligations. Additionally, the protective order, court rules, and applicable case authority provide the requirements for filing or lodging documents in the litigation under seal when they are submitted to the court in connection with the determination of particular case issues.
While some litigants may view such sealing motions as perfunctory, some courts scrutinize sealing motions and generally evaluate whether it is in the public interest to seal such documents and whether there are other significant interests. The recent Apple v. Samsung case in the Northern District of California provides a reminder that courts independently evaluate whether documents should be sealed regardless of agreements between the parties to the litigation. Parties need to understand that these motions often must be brought to preserve the confidentiality of the information, that they are not inexpensive, and there is also some risk that the court will not always grant the motion.
The importance and cost of preserving confidentiality through the litigation is part of the checklist that plaintiffs should take into account before filing suit. Sensible counsel understand that they must continue to educate the judge throughout the litigation regarding the importance of keeping documents and information sealed in the case. Parties to contracts should also be cognizant that confidential documents and information exchanged during the relationship may later be subject to first party or third party discovery. They should require notification provisions in their contracts providing sufficient time to seek a protective order to protect the confidentiality of information or documents called for in discovery prior to disclosure.
Is the Computer Fraud and Abuse Act Still a Viable Weapon in Employee Mobility Litigation?
Is the Computer Fraud and Abuse Act dead for employers that want to use it against employees who misuse their computer systems? The Ninth Circuit and Fourth Circuit have significantly pared down the utility of using the Act in the typical employee data theft scenario. Violations of computer use policies are not typically actionable in these jurisdictions if the employee was provided access to the computer network and the data at issue. Some jurisdictions still allow plaintiffs to bring CFAA claims for such violations demonstrating that analyzing the individual state and circuit authorities are essential in properly evaluating such claims. Even in the Ninth Circuit, violations of computer access policies, unauthorized password sharing to obtain unauthorized access to a protected computer, and violations of access revocation restrictions have recently been found actionable. Legislation has recently been proposed to “reform” the Computer Fraud and Abuse Act which would limit its applicability to pure hacker scenarios. For more information on the debate concerning whether violations of internet terms of service should constitute a violation of the Computer Fraud and Abuse Act, please see our webinar on ”How Big Data Impacts Trade Secret, Computer Fraud and Privacy Law.”
Dealing with the Employee Whistleblower Who Takes Company Data
Employee whistleblowers are one of the more challenging areas that companies must face. A swift investigation is necessary to get a handle on the situation. The employee should be immediately interviewed and the company should make immediate efforts to obtain the return of any truly proprietary data. Civil and criminal remedies will need to be considered, particularly if proprietary company data has been stolen or compromised. All the while the employer will need to comply with its whistleblower compliance program and not retaliate against the employee for engaging in any protected activity. It is not an easy process to balance even for the most diligent employers. Strategies for avoiding these scenarios include, employing hiring best practices, restricting access to key information on a need-to-know basis to only trusted employees, watching for employees who are downloading, transferring, or printing large amounts of documents/information and employing software solutions to prevent such actions, and having a thorough action plan on the shelf to employ for a rainy day. For more information on this topic, please see our webinar entitled “Employee Theft of Trade Secrets or Confidential Information in Name of Protected Whistleblowing.”
BYOD Explosion and Data Security
More companies are adopting BYOD policies to permit employees to use their own personal computing devices to access the company network. Companies must institute BYOD policies that protect company information, provide clear limits on access, and provide for clear protocols at termination. As employees can access work and personal email accounts on the same mobile devices, employers must be vigilant that employees do not rapidly transmit company files to their personal accounts. There are also greater risks for data security breaches with the greater accessibility provided by BYOD. Employee education regarding security, including precautions to take outside the office and abroad, file encryption, and the use of secured computer networks is essential.
Effectively Conducting a Computer Forensic Investigation
Companies must keep up to date with the latest ways that valuable information is leaked or otherwise compromised. Such information can be compromised by hard copy theft, emailing of company information to personal accounts, CD burning, and the transfer of data to thumb drives and FTP sites. Companies must respond to the latest threats such as the unauthorized storage of valuable information in the cloud with third party file sharing sites. Many sophisticated companies use software to detect and prevent large data transfers either via email, USB, or third party file sharing sites. Additionally, it is essential to understand what data can be stored on specific electronic devices to understand what may be recoverable in a computer forensic investigation. For example, the iPhone 5, when compared to other smart phones or electronic storage devices, may have material differences in what may be stored and recovered in a computer forensic investigation. Lastly, social media evidence is becoming more useful in establishing non-compete and trade secret violations, but employers must be cognizant of employee privacy considerations in using and demanding access to social media accounts. Prudent employers should utilize compliant social media policies and social media ownership agreements.