Can a Lawsuit Help Mitigate the Risks of Trade Secret Theft?

Trade secret law is constantly evolving as technologies in the workplace change.  Staying up to date is critical.   Recently, I attended an online seminar focused on theft of trade secrets in the workplace. The presenters included private practice attorneys from a national firm and in-house IP counsel from two large companies.

There was a consensus that you cannot prevent an employee from stealing trade secrets in all cases. This is especially so with the advent of cloud computing and bring your own device policies in the workplace. The focus should be on mitigation of risk before the theft, and implementation of an action plan after the theft.  I have commented on these same issues several times on this blog.

With respect to action plans after theft, I was interested in the insights of the in-house IP attorney. The attorney stressed the importance of having a team assembled to address trade secret theft to include security, technology, and legal.  When making a decision on pursuing an injunction in court, the assembled team will need to identify objectives based on a series of factors including the value of the intellectual property at issue and the business issues implicated.

I agree with these points.  Having a team in place, with written documentation of it, not only will help a business act quickly, but will also serve as evidence of the reasonable measures taken to protect the trade secrets.  A dedicated team will also facilitate regular communication between departments to stay on top of changing technologies and workforce demographics.

The pros and cons of litigation were also discussed.  The cons are understandable and include costs of litigation.  One presenter mentioned that litigation should be a last resort.  That might be agreeable as a general policy provided other measures are utilized to consistently address the issue via other means.  However, there are some upsides to pursuing litigation that may not be readily apparent.

Litigation serves as a reminder to others of the personal financial risks of misusing confidential information or trade secrets.  If employees understand that a business will not hesitate to file a lawsuit to protect its valuable information, the employees are less inclined to engage in misconduct.  In addition, a good attorney advising an employee on exit strategy will always ask about a company’s policy on enforcing non-compete or non-disclosure agreements.  Thus, the enforcement policy impacts the strategy of the departing employee.  

To illustrate the point, consider the NFL.   I know of an author who wanted to publish a book that arguably (but unlikely) used intellectual property of the NFL.  The author’s attorney advised against using the material despite the fact that the material was unlikely to infringe as a matter of law.  Why not use it? Simple. The NFL will crush you and they have a track record of doing it.  

There are many instances where the NFL took immediate action to shut down a potential infringer.  A quick Google search turned up a law review article and numerous stories of enforcement.  The word gets out.  The NFL will enforce its intellectual property rights.  The NFL does so in a broad and sweeping manner.   

The NFL’s policy is certainly not going to mesh well with every corporate culture, and I do not intend to advocate for litigation in all circumstances.  However, strategic use of litigation for the right case can go a long way toward protecting a business in the future.  Litigation can address an immediate risk, but also serves as a reminder to others about the risks of misuse of intellectual property.

Trade Secret Theft on the Cloud: Concerns For Both Employers and Employees

Max Taves authored an article posted by Law Technology News  entitled "Trade Secret Spats Center on Cloud."  The article highlights the increasing difficulty employers face when trying to avoid theft of confidential information when employees have access to third party storage providers such as DropBox, Googe Docs, SugarSync, and SkyDrive.  Third party data storage providers enable users to either locally sync or upload documents at work which can be accessed from another computer.  I have posted on tips for employers to reduce the risk of this kind of theft. Essentially, to mitigate risks and have evidence of theft, businesses need a robust and frequently updated fraud management plan.  

What I also found blogworthy in this article was how use of cloud based document storage posses a risk for employees as well.  One attorney in a high profile case pointed out that an employee’s use of DropBox, or similar provider, could generate the appearance that the employee may have stolen data even if they did not intend to do so.  I have seen this happen several times and it can be a big problem.

An employee may use DropBox to store personal information (family photos, resume, etc) but also mix in company documents to work from home.  The employee may leave for another job and forget that he or she still has documents from the former employer.  The employee could end up in a lawsuit because the employer may believe documents were stolen by use of DropBox.  Having already used DropBox at work, it may be even more problematic to show evidence of returning such documents or deleting them.  

The take away here is that use of cloud storage creates a risk for both employers and employees when it comes to confidential information.  While employers should develop a fraud management plan, employees would be well advised to have clear permission to use cloud storage providers. To avoid or reduce the risk of a lawsuit, employees should also seek to address cloud storage as part of an exit strategy.  Even if an employee has no desire to use confidential information after leaving, ignoring the issue is a big risk that may create the wrong impression. 

Tips On How To Reduce The Risk Of Intellectual Property Theft

 In my last post, I wrote about the risks facing businesses when there is a departing employee.  It can be fairly argued that in the next 3 years your average business will have to deal with a disgruntled, departing employee.  The employee will have had access to confidential information in digital form.  Studies have shown that greater than 50% of disgruntled employees and 90% of IT employees will take something.  So what can a business do to protect itself from theft of clients, confidential information, and trade secrets?  Here are a few tips:

1.Strong Contracts.  I often say that Legal Zoom = courtroom doom.  Many folks go to online websites to get cheap, low cost non-compete or confidentiality agreements.  There are circumstances where you can get a decent contract that will help your business from these online sites.  However, too many times I have reviewed the low cost, canned contract of a client and found significant problems with the contract.  If you want to have a contract that will have a better chance of standing up in court, you are best served by hiring an attorney well versed in these areas.  Relying on a form contract from a website is not recommended.

2.Strong Policies.  Any workplace policy should include strong electronic monitoring policies prominently posted in break rooms and in the employee handbook.  Ideally, the policy will spell out that the company can and will monitor the company owned computers and all communications and information stored on them.  You also want to have strong password policies, auditing of file access, and guards against deletion. You also should seek to have visibility by your IT department for all activities on work networks.

3. Intake Checklists.  Upon employee intake, your business will want to have a checklist that documents all the necessary items covering confidential information.  You will want to document all the devices issued to the employee, review the details of the contract (non-compete or non disclosure), and review all policies of electronic monitoring.

 4. Internal Procedures.  Essentially, what a business needs to have is an enterprise fraud management plan.  This would include security related technologies for the electronic information and data stored by the company.  You will want to include mobile device management.  Your plan will want to classify data and restrict access based on the classifications.  Your plan will want to include auditing and tracking of data.  

 

5. IT Security Checklist.  This is a checklist designed for the IT department when an employee departs.  This will include shutting down access to the former employee immediately.  The list should also include an inventory of the employee devices, evidence preservation, and possible involvement of a forensics expert.  There should always be a concern about possible spoliation of evidence when attempting to preserve, inspect, or copy electronic data.  Early involvement of an expert in computer forensics is recommended.

6. Strong Exit Interview.  A good exit interview can go a long way towards understanding if the departing employee is a risk for theft or use of confidential information.

7. Severance.  To give or not to give?  A fair severance agreement can be used to create ongoing and continuing obligations for the departing employee with respect to confidential information or intellectual property.  Also, if you failed to have a good contract in place during employment, a severance agreement is a good way to correct previous mistakes in the employment contract.  Further, in some circumstances, a fair severance agreement can reduce the level of hostilities and thereby reduce post employment risks.

IP Advice for Connecticut Start-Ups: Protecting Your Client’s Personally Identifiable Information

 David Benoit presents his fourth post as a guest blogger on the topic of Intellectual Property for Connecticut Start-Up companies.  In his fourth installment, he focuses on the need for entrepreneurs to protect their client’s most important assets: client personal information.  

In addition to implementing best practices with respect to a company’s own IP, start-ups need to be as mindful in taking adequate safeguards to ensure that any client IP that is being collected, stored, manipulated or distributed is not being used in a manner that will expose the start-up to liability.  Client IP most often includes “NPI” (nonpublic personal information) and includes personally identifiable financial information and any lists, descriptions or other groupings of consumers derived using personally identifiable financial information.  Unauthorized disclosure or access of personally-identifiable customer data typically results in financial liability (i.e., regulatory fines, penalties and legal fees) and reputational liability (i.e., damage to goodwill that the startup has worked hard to build). 

Knowing which IP safeguards to implement and what steps need to be taken if an IP breach occurs requires a thorough understanding of the ever-changing, multi-jurisdictional laws and regulations applicable to the start-up’s business.  This could include federal regulations, state- and industry-specific requirements surrounding the collection, storage, deletion and distribution of sensitive customer or end-user data.  Utilizing the services of a privacy attorney who understands not only your business, but also your client’s, is important to implementing best practices.  

Having an understanding of these regulations and standards, such as the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), Gramm-Leach-Bliley Act (GLBA) the Fair Credit Reporting Act (FCRA), the Fair and Accurate Transactions Act (FACT Act) and the Payment Card Industry Data Security Standards (PCI DSS), is extremely important to minimizing liability exposure.  Furthermore, knowing how to use customer IP without overstepping boundaries requires a well-written privacy policy, terms of service and other applicable data use agreements.

 

 

Laticrete Responds To 50 Million Dollar Verdict

Following my post about the Dur-A-Flex v. Laticrete jury verdict, I received a statement from Laticrete’s CEO, David Rothberg.  You can read the full statement here.   Mr. Rothberg stated that he is "extremely disappointed in the verdict." He added that the jury finding against Laticrete was "absolutely baseless."  He left no secret as to Laticrete’s post trial plans as he says the company intends a vigorous defense on appeal.

Trial counsel for Laticrete, Elizabeth Stewart, confirmed to me today that Laticrete does expect to appeal.  She commented that no decisions have been made yet on which issues Laticrete will raise on appeal.  Attorney Stewart had no further comments on the case.   

One of the most intriguing aspects to the appeal in this case is that Judge Eveleigh presided over the trial.  Judge Eveleigh has a very good reputation as a trial court judge.  In addition, he is now set to take a seat on the Connecticut Supreme Court.  I do not know yet what potential grounds might exist for the appeal, but I can say it seems very likely Judge Eveleigh considered the potential appellate issues in this case very closely.   

Stay tuned.  I expect there will be additional posts on this case.

Largest Jury Verdict In Connecticut History For Trade Secret Case

After an eight week jury trial in Waterbury Superior Court, an East Hartford based flooring solutions company,Dur-A-Flex, has been awarded 50.5 million dollars in damages for the misuse of its trade secrets by Laticrete International, a Bethany based multinational corporation.  Laticrete was a former purchaser of Dur-A-Flex’s colored sand products.  The jury found that the Laticrete misappropriated Dur-A-Flex’s trade secrets for the colored sand and awarded 43.7  million dollars in damages.  After the jury verdict, Judge Dennis Eveleigh awarded Dur-A-Flex more than 5 million dollars for attorney’s fees in a written decision (download here).   He also conditioned Laticrete’s future use of Dur-A-Flex’s technology on payment of royalty fees.

The case was brought back in 2006 on the Complex Litigation Docket in Waterbury  (Access court docket here). Dur-A-Flex was represented by Lawrence Rosenthal and Fletcher Thomson from Rogin Nassau’s Hartford office.  Laticrete was represented by Elizabeth Stewart from Murtha Cullina’s New Haven office.  

Dur-A-Flex supplied color sand to Laticrete for use in Laticrete’s grout products.  Laticrete was the only customer of Dur-A-Flex for the sand product.  Laticrete at some point stopped buying the colored sand from Dur-A-Flex and started making an identical sand product.  Dur-A-Flex claimed that Laticrete was, if fact, using Dur-A-Flex’s manufacturing process to make the sand.    The jury agreed with Dur-A-Flex and found that Laticrete violated Connecticut’s Uniform Trade Secrets Act. 

Attorney Rosenthal commented on the verdict and stated he was "certain that Dur-A-Flex had been significantly damaged by Laticrete’s improper and unauthorized use of its technology."  He believed the verdict was the largest ever for a trade secret case in Connecticut. 

I also believe this is the largest jury verdict in Connecticut history for a trade secret case.  Additionally, Connecticut case law is fairly sparse when it comes to significant trade secret cases.  I expect that the Dur-A-Flex case will impact trade secret law in Connecticut for years to come.  In particular, not only the amount of the award, but Judge Eveleigh’s written decision on awarding future royalties and attorney’s fees, which included a 10% contingency success fee.   Judge Eveleigh also issued a post-judgment order permitting Dur-A-Flex to attach the assets of Laticrete. It should be noted that Judge Eveleigh will become a justice of the Connecticut Supreme Court on June 1, 2010.   As such, I expect that his decision will carry more weight on these issues.

Law Firm Lawsuit Highlights Need For Businesses To Take Caution With Website Content

 A recent decision by the United States Court of Appeals for the Ninth Circuit serves as reminder of the types of litigation that can arise from simply maintaining a website. Although the decision involved a dispute between two law firms, the facts could easily be related to competing businesses. 

The case involved Brayton Purcell, LLP, a California law firm that successfully sued another law firm for copyright infringement based on website content.   Brayton Purcell had copyright protection for its substantial website content on elder law.  According to the decision, a competitor law firm must have liked the content because the competitor copied the content verbatim for its own website.  This resulted in an undisclosed arbitration ruling in favor of Brayton Purcell.

Any business with a website should consider having a legal review done to determine if potential problems exist with the website’s content.  Facing a lawsuit over a website is one the problems I discussed in a recent lecture on 5 Technology Bombs That Can  Sink Your Business.

There are many ways that a website can lead to litigation.  Stanley Jaskiewicz authored an excellent article for E-Commerce Law & Strategy featured on Law.com related to "clearing" rights to publish content on websites.  He cited a simple example of how a business website can infringe a copyright by merely copying and pasting a photograph from one website to the business’ website.  In the process, the business might infringe the rights of the original photographer and the website owner.

A basic legal compliance review for a website can avoid this type of problem.  It starts with a risk assessment of the website and its content, including a review for potential claims involving: 

  • Copyright & Trademark infringement.  Copying from the the look and feel, content, and slogans from another website are some of the ways you can run afoul of copyright and trademark laws.
  • Defamation & Disparagement.  Posting content that is defamatory or disparaging of a competitor could result in litigation because the statements could be viewed by millions.
  • Unfair Trade Practices.  This type of claim is usually a tag along to some other actionable conduct.  This claim is often used to obtain an injunction or to recover greater damages and attorney’s fees.
  • False Advertising and Misrepresentation.  A website should be viewed no differently than traditional advertising.  False claims can bring lawsuits from consumers who make decisions based on website content.
  • Domain Name Disputes.  These disputes often occur when two companies want a similar domain name.  Depending on a variety of facts, one company may have greater rights to use the name regardless of who registers the name first.

Here are some tips to avoid a lawsuit concerning website content: 

  • Conduct a risk assessment.   This includes an audit and inventory of the website content.
  • Obtain "clearance" rights. If any of your content might violate copyright or trademark laws, you should seek to obtain clearance to use the material.  This involves the concept of searching out property right holders or authors and seeking permission or paying for use of the content.  
  • Avoid use of protected materials.  For example, do not copy another website verbatim as the law firm did in the California case.  This might seem like a no brainer but many people believe that anything posted on the Internet somehow loses its copyright and trademark protection. 
  • Protect your content.  In the California case, it was noted that the law firm had copyrighted its online content.     The law firm also monitored for any other website copying its content by use of Copyscape website.  Copyscape allows a user to input a website address or specific page to search the web for plagiarism. 
  • Cooperation or settlement.  Lawsuits involving property rights for website content usually begin with one website owner sending another a "cease and desist letter."  This is a demand that an owner take down infringing material.  One way to avoid a lawsuit is to simply agree and take down the material.  Alternatively, you might be able to reach an agreement for use of the material. 

The bottom line is that your business does not need the headache of a lawsuit over a website.  Taking caution from the beginning with website content can help eliminate the risk.