It’s among an in-house counsel’s worst nightmares. A former business partner, ex-employee, consultant, or competitor has stolen your company’s trade secret information. Company management demands swift action. You hire outside counsel who, after reviewing your company policies and interviewing stakeholders, tells you that he or she is concerned about being able to establish that your company took “reasonable efforts” to protect the information. Listening to the feedback, you realize with a sinking feeling that these were steps that you, as in-house counsel, may have been able to implement if you had only thought about the issue sooner.
A sampling of Spring 2019 cases[i] under the federal Defend Trade Secrets Act (“DTSA”) and equivalent state trade secret laws reveals some “efforts” courts are currently considering in determining “reasonableness.” No one secrecy “effort” is necessarily dispositive, but together they provide a “spring cleaning” checklist of some proactive security measures in-house counsel may want to consider:
- Restricting access to employees who are either on-site or have logged into the company’s network through a secure VPN
- Using encryption, and requiring a unique username, password, and/or token for decryption.
- Password-protecting digital networks and file servers.
- Stating in e-mails if the contents include proprietary information.
- Storing information on a dedicated server.
- Considering physical barriers and security measures such as perimeter fences, gated docks, locked doors, and limiting access to people with bar-coded badges or through other security clearance measures.
- Physically marking confidential documents such as technical drawings as “proprietary.”
- Video-monitoring of sensitive physical locations.
Employee and Third-party Agreements
- Reviewing existing confidentiality agreements with employees and third parties for what those agreements do not consider that the absence of language specifying or protecting confidential information or proprietary trade secrets may suggest a failure to adequately safeguard the information.
- Requiring employees to sign confidentiality agreements that protect the confidential information from unauthorized disclosure or use.
- Including confidentiality provisions in employment agreements.
- Requiring third parties with access to confidential information to sign confidentiality agreements that protect the information from unauthorized disclosure or use.
- Being cognizant of any “expiration” dates on non-disclosure or other confidentiality agreements and considering a carve-out for trade secret information protecting the information in perpetuity.
- Reviewing and strengthening “visitor” policies. Consider requiring guests and visitors to sensitive physical locations to agree to non-disclosure and confidentiality obligations.
Company Policies and Guidelines
- Establishing internal information classification and control guidelines.
- Restricting access to confidential information to those with a need-to-know the information.
- Implementing multiple security protocols to keep information a secret, and not just relying on “one” security measure, such as a non-disclosure agreement.
- Thinking about where practice may deviate from policy because of convenience, such as: locked doors propped open for the breeze; employees inviting family members or friends onto campus for lunch and bypassing security; employees downloading outside applications and using them for work; employees using thumb drives or other personal devices; employees posting a sensitive document on a bulletin; employees drawing on white boards and not erasing promptly, etc. “Reasonable efforts” for protecting trade secrets measure what happens in “reality,” and not just a company’s formal policies.
- Thinking broadly and creatively about what may constitute a trade secret – including drawings, price quotes, profit margins, product pricing information, pricing tiers for specific products, pricing schedules that may provide the baseline for negotiations with customers, specific customer preferences, formulas, patterns, compilations, programs, devices, methods, techniques, processes, and/or negative-know-how – and implementing “reasonable measures” best suited to protect the secrecy of the particular information.
[*] During the drafting of this blog post, Orrick partner Mark Wine passed away unexpectedly. A top intellectual property trial lawyer, beloved friend and colleague, Mark’s sense of humor, honesty and passion for life inspired all who met him. Our grief at losing him is profound.
[i] Weride Corp. v. Huang, No. 5:18-cv-07233-EJD, 2019 WL 1439394 (N.D. Cal. Apr. 1, 2019) [https://www.leagle.com/decision/infdco20190402b00]; Temurian v. Piccolo, No. 18-cv-62737-BLOOM/Valle, 2019 WL 1763022 (S.D. Fla. Apr. 22, 2019) [https://www.leagle.com/decision/infdco20190423998]; Flexible Techs., Inc., v. Sharkninja Operating LLC, No. 18-348-CFC, 2019 WL 1417465 (D. Del. Mar. 29, 2019) [https://www.leagle.com/decision/infdco20190415b79]; Select Energy Servs., Inc. v. Mammoth Energy Servs., Inc., No. CIV-19-28-R, 2019 WL 1434586 (W.D. Okla. Mar. 29, 2019) [https://www.leagle.com/decision/infdco20190401g38]; Advanced Fluid Sys., Inc. v. Huber, No. 1:13-CV-3087, 2019 WL 1040461 (M.D. Pa. Mar. 5, 2019) [https://www.leagle.com/decision/infdco20190306h20], aff’g, 2017 WL 2445303, at *11-12 (M.D. Pa. June 6, 2017) [https://www.leagle.com/decision/infdco20170607e57]; TDBBS LLC v. Ethical Prods. Inc., No. CV-19-01312-PHX-SMB, 2019 WL 1242961 (D. Ariz. Mar. 18, 2019) [https://www.leagle.com/decision/infdco20190319776].