Practitioners in the area of trade secret protection and employee mobility law are still trying to sort out the impact of a federal court jury verdict in San Francisco last month finding former Korn Ferry executive David Nosal guilty of two criminal counts stemming from his alleged misappropriation of the Company’s proprietary information after his departure. The long-running legal saga of Mr. Nosal, whose name is undoubtedly destined to become synonymous with several critical issues related to computer law, has been the subject of a previous post on our Trade Secret and Non-Compete blog. In short, following a script we have read many times before, Mr. Nosal was accused of leading a conspiracy of existing and former employees of Korn Ferry, the executive placement behemoth, with the intent of setting up a competing firm with a business model based largely on misappropriation of Korn Ferry’s proprietary information regarding potential placement prospects. The case was an unusual one because the alleged theft was so significant and brazen that it resulted in criminal prosecution of Nosal in federal court under the Computer Fraud and Abuse Act (CFAA).
The case has dragged on for nearly eight years. For a time, it looked as if the prosecution was on the ropes after the Ninth Circuit, in a much-anticipated en banc decision, ruled that six of the federal charges against Nosal could not be brought under the CFAA. The court of appeals decision, written by the famously tech-savvy Chief Judge Alex Kozinski ruled essentially that the alleged efforts by Nosal and his co-conspirators to purloin Korn Ferry’s critical database of prospects was not within the scope for the CFAA because it did constitute computer “hacking” as that term is commonly understood. The Ninth Circuit’s decision was at odds with the holdings of several other courts of appeal on similar issues. The Justice Department declined to challenge the Ninth Circuit’s decision in the Supreme Court, but the issue regarding the applicability of the CFAA in the context of trade secret misappropriation by employees or former employees seems inevitably destined for eventual High Court review.
Despite having its case dramatically trimmed in size, the government managed to secure a conviction of Nosal on two counts. His attorneys have already vowed an appeal. Perhaps it will be the Ninth Circuit’s decision in “Nosal II” that will make it to the High Court.
Criminal prosecutions in the context of trade secret misappropriations are of course rare but the Nosal case has been closely watched by attorneys who seek to protect trade secrets through civil litigation. The verdict obtained in San Francisco in this case may make federal prosecutors more willing to consider prosecution under the CFAA in egregious cases of trade secret theft involving computers, breathing some life back into the potential threat of criminal prosecution as the ultimate weapon in the employer’s arsenal of means to prevent or address trade secret misappropriation.
The circumstances of the Nosal case also show that the basic elements of an employer’s strategy for protecting its trade secrets remain the same. First, it is critical that the employer’s computer use policies be carefully drafted to define the proper limits of employee use and that they reflect the realities of how the employer conducts its business on a day-to-day basis. In its en banc decision, the Ninth Circuit rejected application of the CFAA on the facts presented, in part, out of fear that a broad application of the statute to an employee who violates his or her employer’s computer use policies could turn vast numbers of people into unwitting criminals. Judge Kozinski noted that employers’ computer use policies are typically “lengthy, opaque, subject to change, and seldom read.” Your Company’s computer use policies must be clear, current to business conditions, and verifiably published to employees.
Second, an employer that wishes to take full advantage of trade secret protection must in fact protect its trade secrets. In the Nosal appeal, Judge Kozinski also voiced concern that making an employee’s misuse of a work-provided computer a federal crime under the CFAA would be improper because such “crimes” are rarely prosecuted, which gives prosecutors excessive discretion to pursue selective prosecution. In the civil context, we see over and again situations where the employer is hobbled in getting injunctive relief to address trade secret theft because of its weak record of actually taking affirmative steps to protect the information at issue from misuse or disclosure. If a certain type of business information has real competitive value to your business – or to the competition – take demonstrable steps to protect it on a day-to-day basis, not just when an employee leaves to compete against you. Doing this takes discipline and conscious development of a corporate culture around this issue.
Third, the employer that wants real protection of its trade secrets must act quickly, aggressively, and effectively when misappropriation occurs. The forensic investigation supporting a claim for civil relief must be technically unassailable and understandable by a court in the context of the often hurried consideration of an application for temporary injunctive relief. Going to court quickly, effectively and frequently when trade secret misappropriation occurs can assist an employer in developing a reputation that it is not to be “messed with” regarding its proprietary information. Such a reputation can have a real prophylactic effect on employees contemplating possible trade secret mischief on their way out the door.
The Nosal saga continues on. This will not be our last word on this story.