Protecting Trade Secrets, Proprietary Info, and Confidential Data | Expert Guide

1. Introduction

In today's ever-evolving business landscape, organizations encounter a myriad of challenges. Prioritizing these challenges can be a daunting task, but it's imperative for companies to conduct thorough threat assessments and evaluate the potential impact of real threats. Once identified, organizations must take prudent and effective measures to mitigate potential damage. This responsibility is owed to stakeholders. This article delves into a pervasive threat that nearly every organization faces and the substantial return on investment in safeguarding some of the most prized assets exposed to misuse and theft: trade secrets, proprietary information, and confidential data.

Intellectual property plays a pivotal role in the modern economy, providing a competitive edge to enterprises. Intellectual property, in its various forms, fuels growth, contributing significantly to job creation and trade. In the United States, intellectual property in core industries has been estimated to account for at least 6% of the GDP. Recent estimates suggest that the total value of intellectual capital in U.S. businesses, encompassing copyrights, trademarks, patents, and trade secrets, constitutes approximately one-third of the value of these companies, equating to around $5 trillion.

Trade secrets and intellectual property rights incentivize entrepreneurs and investors to allocate resources for research, development, and innovation in technology, process enhancements, new services, and other critical activities. These rights are pivotal in safeguarding the nation's competitive edge. As one court aptly noted, “The future of the nation depends in no small part on the efficiency of industry, and the efficiency of industry depends in no small part on the protection of intellectual property.“1 Ensuring effective protection for intellectual property is paramount to fostering creativity and supporting an enterprise's economic and financial infrastructure.

Virtually every business possesses proprietary or confidential information worthy of some level of protection. Consequently, every enterprise must confront certain realities when evaluating the need and strategy for safeguarding its confidential and proprietary information:

Information Accessibility: Companies grant employees access to confidential and proprietary information to enhance efficiency and knowledge sharing. This practice extends beyond sales personnel to encompass managers, department heads, engineers, research and development teams, and more. The exposure of such information to competitors could have catastrophic consequences.

Technological Complexity: Systems storing critical data are increasingly complex and accessible. The use of laptops, remote work technologies like Virtual Private Networks (VPNs), and offsite work arrangements create opportunities for misuse and abuse.

Economic Impact: The U.S. Department of Commerce estimates that theft or misappropriation of trade secrets and confidential information costs U.S. businesses approximately $250 million annually.3

Cybersecurity Risks: According to the FBI and the Computer Security Institute's Computer Crime and Security Survey, theft of proprietary data and unauthorized access to information rank among the top sources of losses due to cybercrime, alongside viruses and hardware theft.

Legal Protection: A robust body of contract law and state and federal statutes exists to shield employers from unfair competition. However, leveraging these protections necessitates strategic evaluation.

2. Legal Considerations

Businesses enjoy a multitude of legal protections, and this article will focus on some essential tools at the disposal of every organization.

Contractual Safeguards: Restrictive Covenants

A restrictive covenant is a contractual agreement, typically between an employer and an employee but also applicable to vendors, suppliers, independent contractors, board members, and consultants. It prohibits one party from engaging in conduct detrimental to the other party's business. Among the most common restrictive covenants are agreements between businesses and employees, limiting post-employment competition, customer solicitation, employee hiring, and confidentiality breaches.

Enforcing non-competition agreements can be challenging due to varying state law requirements and judicial interpretations. However, these agreements can be tailored and enforced to meet legitimate business needs. The key to enforcement, irrespective of the state, lies in establishing a “protectable interest.” If an employer can demonstrate a protectable interest, the court may enforce the restrictive covenant. Protectable interests encompass information, processes, or practices conferring a competitive edge, not widely known outside the business, and requiring the employer's time, talent, and effort to develop. These can include customer lists, pricing strategies, security systems, marketing programs, formulas, design techniques, and sales data, among others.

3. Protecting Trade Secrets and Combating Computer Fraud – State and Federal Laws

The Uniform Trade Secrets Act (UTSA)

In the absence of enforceable restrictive covenants, employees generally have the freedom to compete with their former employers, including pursuing clients, accounts, and market areas. Recognizing the need to safeguard certain valuable company information, many states, along with the District of Columbia and the U.S. Virgin Islands, have adopted the Uniform Trade Secrets Act (UTSA). The UTSA aims to standardize rules regarding trade secrets and provide a framework for their protection.

The UTSA seeks to maintain commercial ethics, foster business creativity, and encourage innovation in the marketplace. It accomplishes these goals by prohibiting the misappropriation of a company's trade secrets and offering remedies for actual or potential misappropriations.

The UTSA defines a “trade secret” as information that:

• Derives economic value from not being generally known or readily ascertainable by others who can benefit from its disclosure.
• Is subject to reasonable efforts to maintain its secrecy.

Under this Act, businesses can file civil claims for trade secret misappropriation and request preliminary injunctions. Damages may include actual losses and unjust enrichment due to misappropriation, measured by a reasonable royalty.

The Federal Economic Espionage Act

The Federal Economic Espionage Act (18 U.S.C.A. §§1831 et. seq.) criminalizes the theft of trade secrets from employers. Its definition of trade secrets aligns with the UTSA.

In addition to criminal penalties, this Act empowers the Attorney General to seek civil injunctions to protect employers whose trade secrets have been stolen or misappropriated. Employers should carefully consider when and how to utilize this tool.

The Federal Computer Fraud and Abuse Act

The Federal Computer Fraud and Abuse Act (18 U.S.C.A. § 1030) is a statute often overlooked, providing both criminal and civil remedies for violations. This Act not only prohibits the theft of trade secrets from computer-based programs but also the malicious destruction of computer-based information and systems. While it should be seen as a supplemental protection, it can be used in cases involving the destruction or impairment of computer systems, data, or programs by current employees.

4. Implementing Reasonable Protection Measures

Taking “reasonable steps” to safeguard enterprise confidential information is crucial for two reasons: statutory compliance and bolstering the argument for protecting interests in enforcing restrictive covenants. Some common and cost-effective measures an organization might consider include:

• Executing confidentiality, non-compete, or non-solicitation agreements with relevant personnel and entities (e.g., suppliers, independent contractors, board members).
• Having employees sign invention assignment agreements.
• Incorporating confidentiality and trade secret provisions into company policies, handbooks, and collective bargaining agreements, allowing for appropriate access and evaluation of electronic information storage devices without violating employee privacy.
• Cataloging and limiting access to confidential information and trade secrets, particularly within the company's IT systems.

These represent a few actions employers can take to reasonably protect their confidential information and trade secrets.

5. Potential Detection and Remedial Actions

A protective strategy remains incomplete without processes and procedures for detecting and implementing effective remedial measures. When a key employee leaves the organization, for instance, mechanisms should be in place to identify and address potential misuse of the company's confidential information and trade secrets. Strategies may include:

• Conducting exit interviews with key employees to identify their new employers. Failure to disclose this information, especially when bound by restrictive covenants, raises red flags warranting further investigation.
• Immediately revoking departing employees' access to company information systems and facilities.
• Ensuring the secure storage of computers and data storage devices (e.g., phones, PDAs) and involving computer forensic experts for data recovery and analysis.
• Examining cell phone data, including text messages, emails, and documents, as mobile devices often contain valuable information.

Employers have an array of tools to detect, assess, and remedy trade secret and confidential information misappropriation. Employing these measures before seeking legal action can significantly mitigate threats to the company's economic vitality.

Conclusion

Given the substantial investment of resources, time, and expertise in developing an organization's advantages, including confidential information and trade secrets, it is wise to take necessary steps to protect this valuable information from theft and misuse by competitors.