Since it went into effect in 2016, the Defend Trade Secrets Act has brought an upsurge in the number of trade secrets cases being brought in federal court. As Robert Milligan, a partner at Seyfarth Shaw, puts it, DTSA was “a real game changer in the sense that federal court was often off limits to trade secret owners.” In fact, he notes, until DTSA, “Trade secrets in the world of IT were often looked at as the ugly stepchild.” But now, he says, companies are focusing on them “as a way to separate themselves from competitors and really add value to their company.”
Milligan, who is co-chair of his firm’s national Trade Secrets, Computer Fraud & Non-Competes Group, joined Jim Vaughn, managing director at iDiscovery Solutions, to present the final installment in Corporate Counsel Business Journal’s four-part webinar series, Essential Litigation Webinars, which iDiscovery co-hosted (bit.ly/iDS_DTSA11217). Their focus: Given DTSA, what do companies need to do to identify and protect their trade secrets—and, when they’re stolen, how do they catch the thieves?
DTSA, Milligan told webinar participants, has greatly expanded the definition of trade secrets. “They use very general-type labels,” he said, “but you can see how broad and elastic the things are that will qualify: plans, formulas, programs, devices, methods, techniques….”
Assessing what qualifies as a trade secret, he noted, requires that “somebody at the company has ownership,” that there’s “somebody who is responsible for identifying and protecting the trade secrets, someone who works with outside counsel and computer forensics professionals.”
Beyond that, he added, “the owner has to make sure that there are reasonable measures in place to keep such information secret.” These start with nondisclosure agreements—for employees as well as third-parties such as vendors—and include carefully orchestrated onboarding and off-boarding procedures, making sure, for example, that “a departing employee can’t walk off with highly valuable information if you don’t have a good exit interview.” And, while Milligan stressed that “You’re going to want to make sure that your nondisclosure agreements are really calling out what your bread and butter is as it relates to trade secrets,” Vaughn added that companies also need to ask if “there are any implied trade secrets that would characterize as a trade secret if it’s simply of a nature that would reasonably be intended to be confidential in the absence of an NDA or other confidentiality agreement.”
Milligan pointed to the importance of not only doing an audit of what trade secrets your company has, but also how you’re protecting that information. This includes considering, for example, how you configure your network, how you distribute laptops, whether yours is a bring-your-own-device (BYOD) house, and even whether you allow VPN.
It also, Vaughn noted, means making sure that passwords are changed regularly, and that accounts and access to certain databases as well as storage systems such as Dropbox are disabled when employees leave.
Vaughn reviewed some of the ways in which trade secrets are stolen, starting with simply copying documents (“It actually still happens,” he said, “where people will print out documents and walk out with them”), and including downloading information from computers using external drives, USB devices and thumb drives; sending emails from corporate to personal email accounts; hacking into computer networks; and obtaining information directly from former or even current employees.
If a theft is suspected, Vaughn said, it’s important that you “quarantine any data sources, maintain the proper chain of custody” through which you know “about dates and times of activity.” But be careful, Milligan added, that you “get involved with a computer forensic investigator” who can tell you what’s really going on.
Once the evidence is compiled, Milligan noted, “You need to get a handle on whether the information that was taken is actually protectable.” As he said, “If you run into court and you haven’t dotted your i’s and crossed your t’s, then you’re just asking for trouble.” But once you decide to take the matter to court, move quickly, because “if you wait too long, the court will point that out and deny your relief.” On the other hand, “if you go in too quickly, the court may say there’s nothing here.”