I. The Context – An Introduction
Businesses are confronted with a never-ending litany of challenges. While it may be increasingly difficult to know where to begin in prioritizing these challenges, companies must undertake threat assessments and prioritize the impact of any potential, realistic threat. Once the threat is identified, the enterprise must evaluate appropriate and reasonable measures to minimize the detrimental impact should the threat materialize. Such prudence is an obligation each organization owes to its stakeholders. This article explores one potential threat to virtually every organization and the significant return on investment in strategically and cost effectively protecting some of the most valuable assets of any enterprise that are exposed to misuse and theft: trade secrets, proprietary information, and confidential information.
Intellectual property is critical to the vitality of today’s economy and the competitive advantage of an enterprise. Intellectual property, in all its forms, is an engine of growth, accounting for an increasing share of jobs and trade. Intellectual property in selected core industries has, in the past, been estimated to account for at least 6% of the gross domestic product of the United States. In recent years, the overall value of the “intellectual capital” of U.S. businesses – including copyrights, trademarks, patents, and trade secrets – was estimated to account for one third of the value of U.S. companies, or about $5 trillion.
A company’s trade secrets and intellectual property rights create incentives for entrepreneurs and investors to commit the necessary resources to research, develop, and market new technologies, process improvements, new services, and other forms of critically important innovative activities. These rights are fundamental to the protection of the nation’s competitive advantage. As one court observed, “[t]he future of the nation depends in no small part on the efficiency of industry, and the efficiency of industry depends in no small part on the protection of intellectual property.”1 The effective protection of intellectual property is essential to fostering creativity and supporting the economic and financial infrastructure of an enterprise.
Rare will be the business that has no proprietary or confidential information that is worthy of some level of protection. As such, virtually every enterprise must acknowledge and confront certain realities in evaluating whether and how to protect its confidential and proprietary information:
- Employers, in an attempt to increase efficiency and effectiveness and exploit the benefits of sharing institutional knowledge, provide employees access to confidential and proprietary information. Sales personnel are routinely exposed to such confidential information as national sales trends, product development plans, quality control issues, profitability evaluations across product lines, marketing plans, and the like. Information sharing is not unique with sales personnel: managers, department heads, engineers, research and development personnel, etc., are increasingly given access to sensitive institutional knowledge so they might better perform their assigned duties. This information, if obtained by a competitor, would, to say the least, prove catastrophic for many companies.
- Systems that store critical information and data are becoming much more complex and accessible. The use of laptops rather than desktops and the deployment of work from offsite or home technologies like Virtual Private Networks (VPN) have created an environment ripe for potential misuse and abuse.
- The U.S. Department of Commerce has estimated that the theft or misappropriation of an employer’s trade secrets and confidential information costs U.S. businesses approximately $250 million per year.3
- According to the Computer Crime and Security Survey by the FBI and the Computer Security Institute, theft of proprietary data and unauthorized access to information are among the four most common sources of loss due to cyber crime (along with viruses and hardware theft).
- There exists a body of well-developed contract law and state and federal statutes to protect employers from unfair competition. These unfair competition laws will not provide any significant benefit to those employers who do not strategically evaluate how best to exploit the protections these laws provide.
II. The Legal Overview – A Primer
The legal protections provided to business are many and varied and this article will focus on a few of the more important tools at the disposal of every organization.2
A. The Contract; Restrictive Covenants
A restrictive covenant is a contractual agreement, usually between an employer and an employee (but can and should be used appropriately with vendors, suppliers, independent contractors, board members, and consultants), in which one party prohibits the other from engaging in conduct detrimental to that party’s business. One of the most common forms of restrictive covenants is an agreement between a business and its employee designed to limit the employee’s ability to compete against the business (either individually or as an employee of a competing business) once that employee leaves employment. Restrictive covenants can also take the form of prohibitions on the solicitation of customers, clients, or employees, as well as prohibitions on hiring current employees of the employer or agreements not to improperly disclose certain information of the employer either during or after employment (confidentiality agreements).
Because of various state law requirements (both common law and statutory), as well as judicial philosophy, non-competition agreements are often the most difficult of the restrictive covenants to fully enforce. As a result, there is a reluctance by many enterprises to use these tools. The individual state law requirements for the enforcement of non-competition agreements vary significantly, which poses burdens in draftsmanship and enforcement. This is particularly true if the restrictive covenants impact employees in multiple states and are geographic locations and are therefore subject to multiple state law requirements. However, such non-compete and non-solicitation contractual arrangements have and can be effectively tailored and enforced by the courts to meet the legitimate business needs of an employer.
The essential requirement in enforcing these contracts, regardless of the state involved, is whether there exists a “protectable interest” that justifies the court’s intervention. Unless the employer can prove a “protectable interest,” a restrictive covenant will not be enforced. What constitutes a “protectable interest” is specifically defined in some state statutes. In Michigan, the definition is rather vague and open ended: “an employer’s reasonable competitive business interest.” The bottom line is that information, processes, or practices that provide the business with a competitive advantage, and are generally not known outside of the employer’s business, and required the time, talent, and effort of the employer to develop that information, process, or practice will be deemed “protectable” by the courts. While impossible to catalogue all the “business interests” that have been protected by the courts, legitimate protectable interests can include customer lists, pricing, compensation strategies, security systems, marketing programs, formula and/or design techniques, and sales data.
III. Trade Secrets and Computer Fraud – State and Federal Statutes
A. The Uniform Trade Secrets Act
Absent an enforceable restrictive covenant, employees are generally free to compete with their former employers, including pursuing clients, accounts, and market areas. While restricting competition in general is disfavored, virtually every state recognizes that certain valuable information developed by companies should be protected from disclosure, regardless of the existence of a restrictive covenant. This recognition has led to legislation aimed at protecting company “trade secrets.” The Uniform Trade Secrets Act (“UTSA” or the “Act”) has been adopted in most states, the District of Columbia, and the U.S. Virgin Islands. The purpose of the Act is to codify the myriad conflicting common law rules dealing with trade secrets.
The goals of the Act are to maintain a standard of commercial ethics, encourage the creative activities of businesses, and spur invention in the marketplace. To accomplish these goals, the Act prohibits the misappropriation of a company’s trade secrets and provides a number of potential remedies for actual or threatened misappropriations of trade secrets.
This Act defines a “trade secret” as “information, including a formula, pattern compilation, program, device, method, technique, or process, that is both of the following:
- Derives independent economic value, actual or potential from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use.
- Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”
The statue provides the business with a civil cause of action for the misappropriation of a trade secret and specifically empowers the court to issue a preliminary injunction. The damages available to the employer who prevails on a trade secret claim includes the recovery of “reasonable attorney fees” and:
can include both the actual loss caused by misappropriation and the unjust enrichment caused by misappropriation that is not taken into account in computing actual loss. In lieu of damages measured by any other methods, the damages caused by misappropriation may be measured by imposition of liability for a reasonable
royalty for a misappropriator’s unauthorized disclosure or use of a trade secret.
B. The Federal Economic Espionage Act
The Federal Economic Espionage Act, 18 U.S.C.A. §§1831 et. seq., criminalizes the theft of trade secrets from an employer. The definition of a trade secret under this Act is similar to the definition contained in the Uniform Trade Secrets Protection Act.
In addition to providing criminal penalties, this Act also authorizes the Attorney General to institute a civil action to seek immediate injunctive relief to protect those employers whose trade secrets have been stolen or misappropriated. The Act provides another important tool for to employers but the decision on when and how to use this tool must be carefully weighed and evaluated.
C. The Federal Computer Fraud and Abuse Act
The Federal Computer Fraud and Abuse Act, 18 U.S.C.A. § 1030, is an often overlooked statute that provides for both criminal and civil remedies for its violation. This Act prohibits not only the theft of trade secrets from computer-based programs, but also the malicious destruction of computer-based information and systems. Again, this Act should be viewed as a “supplemental” protection and not relied upon solely in the protection of trade secrets. If, however, a current employee destroys or impairs computer systems, data, or programs, there is potential civil and criminal liability that does exist.
IV. Reasonable Steps To Protect
Taking “reasonable steps” to protect the confidential information of the enterprise is critical for two reasons: before a Court will enforce the available state and federal laws, such steps must be taken by statute. In addition, such steps will bolster the argument when enforcing a restrictive covenant that the interest involved is “protected.” Some of the more common and inexpensive steps an organization might consider are:
- Have all appropriate personnel and entities (i.e., suppliers, independent contractors, board members, etc.) execute confidentiality, non-compete or non-solicitation agreements;
- Have employees execute invention assignment agreements;
- Include in the company’s policies, handbooks, and collective bargaining agreements the appropriate confidentiality and trade secret provisions that will also permit the company to access and evaluate all computer hard drives and other company-assigned electronic information storage devices without violating the privacy rights of employees; and
- Catalogue and restrict access to confidential information and trade secrets, particularly when dealing with information retained in the company’s IT systems.
These are only a few of the actions an employer might consider to reasonably protect its confidential information and trade secrets.
V. Potential Detection and Remedial Measures
Any protective strategy is ineffective if it fails to incorporate processes and procedures that will trigger the implementation of effective remedial measures. When a key employee departs the organization, for example, the company should have mechanisms in place to detect and remedy its good faith belief the former employee has or is about to misuse a company’s confidential information and trade secrets. For example, any such strategy might encompass an evaluation of the following measures:
- Conducting exit interviews with all key employees requesting the identification of the employee’s new employer. If an employee fails to identify the new employer, particularly if the employee is bound by a restrictive covenant, a “red flag” exists that may well require further investigation and evaluation;
- The immediate termination of all access rights by the departing employee to the company’s information systems and facilities;
- Requiring the IT department to properly secure all computers and other data storage devices (telephones, blackberries, PDAs, etc.) that may be necessary to assist in any subsequent investigation; the department should power down (including the removal of all batteries) and store in a secure area any computer or electronic information storage device before anyone attempts to search or access data on the device;
- Retain a computer forensic expert who can effectively copy, evaluate, and mine data from hard drives and other electronic devices assigned to former key employees where there exists a belief the employee may be engaging in inappropriate activity. If a computer is immediately taken out of service, most computer forensic evaluations will permit the recovery of files and e-mails that have been deleted from even the computer’s recycle bin. Similarly, the internet access history of a computer may potentially result in a wealth of information that can be used in any subsequent proceeding. A forensic investigation can also determine if any external device like a hard drive or iPod was installed on the computer and, if so, what documents and information may have been down loaded and when; and
- Cell phone investigations are becoming increasingly prevalent as most phones have a memory chip (SIM card) that holds large amounts of data, including text messages, e-mails, and even documents in Microsoft Word, Excel, and Power Point. Unfortunately, the internal storage capacity is limited and can be deleted from the memory if the device is not taken out of service and the forensic evaluation conducted as soon as possible.
Today a host of new (as well as traditional) tools are at a company’s disposal to detect, evaluate, and remedy the misappropriation and misuse of trade secrets and confidential information. Undertaking these and other appropriate steps before an attorney goes to court in an attempt to obtain a temporary restraining order or preliminary injunction will often mean the difference between success and failure in remedying what could potentially be a significant threat to the economic vitality of the enterprise.
VI. Conclusion
Given the significant investment of resources, time, and talent required in the development of an organization’s advantages (including its confidential and proprietary information and trade secrets), it would be prudent to take the appropriate steps that are necessary to protect this information from theft and misappropriation by competitors.
Guest author:
Richard L. Hurford
1 Rockwell Graphic Sys. Inc. v. DEV Indus. Inc., 925 F.2d 174 (7th Cir. 1991).
2 This article will not address the trademark, patent, and copyright protections that are available to all enterprises.