This article provides a detailed way for US businesses to retrieve stolen intellectual property and trade secrets based on the Defend Trade Secrets Act passed in 2016. Many countries have adopted laws to protect confidential business information and this article also covers the position in a number of European countries (Germany, France, Italy, Sweden and the UK). The article was published in the Spring 2017 issue of Employment Relations Today.
Mark A. Saloman, Ford Harrison
Alexander Ulrich, Kliemt & Vollstädt
Emanuela Nespoli, Toffoletto De Luca Tamajo e Soci
Petter Wenehult, Elmzell Advokatbyrå
Hannah Price, Lewis Silkin
Fadi Sfeir, CAPSTAN Avocats
You receive a series of complaints of uncooperative, belligerent, and irrational behaviour concerning Dr. Ima Thief, your company’s senior research and development director. Despite her importance to the company, you approve Thief’s termination. During the exit process, human resources and the business group diligently work to safeguard Thief’s electronic devices, disable her passwords and systems access, lock down her work space, and secure all confidential corporate information and trade secrets. The next day, however, Thief reveals she kept an external backup drive at her home containing a mirror image of your company’s most sensitive and valuable confidential business information. Thief will gladly return everything to you for a hefty price, and if not paid within 48 hours, she will post everything to the Internet.
While this scenario seems more like the plot of a movie of the week, cyber-extortion is becoming easier (and more common) with every technological advance. So how does your business recover Thief’s backup drive without setting the dangerous precedent of paying ransom?
A new US law, the Defend Trade Secrets Act of 2016 (DTSA), which amends the Economic Espionage Act, provides a uniform civil remedy to trade secret owners whose intellectual property has been compromised. Most important for your company given Thief’s misconduct, the DTSA provides a method to seize the property without giving notice to Thief.
ESTABLISHING SUFFICIENT GROUNDS FOR AN EX PARTE SEIZURE ORDER
Consistent with federal copyright and trademark laws, the DTSA grants power to federal courts to issue an order without notice to the other side (known as an ex parte order because the adverse party is not present when the order is issued) to seize property to preserve evidence or prevent the propagation or dissemination of a corporate trade secret. The DTSA authorizes such orders only in “extraordinary circumstances,” and creates an eight-part test establishing a right to seizure. In our scenario, seizure could be ordered if a reviewing court finds:
1. No injunctive order would be adequate because Thief will evade or avoid compliance;
2. Immediate and irreparable injury to your company will occur without seizure;
3. The harm caused by denying the seizure application outweighs the harm to the legitimate interests of Thief and any third parties;
4. Your company is likely to show that Thief misappropriated (or conspired to misappropriate) your company’s trade secret by improper means;
5. Thief has actual possession of the trade secret and the property to be seized;
6. Your company can describe the matter to be seized and its location;
7. Thief will destroy, move, hide, or make the confidential information inaccessible if provided with notice; and
8. Your company has not publicized the requested seizure.
Like a temporary restraining order or preliminary injunction on steroids, the civil seizure application requires virtually indefensible misconduct and a borderline irrational defendant. Indeed, the seventh prong of the test may be the most difficult to establish because federal court judges, unaccustomed to being ignored by litigants, must be persuaded that the defendant will not obey a court order. This may be the reason there is no reported decision in any jurisdiction granting an ex parte seizure application.
CRAFTING AND ENFORCING A CIVIL SEIZURE ORDER
So, what can you do about Dr. Thief? At the outset, you must analyse the risk that seizure is inappropriate because the DTSA grants Thief a right of action against your company for damages, including reasonable attorney’s fees, for wrongful or excessive seizure. Recognizing that the risk is far outweighed by Thief’s egregious misconduct, you decide to seek an ex parte seizure of the backup drive that holds the stolen company information.
The first step in that process is an emergency application to the federal district court. Normally, this involves filing a complaint and order to show cause, supported by proof of misconduct (offered in sworn declarations and supporting documentation), and legal argument addressing the eight-part test. Because of the fact-specific nature of the inquiry, the evidence and argument depend on each individual set of circumstances.
Besides the enhanced burden of proof, what sets the seizure application apart from a typical ex parte application for a temporary restraining order is the DTSA’s detailed requirement of two court orders for particular relief. The first order grants the seizure while the second provides specific directions to the US Marshals Service to carry out the seizure.
First Court Order—Permitting Seizure of the External Drive
The DTSA gives precise guidance on what the first order must contain. At the outset, the order must recite the reviewing court’s findings of fact and conclusions of law. As the moving party with the best knowledge of the facts, your order should contain a proposed set of facts and legal conclusions that the court can easily adopt.
Next, the first order must provide for the narrowest seizure to achieve your goals and direct that the seizure be carried out with minimal disruption to Thief and any third parties. The order also must state the hours during which the seizure may occur and whether force may be used to access her home, if locked. Finally, the first order must set a date for a seizure hearing at the earliest possible time and provide for payment of security (normally a bond) adequate to cover a wrongful or excessive seizure.
Second Order—Directing the US Marshals to Seize Thief’s Drive
Though the DTSA provides specific requirements for the first court order, the act provides little guidance concerning the second order, which is needed to effectuate the physical process of retrieving the stolen data from Thief. According to the DTSA, the court’s second order must merely recite that materials seized will be taken into the custody of the court; any electronically stored data will not be connected to a network or the Internet without consent of both parties; and the court will take steps to protect the confidentiality of the seized data. Yet the DTSA omits the essential practical details necessary for the court’s second order to permit the US Marshals Service to complete the task of physically recovering Thief’s external drive. Specifically, the court’s second order must:
- confirm that your company is authorized under the supervision and with the assistance of the marshals, to take all necessary steps to secure and remove the backup drive, including breaking and entering, then searching for the drive in Thief’s home and placing it with the court;
- state that anyone interfering with the execution of the order is subject to arrest;
- assert that your company will account for all property seized from Thief; compile a written inventory of such property; and provide a copy to the marshals, who will include a copy with their return to the court; and
- ratify that your company will act as substitute custodian of all seized property and hold the marshals harmless from any claims arising from acts, incidents, or occurrences in connection with the seizure and possession of the backup drive.
Additional Requirements by the US Marshals
A few more details to remember, as the seizure application does not end with the court’s execution of the two court orders: First, the marshals require a certified copy of the court’s second order, with a raised seal, for each location to be searched and each item to be seized. Second, the marshals need a completed “Process Receipt and Return” form, which can be obtained at www.usmarshals.gov/process/usm285.pdf . Third, a bank or certified check for at least $2,000 per location to be searched is required as a deposit for costs. Though not required, the marshals recommend arranging for required additional services, such as locksmith services if Thief is not home when the seizure is executed.
An ex parte seizure order requires both egregious misconduct and proof that the defendant will magnify the harm if provided notice of a court application. In view of the high burden on the moving party and the likelihood that most defendants will abide by an order of a US federal court judge, most trade secret disputes will not involve the seizure provision of the DTSA. Yet the stakes are rarely higher than when your company’s most valuable confidential business information and trade secrets are at risk of disclosure.
SAFEGUARDS OUTSIDE THE UNITED STATES
Similar to the uniformity promoted by the DTSA, the European Parliament and the Council of the EU recently adopted a Trade Secrets Directive designed to standardize national laws in EU countries against the unlawful acquisition, disclosure, and use of trade secrets. The
directive defines forms of misappropriation and creates the means through which victims of trade secret misappropriation can seek civil redress and protection by, among other things, stopping unlawful use and disclosure of misappropriated trade secrets and creating the uniform right to compensatory damages caused by unlawful use or disclosure of the misappropriated trade secret.
EU countries need not enact the laws and provisions needed to comply with the directive until June 2018. So, what are your company’s options in the meantime if Dr. Thief is based in London, Milan, Munich, Paris, or Stockholm?
Case Law Protects Trade Secrets in the United Kingdom
In the United Kingdom, case law governs the misuse of trade secrets during and after employment. This case law creates different categories of business information, with trade secrets receiving the greatest legal protection as the most valuable to the business. Information properly classified as a trade secret is protected by an implied duty of confidentiality, even after the termination of employment and absent an express confidentiality provision in the employment contract.
Whether business information constitutes a trade secret rather than “mere confidential information” (which is not protected postemployment) is determined on a case-by-case basis. Secret formulae or manufacturing processes are likely regarded as trade secrets, but it is less clear whether customer lists, pricing information, and the like are trade secrets. To answer this question, courts consider several factors, including the employer’s attitude toward the information and whether the information can be differentiated from less sensitive and more widely available information.
Though it voted to leave the European Union, the United Kingdom will probably remain a member until spring 2019, meaning the directive will be implemented in the United Kingdom, even if only for a short time. Moreover, the directive reflects current UK law and, therefore, should not require substantive practical changes. Further, UK trade secrets law is derived from case law, so any codification of the law will involve the courts interpreting UK case-law principles alongside the new directive.
Germany’s Answer: Criminal Statutes and Prison
German trade and industrial secrets are protected via criminal prosecution under Section 17 of the Act Against Unfair Competition. An employee disclosing such secrets for unlawful purposes may be imprisoned for up to five years in serious cases. The same applies to one who acquires such secrets using technical means, creates a reproduction of the secret, removes an item containing the secret, or one who uses or discloses such secrets. The duty of secrecy applies during and after the employment relationship by law. The duty of secrecy can be extended through an employment contract that specifies the relevant confidential business to be protected, and a contractual penalty can be agreed to, within certain limits. German work agreements can implement guidelines for the use of confidential data or justify “social-engineering tests” (to protect employees from psychological manipulation by cyber criminals). After a breach of contract, the employer can claim injunctive relief, return of items, or damages or dismiss the employee, effective immediately.
Italy’s Civil, Criminal, and Property Codes
Italian law protects confidential business information by creating the duty of loyalty owed by employees to their employers during the employment relationship and by protecting industrial secrets. Article 2105 of the Italian Civil Code prohibits employees from disclosing information concerning the company’s organization and methods of production during the employment relationship and using such information to damage the company. Misappropriating a customer list and disclosing the production method of a medicine are both violations. Postemployment, the former employee may continue to use accumulated knowledge and experience, except for information that exceeds her professional knowledge and is internal to the former employer. Specific confidentiality and nondisclosure agreements can provide for specific penalties in case of violation.
Article 98 of the Industrial Property Code also protects company information and technical and industrial experiences that are secret, valuable, and subject to reasonable measures to keep them secret. If Dr. Thief violates this provision, a company can activate an emergency procedure to stop and remedy the consequences of the unlawful conduct, and obtain compensation for damages suffered. Finally, disclosing company trade secrets is regulated by specific provisions of the Italian Criminal Code, which apply to all persons, including nonemployees.
The French Approach
Confidentiality clauses in employment contracts are standard in France, though enforcing them is not always easy. Indeed, France’s highest court ruled that an employer may not use the protection of trade secrets as grounds to justify its refusal to cooperate with an employee representative requesting confidential documents to demonstrate that the employee has been discriminated against based on his or her trade union activity.
Nonetheless, revealing trade secrets to a third party is a criminal offence punishable by fine and imprisonment. Prosecution is rather rare in practice but acts as a strong deterrent. Moreover, confidentiality obligations may be enforceable even after the termination of the employment contract, regardless of the reason for termination.
The Swedish Act on Protection of Trade Secrets
Sweden’s Act on Protection of Trade Secrets prohibits any use or disclosure of a trade secret potentially harming the employer’s business. The definition of trade secret is extensive and includes information on the employer’s customers, business contracts, and marketing strategies. An employee using or disclosing trade secrets may be liable to pay damages based on the employer’s financial loss due to the use or disclosure.
If an employer discovers the use or disclosure of a trade secret, it may request a court injunction to immediately prohibit the use or disclosure. The employer must show probable cause for the use or disclosure and provide security (normally a bank guarantee) to cover for eventual damage that the adverse party may suffer from the injunction. Notably, that an employee copied the employer’s trade secrets to a private storage device does not constitute a “use” or “disclosure” because steps taken to prepare for new employment are not prohibited under the act. The EU Trade Secrets Directive should improve employers’ protections in Sweden to stop such preparatory measures.
GUARDING AGAINST LOSS
As the lifeblood of so many companies, trade secrets and intellectual property can be protected through proactive measures at every stage of the employment relationship.
Safeguards begin at the recruiting process, where rules can be clearly communicated that your company protects its confidential and proprietary information and prohibits the misuse or misappropriation of competitor information. Protections continue through the onboarding process, with dissemination of clear policies and protocols alerting employees of their ongoing responsibility to keep trade secrets confidential. Periodic training of employees reinforces the importance of your policies, and consistent monitoring for security breaches allows the company to learn and adapt from changing conditions. Safety continues during the separation process, where outgoing employees can be reminded of their confidentiality and other post-employment obligations, electronic devices recovered and examined, and passwords disabled.
Thorough diligence at every phase of the employment relationship minimizes the risk intellectual property and trade secrets will be stolen or otherwise compromised. Yet companies may take solace in the availability of the DTSA in the United States and its civil seizure authority to safeguard against potentially devastating loss. In the European Union, legal experts in each country should be consulted on the various options to maximize your company’s trade secret protections, and stop Dr. Thief, until the directive takes effect.