Reasonable Steps and Trade Secret Protection

While companies are starting to better appreciate the role trade secrets can play in underpinning their intellectual capital, proactive trade secret management is still a very much neglected activity. This neglect can ultimately lead to the loss of valuable trade secrets and the loss of millions of dollars of value and legal fees. The widespread failure of many companies to take reasonable steps to protect their information should give managers and their company directors much pause. Fortunately, the law is starting to provide a clearer picture of what needs to be done, and there are many providers well versed in both best practices and productivity tools that will enhance a company’s trade secret protections.

Increased Trade Secret Litigation:

The number of trade secret disputes is increasing. Trade secret misappropriation litigation, like most IP litigation, is mostly a US issue but not exclusively so. The 2017 Trends in Trade Secret Litigation Report by Stout on US trade secret litigation at both state and federal level reveals some insightful data.

  • 25% of all cases originated in the industrial sector.
  • 46% of trade secret cases involved multiple forms of trade secrets.
  • IT, Consumer Discretionary; and Healthcare saw major increases in cases.
  • Trade secrets related to computer software, computer technology, customer info, pricing info, supplier relationships, and designs/blueprints made up a significant percentage of cases.
  • Plaintiffs received favorable decisions 69% of the time, vs. defendants/counter-claimants 24% of the time, and 7% of cases split.
  • Damages were awarded in 52% of Federal cases. Top 5 cases were each over $100M.

Failure to Take Reasonable Measures Major Cause of Litigation Loss

While plaintiffs generally do well in trade secret cases, a recent study of U.S. statistics compiled by Lex Machina shows that, when defendants actually contest the claims of trade secret plaintiffs, in the years since 2016 defendants win 54 percent of the time. Of those disputed cases, the analysis shows that 11% were dismissed because the plaintiff failed to take “reasonable measures” to protect the alleged “trade secret.” While the study’s data is not fully available, cross-referencing it with other analyses indicate that a very large number of cases fail because claimant didn’t maintain secrecy or the trade secret was generally known or readily ascertainable. As trade secret professionals, we are particularly frustrated as these failures by rights-holders could have been avoided by complying with relatively common-sense best practices.

For example in 2018 in Yellowfin Yachts v. Barker Boatworks, LLC, the Court of Appeals for the Eleventh Circuit, found that there were violations of Florida’s Trade Secret Act because no reasonable jury could conclude that the plaintiff had taken reasonable measures to protect its purported trade secrets. The plaintiff sued in 2015, alleging that its vice president of sales downloaded hundreds of files from its server, including customer specifications and drawings, when he left the company, and then used that valuable information to start a competitor. While it was true that plaintiff limited access to the valuable information to less than 5% of employees in the company; maintained it on a password-protected computer system; and gave verbal admonishments not to share the information with third parties, the Court of Appeals concluded it was not enough.  Why? Because the court determined that “Yellowfin effectively abandoned all oversight in the security” of the information at issue because it:

  • Had encouraged the vice president to store the information on a personal laptop and phone and never asked him to delete the information from those personal devices when he left the company;
  • Had not instructed the vice president to secure the information on his personal devices;
  • Allowed the vice president to have access to the information even though he had refused to sign a confidentiality agreement; and
  • Had not marked the information as confidential.

The statistics from these studies should serve as a wake-up call to all companies. What’s more, they likely underestimate how many companies find themselves unable to do anything about loss of control over important information because they have no legal remedies and decided not to pursue litigation at all — or tried to seek remedies through other channels.

The takeaway is that companies need to be proactive. They must act prior to theft occurring by taking steps to maximize the potential legal remedies available if the worst happens — which will coincidentally have the silver lining of reducing the likelihood of the worst happening in the first place.

Trade Secret Law; a Review

The laws governing trade secrets differ from country to country — however, common among nearly all these laws is that a trade secret is any information that:

  • Is not generally known or readily accessible.
  • Confers some sort of economic benefit on its owner. This benefit must derive specifically from the fact that it is not generally known, and not just from the value of the information itself. It must have commercial value because it is a secret. Commercial value encompasses potential as well as actual value.
  • Must have been subject to reasonable measures or steps by the rightful holder of the information to keep it secret. What is considered reasonable can vary depending on the specific circumstances.

A trade secret continues for as long as the information is maintained as a trade secret. However, information may no longer be considered a trade secret once it becomes easily accessible, is no longer properly protected, or has no commercial value.

What Are Reasonable Measures?

What comprises reasonable measures is highly context-specific and there are few bright-line rules other than the obvious (e.g., servers should have passwords, sensitive information should be under lock and key, anyone with access to confidential information should be contractually bound to keep it secret). That said, the courts have started to issue opinions that can be used as a framework on which to build some rules of thumb. 

1.) Do something. One would think that it should be obvious that some protective measures should be implemented, but surprisingly many companies go through the costly effort to sue alleged trade secret thieves while failing to take any steps to protect their secrets. See, e.g., Solid Wood Cabinet Co. v. Partners Home Supply, No. 13-cv-3598, 2015 WL 1208182 (E.D. Pa. March 13, 2015) (granting summary judgment in favor of defendants finding no evidence of protective steps); International Mezzo Technologies Inc. v. Frontline Aerospace Inc., no. 3:10-cv-397, at *18 (M.D. La. Sept. 25, 2014) (“Although [the report at issue] was marked as proprietary and confidential, the plaintiff did not introduce evidence to demonstrate its affirmative efforts to maintain the secrecy of the information contained in the report.”); Hill Holiday Connors Cosmopulos Inc. v. Greenfield, No. 6:08-cv-03980-GRA at 11 (D.S.C. April 8, 2010)(failure to use an NDA is fatal to trade secret claim).

2.) If It Is Important – Do More. Some courts have indicated that they want to see a company go above and beyond normal business practices to protect their trade secrets. See, e.g. Dryco LLC v. ABM Indus. Inc. , No. 07-cv-0069, at 14(N.D. Ill. Oct. 16, 2009) (finding insufficient plaintiff’s contention that specific protective measures were not required when it was custom in the industry to keep the information confidential); Opus Fund Servs. (USA) LLC v. Theorem Fund Servs. LLC , No. 17-cv-923, at 7 (N.D. Ill. March 5, 2018) (dismissing trade secret case where plaintiff had done “nothing to differentiate its protective measures for the alleged proprietary trade secrets from those imposed on any other corporate information.”).

3.) An NDA Is Good, but not Enough. Contractual provisions protecting information may provide a legal remedy if the information is misappropriated, but many courts have specifically stated that such agreements — without more — are not enough to meet the requirement. On the other hand, many courts have pointed to the lack of a confidentiality agreement when finding that a company did not take sufficient protective measures. The clear takeaway here is that courts view confidentiality agreements as a solid protective measure, as part of a larger protection strategy — but not sufficient in and of themselves. See, e.g., Opus at 5 (“While ‘an agreement restricting the use of information may be considered a reasonable step to maintain secrecy of a trade secret,’ such an agreement, without more, is not enough.”).

4.) Departing Employees are Not Your Friends. When an employee departs, it is an especially vulnerable time for trade secret theft. Courts are particularly harsh when companies fail to cut off employee access to company data. See, e.g., Orthofix Inc. v. Hunter, 55 F. Supp. 3d 1005, 1013 (N.D. Ohio 2014), rev’d on other grounds and remanded, 630 F. App’x 566 (6th Cir. 2015) (noting that “when [defendant] left the company, [plaintiff] did not engage in meaningful efforts to seek the return of any trade secret information defendant might possess”); FormFactor Inc. v. Micro-Probe Inc., No. 10-cv-3095 PJH, at *11 (N.D. Cal. June 7, 2012) (noting that the plaintiff allowed the defendant to store business information on personal devices and “did not request that defendant returned company data when leaving company”); Abrasic 90 Inc. v. Weldcote Metals, Inc., 18-CV-05376 (NDIl. Mar. 4, 2019); Bison Advisors LLC v. Kessler, No. CV 14-3121 (DSD/SER), *10 (D. Minn. Aug. 12, 2016). (“The law is clear that the mere existence of a confidentiality agreement is insufficient to establish that the covered information is a trade secret (plaintiff had taken “almost no measures to safeguard the information that it now maintains was invaluable to its competitors;” data security “was so lacking that it is difficult to identify the most significant shortcoming”).

Indeed, it is extremely sobering to read some of the more recent trade secret theft cases like the criminal complaint against the Chinese company Sinovel, which was ordered to pay $59 million for stealing trade secrets. Sinovel had been found guilty of stealing trade secrets in Federal Criminal Court for paying an Austria-based employee of American Superconductor Corp. to steal its source code for software that powered wind turbines. While scary, what is especially galling, is reading the FBI affidavit in support of the complaint. In paragraph 11, the FBI agent recounts that the thief resigned his position from AMSC but kept access to an AMSC office and AMSC’s computer systems for three months afterwards – during which time it appears that the theft occurred. This is such a shocking lapse in corporate judgement that we wouldn’t be surprised if officers or directors were found personally liable for this breach of their duties.

5.) Recipients Need to Appreciate What They Have. Courts do not look favorably on trade secret plaintiffs who failed to mark their information as such. Convolve Inc. v. Compaq Computer Corp., 527 F. App’x 910 (Fed. Cir. 2013) (finding that the information lost any “trade secret status” when it was disclosed without markings required under the non-disclosure agreement).

6.) If you start a trade secret management program, make sure it is consistently and correctly applied. Companies that label information as trade secrets need to ensure that they are consistent. If they fail to label information as a secret, courts may find that it is not in fact a secret. Call One Inc. v. Anzine, 2018 WL 2735089 at *9 (N.D. IL. 2018) (dismissing trade secret claim because the plaintiff had a policy requiring all confidential and trade secret information to be labeled as such, yet the stolen information was not labeled).

7.) One Size Does Not Fit All. Because companies only need to take “reasonable” measures, those measures will differ between companies and, perhaps, even between divisions within a company. As the court in Puroon Inc. v. Midwest Photographic Res. Ctr. Inc., No. 16-cv-7811, at 17 (N.D. Ill. Nov. 2, 2018) explained, “reasonable steps for a two or three person shop may be different from reasonable steps for a larger company.”

8.) Conclusions – Trade Secret Audits

The old saying that an ounce of prevention is worth a pound of cure is especially true with respect to trade secrets.  Courts are making it clear that failure to take reasonable measures will be fatal to a company’s trade secrets. Luckily for trade secret owners, there are many providers who can very effectively and efficiently walk companies through trade secret assessments and help them set up (and manage if required) trade secret asset management schemes that will save companies time, money and heartbreak by avoiding the devastating loss to the enterprise that can accompany trade secret misappropriation.

About David Cohen & Donal O’Connell:

David Cohen and Donal O’Connell have been involved with this form of IP for several years.

They have had over 50 papers published on various aspects of trade secrets and trade secret asset management. They have conducted intense trade secret workshops for a variety of companies and organizations. They have also developed a leading-edge trade secret asset management solution to help clients (operating companies, legal & IP firms, finance & tax firms, and IP insurance providers) manage such assets in a proper and professional manner.

David Cohen has been practicing IP law for over 20 years. He is the former Chief Legal and IP Officer at Vringo (at the time a public tech and IP licensing company); Senior Counsel at Nokia; and was an IP lawyer first at Skadden Arps and then at Lerner David.

Donal O’Connell is ex VP of R&D and ex Director of IP at Nokia; Adjunct Professor of IP at Imperial College Business School and an IAM300 Top Global IP Strategist member for several years.

Contact David Cohen with questions or comments.