Can a Lawsuit Help Mitigate the Risks of Trade Secret Theft?

Trade secret law is constantly evolving as technologies in the workplace change.  Staying up to date is critical.   Recently, I attended an online seminar focused on theft of trade secrets in the workplace. The presenters included private practice attorneys from a national firm and in-house IP counsel from two large companies.

There was a consensus that you cannot prevent an employee from stealing trade secrets in all cases. This is especially so with the advent of cloud computing and bring your own device policies in the workplace. The focus should be on mitigation of risk before the theft, and implementation of an action plan after the theft.  I have commented on these same issues several times on this blog.

With respect to action plans after theft, I was interested in the insights of the in-house IP attorney. The attorney stressed the importance of having a team assembled to address trade secret theft to include security, technology, and legal.  When making a decision on pursuing an injunction in court, the assembled team will need to identify objectives based on a series of factors including the value of the intellectual property at issue and the business issues implicated.

I agree with these points.  Having a team in place, with written documentation of it, not only will help a business act quickly, but will also serve as evidence of the reasonable measures taken to protect the trade secrets.  A dedicated team will also facilitate regular communication between departments to stay on top of changing technologies and workforce demographics.

The pros and cons of litigation were also discussed.  The cons are understandable and include costs of litigation.  One presenter mentioned that litigation should be a last resort.  That might be agreeable as a general policy provided other measures are utilized to consistently address the issue via other means.  However, there are some upsides to pursuing litigation that may not be readily apparent.

Litigation serves as a reminder to others of the personal financial risks of misusing confidential information or trade secrets.  If employees understand that a business will not hesitate to file a lawsuit to protect its valuable information, the employees are less inclined to engage in misconduct.  In addition, a good attorney advising an employee on exit strategy will always ask about a company’s policy on enforcing non-compete or non-disclosure agreements.  Thus, the enforcement policy impacts the strategy of the departing employee.  

To illustrate the point, consider the NFL.   I know of an author who wanted to publish a book that arguably (but unlikely) used intellectual property of the NFL.  The author’s attorney advised against using the material despite the fact that the material was unlikely to infringe as a matter of law.  Why not use it? Simple. The NFL will crush you and they have a track record of doing it.  

There are many instances where the NFL took immediate action to shut down a potential infringer.  A quick Google search turned up a law review article and numerous stories of enforcement.  The word gets out.  The NFL will enforce its intellectual property rights.  The NFL does so in a broad and sweeping manner.   

The NFL’s policy is certainly not going to mesh well with every corporate culture, and I do not intend to advocate for litigation in all circumstances.  However, strategic use of litigation for the right case can go a long way toward protecting a business in the future.  Litigation can address an immediate risk, but also serves as a reminder to others about the risks of misuse of intellectual property.

Confidential Information and the Departing Employee

I recently ran a seminar for the Human Resources Association of Central CT on "Effectively Managing Your Departing Employees."  The issues concerned  how attorneys can help to eliminate, prevent, or mitigate the risks of intellectual property theft.  In this post, I will define the basics of the problem.  In the next post, I will cover how to address the problem.  

  • Employees will Leave (Millennials average job tenure is 2.5 years)
  • Employees will be disgruntled (Wall Street Journal: 75% of departing employees are disgruntled)
  • Employees will have access to electronically stored data (UC Berkeley study shows 90% of critical business data is digital)
  • Digital is portable, easy to copy, saved in seconds, and transferred to multiple locations
  • Employees do take confidential information, even if by mistake. (Ponemon Institute says 59% of departing employees take information, and 90% of IT professionals)

Based on the these numbers, you could fairly argue that in a three year time frame an average business will likely have to deal with an unhappy, departing employee that will copy accessible confidential information.   This paints a pretty grim picture.  Nevertheless, it is a fair way to think about the problem to manage risks appropriately. 

One of the biggest risks is financial loss from theft of intellectual property and confidential information.  This might cover any of the following:

  • Trade secrets (confidential client lists, formulas, data)
  • Patents (fully or partially disclosed inventions)
  • Copyrights (original works such as software code)
  • Trademarks (counterfeit goods, brand damage) 
  • Proprietary information (anything you do not want in hands of a competitor)

How does employee or insider theft typically happen?  Here are a few examples:

  • Email (with or without attachments)
  • Portable drives (thumb or flash drives)
  • Smartphone 
  • File Transfers (FTP sites)
  • Remote access programs (GoToMyPC)
  • File Synching programs (Dropbox)
  • Old fashion printing and copying

In the next post, I will cover what you can do to help stop or reduce the risks of intellectual property theft. 

Computer Fraud and Abuse Act In Connecticut

Previously, I have posted about non-compete agreements and the duty of loyalty for employees.  Many times, businesses do not have written contracts to protect confidential and proprietary information from not only competitors and vendors, but also their own employees.  Without a contract, the common law of Connecticut concerning breach of fiduciary duty is one of the ways attorneys can seek to protect business clients against improper use of confidential information.

Another method for attorneys to seek to protect their clients’ confidential information stored on a computer system or network is through the federal Computer Fraud and Abuse Act (CFAA).  The CFAA is largely a criminal statute, but is being used more frequently in civil cases on behalf of businesses faced with loss or theft of confidential and proprietary information and trade secrets.   The CFAA, 18 U.S.C. 1030, essentially provides for civil liability for unauthorized access to protected computers with intent to defraud or cause damage.  There are civil enforcement provisions that allow private actions for recoverable loss related to prohibited conduct if a series of factors can be proved in court.

Recently, Peter J. Toren wrote an excellent article in the New York Law Journal  where he detailed methods in which the CFAA might be useful for attorneys to protect client trade secrets and other confidential information.   Peter listed the six factors necessary for proof of damages.  Peter also noted some of the limitations of the CFAA when it comes to employee theft of trade secrets and described the narrow and broad views taken by different courts when interpreting improper access of a protected computer without authorization. Peter further provides some useful tips for businesses on how to construct a policy in light of the different court interpretations of improper access. 

Lee Berlik, publisher of the Virginia Business Litigation Blog, also has a recent post about the series of hurdles necessary for attorneys to prove loss or damages under the CFAA.  Lee’s post describes a threshold of $5,000 in value that must fit into the categories of potential loss defined in the CFAA.  Similar to Peter’s article, Lee also describes how a case was unsuccessful in court because of insufficient facts to show loss under the CFAA.

In Connecticut federal courts, the reported cases under CFAA, largely have been unsuccessful for a variety of reasons, many of which Peter’s article details.  Some cases were dismissed for failing to meet damages thresholds (Register.com v. Verio, 356 F.3d 393 (2004)) , while another case was dismissed because the facts were insufficient for unauthorized access (Cenveo, Inc. v. Rao, 659 F. Supp. 2d 312 2009)).   However, in a recent case, in the federal district court, Judge Vanessa Bryant issued an order of sanctions and for production of electronic devices for forensic inspection in a case based, in part, and the CFAA. (Genworth Financial Wealth Mngmt. Inc., v. McMullan). 

The takeaway here is that the CFAA provides another potential basis for a business to protect its confidential and proprietary information when the information resides on a computer system or network.  Of course, there are a series of factors that must be met before liability can be established.  Some of these factors may not apply and eliminate the CFAA as a method of recovery as we have seen in several reported cases.  However, the CFAA should be considered and evaluated in any case involving unauthorized access of confidential information through a computer system as it provides an additional basis for potential recovery.  Also, advanced planning with sound internal policies might provide a business with a better chance of success under the CFAA.

I will do a post soon on another statute, Connecticut’s Computer Crime Act, that may provide additional remedies for improper access of a computer system or network.

 

 

Laticrete Responds To 50 Million Dollar Verdict

Following my post about the Dur-A-Flex v. Laticrete jury verdict, I received a statement from Laticrete’s CEO, David Rothberg.  You can read the full statement here.   Mr. Rothberg stated that he is "extremely disappointed in the verdict." He added that the jury finding against Laticrete was "absolutely baseless."  He left no secret as to Laticrete’s post trial plans as he says the company intends a vigorous defense on appeal.

Trial counsel for Laticrete, Elizabeth Stewart, confirmed to me today that Laticrete does expect to appeal.  She commented that no decisions have been made yet on which issues Laticrete will raise on appeal.  Attorney Stewart had no further comments on the case.   

One of the most intriguing aspects to the appeal in this case is that Judge Eveleigh presided over the trial.  Judge Eveleigh has a very good reputation as a trial court judge.  In addition, he is now set to take a seat on the Connecticut Supreme Court.  I do not know yet what potential grounds might exist for the appeal, but I can say it seems very likely Judge Eveleigh considered the potential appellate issues in this case very closely.   

Stay tuned.  I expect there will be additional posts on this case.

Do You Need A Contract To Stop A Former Employee From Competing?

The short answer is yes, a business does need a contract, also known as a "non-compete agreement," to prevent a former employee from fairly competing in business once the employee resigns.  Even with a written agreement, there are limitations on non-compete agreements because they are viewed as a restraint of trade.  To be enforceable, the restrictions in the agreement must be reasonable in time, scope, and geography. The restrictions also must be reasonable in relation to legitimate business interests you are seeking to protect.   

A poorly drafted agreement, or no agreement at all, can leave a business with little legal recourse to stop a former employee from fair competition once the employee resigns.  Simply put, the law in Connecticut permits fair competition upon resignation.  However, the lack of a written agreement does not give free license to employees to unfairly compete in all circumstances. 

For example, what about an employee that starts competing against your business without your knowledge while continuing to work for you?  Is this fair competition that should be freely permitted?  Depending on the circumstances, this type of conduct can be actionable in a civil case for damages.  The actionable conduct is breach of the employee’s common law duty of loyalty, which exists without a written agreement in certain circumstances.  There are also statutes in Connecticut that can protect businesses in certain situations that do not require contracts such as unauthorized computer access or misappropriation of trade secrets.   

I just read a story about a recent case that demonstrated some of the legal issues involved when there are no contracts in place with former employees.  According to the small business report by Carlye Adler of CNN, Charter Oak Lending, located in in Danbury Connecticut, lost a trial against several former employees who allegedly left to work for a larger company, CTX Mortgage.  Charter Oak alleged it lost more than a third of its business and a million dollars in fees after a sudden departure of 10 employees to CTX. The litigation lasted four years and ended with a defense verdict for the former employees. Charter Oak is appealing the decision. 

It appears that the decision against Charter Oak was based in part on the lack of contracts and the categorization of the defendants as independent contractors rather than employees.   The Trade Secrets Blog by Womble Carlyle picked up the story and had an interesting take focused on pure versus unfair competition.  The blog post supports the legal concept that a line can be crossed turning pure competition into unfair business. 

Charter Oak’s appeal of this case will be interesting to follow.  The outcome will likely depend on what evidence existed at trial to demonstrate unfair competition prior to the employees’ departure along with consideration of the duty of loyalty.  The takeaway is that it is always better to have written agreements to protect your business’ customers, client lists, and confidential information.  However, the lack of such an agreement will not always give free license to former employees to unfairly compete in all circumstances.   A close examination of the facts of each case must be undertaken to consider common law and statutory remedies that do not necessarily require agreements. 

Did A Secretary Cause A Billion Dollar Default Judgment Against PepsiCo?

Imagine your company is so busy preparing for a board meeting that a secretary sets aside paperwork from a recently served lawsuit for a billion dollars over trade secrets.  Imagine further that your company bureaucracy fails to put it together that a lawsuit has been filed until such a time that your company becomes defaulted in the case, to the tune of $1.26 billion dollars.  Ouch. 

Well, that is exactly what happened at PepsiCo according to a report by Lynne Marek in the National Law Journal.  According to the story, PepsiCo for various reasons, failed to realize a lawsuit had been filed or a motion for default until it was too late.  The case involved allegations that PepsiCo stole trade secrets and ideas for Aqaufina from two Wisconsin men.  When the suit went unnoticed,  a Wisconsin state court judge granted a motion for default against PepsiCo.

Marek writes that PepsiCo is trying to undo the damage and vacate the default.  Perhaps PepsiCo can vacate the default, but if not, it is a devastating blow in litigation to lose your liability defenses. By all accounts PepsiCo indicates the lawsuit is questionable suggesting numerous defenses exist.  Unfortunately, it appears there is a chance they may never get to assert the defenses.

In Connecticut, if you are defaulted for failing to respond to a lawsuit and a default judgment enters against you, you also can lose the ability to defend against the allegations in the complaint.  If you further fail to appear in the case before the court determines the amount of damages (usually at a hearing), then you may also lose your ability to defend against damages claims. Of course, there are various ways to avoid a default judgment (such as filing an appearance before judgment enters), but if a lawsuit is ignored too long, you could face a similar fate as PepsiCo.

To avoid the PepsiCo disaster, Connecticut businesses should have a policy in place to handle all matters related to litigation or lawsuits.  A business should designate one person that all staff can refer litigation issues, lawsuit papers or any other documents.  Lawsuits should be given immediate attention so as to not miss any deadlines. 

In state court, deadlines can determined from civil summons or cover page of the lawsuit. 

  • A defendant has to file an appearance within 2 days of the return date listed on the civil summons
  • A defendant also has 30 days from the return date to file a responsive pleading to the complaint . 

These deadlines should not be ignored.  Although there are methods for vacating a default, even a frivolous lawsuit can end in a judgment if ignored for too long.

Business Litigation Blog Roundup

Here are some quick hits from Blogs I read around the country on business litigation.

Dionne Searcey of the Wall Street Journal law blog reports on the intellectual property fight over the red, white, and blue "Hope" image of President Barrack Obama created by Los Angeles artist Shepard Fairey.  Fairey is claiming his rights to the work, but apparently is confused as to his source material leading to the withdrawal of his duped attorneys. 

Rush on Business breaks down his tips for negotiating Franchise Agreements. Rush highlights the need to have an attorney review your franchise agreement and not to believe any franchisor that says you do not need an attorney or that they will not hold you to certain terms of the agreement.

A win for digital technology was reported on by Mack Sperling in the North Carolina Business Litigation Report.  Mack reports on a case where a settlement agreement was challenged under the statue of frauds because it involved land and there were no written signatures.  You can read here an earlier post from me on the statute of frauds in Connecticut.  The court upheld the agreement in part based on electronic signatures in emails exchanged between counsel. 

Nancy Savitt of the Privacy Law Blog reports on an enforcement action concerning the Children’s Online Privacy Protect Act (COPPA).  The Federal Trade Commission fined Iconix Brand Group, Inc $250,000 for "collecting personal information from children without complying with COPPA’s parent consent…"  The personal information at issue was dates of birth.  Collecting personal identifiers such as dates of birth can be a real risk for any business.  Read here for some of my posts on how Connecticut businesses can address privacy concerns.

 Jeffrey Mehalic’s West Virginia’s Business Litigation Blog discusses an interesting suit involving misappropriation of trade secrets against the Pittsburgh Post-Gazette.  A corporation, Mylan, brought a lawsuit against the paper claiming misappropriation of trade secrets and conversion for articles that were allegedly not favorable to Mylan.

Edward McNally of Delaware Business Litigation Blog reports on a case upholding Delaware as a forum for a trade secret case.  This post is informative in that it discusses why Delaware is often a preferred forum for corporate litigants trying to protect trade secrets.