Trade Secrets and Confidential Information

Jim Flynn, an attorney in Epstein Becker & Green’s Newark, New Jersey office, recently addressed in separate forums the delicate balance that trade secret owners and their counsel must strike when litigating over trade secrets and confidential information. First, Mr. Flynn moderated a panel discussion among trade secret litigators (including one from Beijing) at the American Intellectual Property Law Association (“AIPLA”) Spring Meeting in Seattle, Washington. His May 16th AIPLA session was entitled “A Litigator’s Guide to Protecting Trade Secrets During Litigation,” and program materials included his written paper on the Catch-22 aspects noted above. Additionally, Mr. Flynn published on May 23, 2018 an International Lawyers Network IP Insider article entitled The Catch-22 Of Litigating Your Trade Secrets Case Without Revealing The Secrets Themselves that addressed these topics in further detail.   As he pointed out in that article:

“You mean there’s a catch?”

“Sure there’s a catch,” Doc Daneeka replied. “Catch-22. Anyone who wants to get out of combat duty isn’t really crazy.”

There was only one catch and that was Catch-22, which specified that a concern for one’s own safety in the face of dangers that were real and immediate was the process of a rational mind. Orr was crazy and could be grounded. All he had to do was ask; and as soon as he did, he would no longer be crazy and would have to fly more missions. Orr would be crazy to fly more missions and sane if he didn’t, but if he was sane, he had to fly them. If he flew them, he was crazy and didn’t have to; but if he didn’t want to, he was sane and had to. Yossarian was moved very deeply by the absolute simplicity of this clause of Catch-22 and let out a respectful whistle.

[Heller, Catch-22, at 52 (1999, S &S Classics Edition))]

Trade secret litigators (and especially trade secret trial attorneys) and their clients let out a similar whistle often—Because “trade-secret litigation” is an oxymoron in many ways. The very desire to protect one’s trade secrets, i.e. to keep them secret, requires disclosing them to a certain extent in certain ways to certain people (in other words making them less secret). Thus, the whistle is usually more regretful than respectful, as those forced to litigate to defend their trade secrets face a classic Catch-22 scenario. Rather than whistling a happy tune to overcome the fear of losing one’s trade secret protection, these litigants and litigators are whistling past the graveyard, knowing that all manner of frights, scares, and dangers—real and imagined—lurk in the pleading, discovery, motion and trial phases of such litigation. The goal here is give such litigants and litigators a few hints for making that a safer trip.

Read the full article here.

On May 10, 2018, the New Jersey Assembly Labor Committee advanced Assembly Bill A1769, a bill that seeks to provide stricter requirements for the enforcement of restrictive covenants.

If enacted, the legislation would permit employers to enter into non-competes with employees as a condition of employment or within a severance agreement, but such non-competes would only be enforceable if they meet all of the requirements set forth in the legislation. Thus, if enacted, employers will have to comply with the following requirements in order for a New Jersey non-competition agreement to be enforceable:

  1. If the non-compete is entered into in connection with commencement of employment, the employer must disclose the terms in writing to the prospective employee by the earlier of a formal offer of employment, or 30 business days before the commencement of the employee’s employment;
  2. If the non-compete is entered into after commencement of employment, the employer must provide the agreement to the employee at least 30 business days before the agreement is to be effective;
  3. The non-compete agreement must be signed by both the employer and the employee and expressly state that the employee has a right to consult with counsel;
  4. The non-compete shall not be broader than necessary to protect the legitimate business interests of the employer, including the employer’s trade secrets or other confidential information, such as sales information, business plans, and customer or pricing information;
  5. The time period of the non-compete must not exceed 1 year following the date of termination of employment;
  6. The non-compete must be reasonable in geographic scope, meaning that it must be limited to the geographic area in which the employee provided services or had a material presence during the two years preceding the date of termination, and the non-compete may not restrict the employee from seeking employment in other states;
  7. The non-compete shall be reasonable in the scope of the proscribed activities and limited to only the specific types of services provided by the employee at any time during the employee’s last two years of employment;
  8. The agreement must state that the employee will not be penalized for challenging the enforceability of the non-compete;
  9. The agreement should not contain a choice of law provision that would have the effect of avoiding the requirements of the legislation;
  10. The agreement shall not waive the employee’s substantive, procedural, or remedial rights provided under the legislation or any other law, or under the common law;
  11. The non-compete shall not restrict the employee from providing a service to a customer of the employer if the employee does not initiate or solicit the customer; and
  12. The agreement shall not be unduly burdensome on the employee, injurious to the public, or inconsistent with public policy.

The bill broadly defines “[r]estrictive covenant” as any agreement between an employer and an employee under which the employee “agrees not to engage in certain specified activities competitive with the employee’s employer after the employment relationship has ended.” It is unclear whether the bill intends to apply only to traditional non-compete agreements or whether it is also intended to apply to other forms of restrictive covenants, such as non-solicit and/or anti-raiding provisions. It appears, however, that the bill is intended to apply only to non-competes as the proposed legislation contains a provision stating that a restrictive covenant may be presumed necessary where the legitimate business interest cannot be adequately protected through an alternative agreement, such as “an agreement not to solicit or hire employees of the employer; an agreement not to solicit or transact business with customers, clients, referral sources, or vendors of the employer; or a nondisclosure or confidentiality agreement.”

Moreover, the bill provides that any non-compete shall be unenforceable against all non-exempt employees, as well as other types of short-term or low-wage employees.

An employer who seeks to enforce the non-compete would be required to notify the employee in writing within 10 days after the termination of the employment relationship of the employer’s intent to enforce the non-compete. Failure to provide such notice shall void the agreement; however, notice need not be given in the event the employee was terminated due to misconduct.

Unless the employee was terminated for misconduct, the bill would also require employers who enforce a non-compete to pay the employee during the restricted period 100 percent of the pay that the employee would have been entitled and make whatever benefit contributions would be required in order to maintain the fringe benefits to which the employee would have been entitled.

If enacted, the legislation would allow employees to bring a cause of action against any employer or person alleged to have violated the act. In addition to injunctive relief, employees would be permitted to recover liquidated damages, compensatory damages, and reasonable attorneys’ fees and costs.

As with many other New Jersey employment laws, the bill would require employers to post a copy of the act or summary in a prominent place in the work area.

While the act would go into effect immediately upon enactment, it would not apply to any agreement in effect on or before the date of enactment.

If enacted, Assembly Bill A1769 would severely curb the use of non-competes in New Jersey. Employers should be aware of the multitude of requirements they would have to establish in order to enforce a non-compete, including the requirement to pay employees 100 percent of their salary during the time the non-compete is in effect. Thus, in the event the bill is signed into law, employers should now begin to consider implementing other types of agreements aimed at protecting their legitimate business interests, such as confidentiality agreements and non-solicit agreements in lieu of non-competition agreements.

In managing workforces, particularly when addressing employee turnover, employers often find themselves facing issues regarding how best to safeguard their confidential business information and how to protect their relationships with clients and employees. In recent years, the legal landscape underlying these issues has been evolving, as lawmakers and judges grapple with the tension in these matters between protection and free competition.

In this Take 5, we examine recent developments, both in the courts and legislative bodies, concerning trade secrets and employee mobility:

  1. Antitrust Action Against No-Poaching Agreements: The Trump Administration Continues Obama Policy
  2. Drafting “Garden Leave” Clauses in Employment Agreements
  3. Will Insurance Cover a Company Sued in a Trade Secrets Lawsuit?
  4. Defend Trade Secrets Act Developments in 2017
  5. New and Proposed State Statutes and Federal Legislation Limiting Non-Compete Agreements

Read the full Take 5 online or download the PDF.

Consider the following scenario: your organization holds an annual meeting with all Research & Development employees for the purpose of having an open discussion between thought leaders and R&D regarding product-development capabilities. This year’s meeting is scheduled outside the United States and next year’s will be within the U.S. with all non-U.S. R&D employees traveling into the U.S. to attend. For each meeting, your employees may be subject to a search of their electronic devices, including any laptop that may contain your company’s trade secrets. Pursuant to a new directive issued in January 2018 by the U.S. Custom and Border Protection (“CBP”), the electronic devices of all individuals, including U.S. citizens and U.S. residents, may be subject to search upon entry into (or leaving) the U.S. by the CBP. CBP Directive No. 3340-049A (Jan. 4, 2018).

The directive allows for the warrantless border search of electronic devices without a showing of reasonable suspicion. It differentiates between a basic search and an advanced search. A basic search allows officers, with or without suspicion, to examine an electronic device, including an examination of the information that is resident and accessible on the device. Information that is solely stored remotely may not be accessed. An advanced search is one in which the officer connects external equipment, through a wired or wireless connection, to an electronic device in order to “review, copy, and/or analyze” the contents of the electronic device. Advanced searches are permitted where there is a “reasonable suspicion” of criminal activity or for national security concerns. While the directive states that “[m]any factors” may create a reasonable suspicion or a national security concern warranting an advanced search, it articulates examples particularly aimed at national security concerns but does not provide much color as to what may constitute reasonable suspicion of criminal activity.

By issuing the directive, the CBP appears to align its position with that of the majority of federal courts that held reasonable suspicion is not required for border searches of electronic devices. See, e.g., United States v. Ickes, 393 F.3d 501, 506-07 (4th Cir. 2005) (rejecting reasonable suspicion requirement for laptop computer searches at the border); United States v. Linarez-Delgado, 259 Fed. Appx. 506, 508 (3d Cir. 2007) (rejecting reasonable suspicion requirement for border search of electronic data). Thus, the CBP may have also sought to reject the statements by at least one other court suggesting a requirement for a showing of reasonable suspicion before search of an electronic device. See, e.g., United States v. Cotterman, 709 F.3d 952 (9th Cir. 2013) (implying that officers need reasonable suspicion to conduct a border search of complex personal computing devices).

Can’t your employees just encrypt everything before international travel? Under the directive, travelers are required to present the electronic device (and the information contained within the device) in a condition that allows for the inspection of the device and its contents. Therefore, under the directive, officers may request an individual’s assistance in accessing the device if it is encrypted or password protected, and officers are authorized to detain a device pending a determination as to its admissibility in to the U.S.; they may also exclude a device if access to it is prevented by encryption or password protection.

The directive provides officers with instructions regarding the handling of certain sensitive materials, including business information, medical records, and information protected under the attorney-client privilege. Upon encountering business or commercial information resulting from a search, such as confidential business information, officers are required to “protect that information from unauthorized disclosure[.]” Such confidential business information may only be shared with agencies or entities that have mechanisms in place to protect the information.

Companies should alert employees of the requirements under the new directive. Certain preventative steps should be considered to minimize the potential for disclosure of confidential information at the border, including: (1) minimizing the number of electronic devices with trade secret or confidential information; (2) minimizing the amount of confidential information on a device; (3) to the extent possible, using electronic devices that do not contain confidential information when international travel is required; and (4) considering whether confidential information on the device should be encrypted but with the knowledge that CBP may request that the device be unlocked. Companies should also be cognizant of other issues relating to encrypted devices, including U.S. export control requirements for traveling to certain countries and licenses that may be required for individuals traveling into certain countries with an encrypted device.

In the event of an inspection request by an officer, your employees should be prepared to alert the officer that the device contains confidential business information in order to protect against its disclosure. Employees should also carry company business cards to show officers requesting an inspection that they are an employee of your company.

Financial analytics firm Novantas, Inc. and two individual defendants closed out 2017 with a victory, securing the dismissal of claims by rival First Manhattan Consulting Group LLC (“First Manhattan Consulting Group”) [1], which accused them of competing unfairly by poaching First Manhattan Consulting Group’s employees in order to steal its trade secrets.  The result demonstrates the need for plaintiffs in such cases to be able to prove with specificity which trade secrets were taken or threatened by the defendants’ conduct.

The Complaint alleged that Novantas engaged in a “pattern and practice of poaching” First Manhattan Consulting Group’s employees, including defendants Peter Gilchrist and Andrew Frisbie in 2014, to gain access to First Manhattan Consulting Group’s confidential information.  These individuals, who were officers of First Manhattan Consulting Group, were subject to contractual confidentiality and employee non-solicitation obligations.  First Manhattan Consulting Group asserted causes of action for breach of contract against the individuals, for tortious interference with contract and unfair competition against Novantas, along with a misappropriation of trade secrets claim against all defendants.

The case went to trial in Supreme Court, New York County. Justice Barry Ostrager declined to submit the misappropriation claim to the jury, because the information presented by First Manhattan Consulting Group at trial did not appear to the Court to be a trade secret, and there was no testimony concerning trade secrets.  In its verdict, the jury unanimously found no liability on any of the other claims.  On December 19, 2017, the Court dismissed First Manhattan Consulting Group’s claims.

For practitioners, this outcome is a useful reminder that trade secret misappropriation claims require in-depth understanding of the client’s business, detailed allegations in pleadings of the legally required elements of a misappropriation claim and, at trial, a full presentation regarding the wrongdoing and what specific information was taken and how the plaintiff has been damaged.

 

[1] First Manhattan Consulting Group is unrelated to First Manhattan Co.

In First Western Capital Management Co. v. Malamed, Case Nos. 16-1434, 16-1465 & 16-1502 (10th Cir. Oct. 30, 2017), the Tenth Circuit Court of Appeals held that a district court erred in issuing a preliminary injunction to a party under federal and state trade secret law where the court presumed that the party would be irreparably harmed absent the injunction.

Ordinarily, in order to obtain a preliminary injunction, a moving party needs to establish, among other things, that it will suffer irreparable harm if the injunction is denied. This requires the party to show that there is a significant risk that it will experience harm that cannot be compensated by money damages.  In First Western Capital Management, however, the district court held that the plaintiff (First Western) was not required to establish irreparable harm because both the Defend Trade Secrets Act (“DTSA”) and the Colorado Uniform Trade Secrets Act (“CUTSA”) provide for injunctive relief to prevent misuse of trade secrets, and the evidence showed that the defendant was misusing or threatening to misuse trade secrets regarding First Western’s clients.  Thus, the district court held that irreparable harm “presumptively exists and need not be separately established.”  Had First Western not been excused from showing irreparable harm, the district court would have denied its request for injunctive relief because evidence was presented that showed that monetary damages could be reasonably quantified and would adequately make First Western whole.

The Tenth Circuit explained that courts may presume irreparable harm only when a party is seeking an injunction under a statute that mandates injunctive relief as a remedy for a violation of the statute.  When Congress or a state legislature passes such a statute, it effectively has withdrawn the court’s discretion to determine whether such relief is appropriate.  By contrast, when a statute merely authorizes injunctive relief, courts may not presume irreparable harm, as doing so is contrary to equitable principles.  Because DTSA and CUTSA only authorize, but do not require, injunctive relief, and because the evidence presented to the district court showed that monetary damages could be quantified in order to compensate First Western, the Tenth Circuit reversed the district court’s grant of the injunction to First Western.  Legal practitioners thus should carefully review the applicable statute to determine whether it mandates or merely permits injunctive relief; where such relief is not required, they should make a fulsome showing that their client will suffer irreparable harm without an injunction.

Plaintiff Art & Cook, Inc., a cookware and kitchenware company, brought suit in New York federal court against a former salesperson, Abraham Haber, when a search of his work computer revealed that he had emailed to his personal email account two categories of documents alleged by Art & Cook to be trade secrets: (i) its customer contact lists and (ii) its designs and branding/marketing strategies. Although the court already had issued a temporary restraining order, in Art & Cook, Inc. v. Haber, No. 17-cv-1634, 2017 U.S. Dist. LEXIS 164366 (E.D.N.Y. Oct 3, 2017), the court denied Art & Cook’s motion for a preliminary injunction brought exclusively under the Defend Trade Secrets Act (“DTSA”) because the company failed to demonstrate a likelihood of success on the merits of a DTSA cause of action.

First addressing the customer lists at issue, the court noted that the Second Circuit has long held that, under certain circumstances, a customer list may be deemed a trade secret – particularly where the customer list contains individual customer preferences or represents the list owner’s work to create a market for a new service or good. Where the list contains little more than publicly available information, even if it takes considerable effort to compile, it is not accorded protection under DTSA. The customer lists at issue in this case fell into the latter category, as they contained nothing more than a compilation of publicly available information including emails and phone numbers. The court said that that the fact that it took the company “tens if not hundreds of hours” of research to compile those lists was insufficient under DTSA.

Turning next to the company’s designs and branding/marketing strategies, the court noted that such material was exactly the kind of business information that DTSA was designed to protect because they derive independent economic value from not being generally known. However, the company failed to show that it took “reasonable measures” to keep the information secret. For example, the company’s president testified that he spoke to Haber many times about confidentiality, but the company did not require him to sign a non-disclosure agreement. In fact, the company asked him to sign a non-disclosure agreement three years into his employment and, when he refused to sign, nevertheless gave him access to what it contended was confidential information. The court found that the company’s other steps to secure its information, such as utilizing a password-protected server and folders, were inadequate given such circumstances.

Given the lack of a likelihood of success on the merits as to the DTSA claim, the court denied Art & Cook’s motion for a preliminary injunction and advised that the claim was susceptible to a motion to dismiss. The court’s decision provides companies with insight into what kinds of information are trade secrets under DTSA and how they should protect their trade secrets.

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

The NAIC Working Committee expressed a preference for a uniform nationwide standard: “This new model, the Insurance Data Security Model Law, will establish standards for data security and investigation and notification of a breach of data security that will apply to insurance companies, producers and other persons licensed or required to be licensed under state law. This model, specific to the insurance industry, is intended to supersede state and federal laws of general applicability that address data security and data breach notification. Regulated entities need clarity on what they are expected to do to protect sensitive data and what is expected if there is a data breach.  This can be accomplished by establishing a national standard and uniform application across the nation.”  Other than small licensees, the only exemption is for Licensees certifying that they have in place an information security program that meets the requirements of the Health Insurance Portability and Accountability Act.  According to the Committee, following adoption, it is likely that state legislatures throughout the nation will move to adopt the model law.

The model law is intended to protect against both data loss negatively impacting individual insureds, policy holders and other consumers, as well as loss that would cause a material adverse impact to the business, operations or security of the Licensee (e.g., trade secrets).  Each Licensee is required to develop, implement and maintain a comprehensive written information security program based on a risk assessment and containing administrative, technical and physical safeguards for the protection of non-public information and the Licensee’s information system.  The formalized risk assessment must identify both internal threats from employees and other trusted insiders, as well as external hacking threats.  Significantly, the model law recognizes the increasing trend toward cloud based services by requiring that the program address the security of non-public information held by the Licensee’s third-party service providers.  The model law permits a scalable approach that may include best practices of access controls, encryption, multi-factor authentication, monitoring, penetration testing, employee training and audit trails.

In the event of unauthorized access to, disruption or misuse of the Licensee’s electronic information system or non-public information stored on such system, notice must be provided to the Licensee’s home State within 72 hours.  Other impacted States must be notified where the non-public information involves at least 250 consumers and there is a reasonable likelihood of material harm.  The notice must specifically and transparently describe, among other items, the event date, the description of the information breached, how the event was discovered, the period during which the information system was compromised, and remediation efforts.  Applicable data breach notification laws requiring notice to the affected individuals must also be complied with.

In a very thorough analysis following a 3 day Preliminary Injunction hearing Judge Jed Rakoff declined to issue injunctive relief to a former employer seeking to enjoin four former employees and their new employer from competing or from soliciting clients or employees. The decision is far ranging in the employee movement context touching upon inadvertent retention of confidential information, the propriety of new employers providing broad indemnifications and large signing bonuses to the recruits,  and the scope of allowable “preparatory conduct” in a one year non-compete period, among other issues presented in the context of a group of employees in the eDiscovery services space collectively on the move.

Four senior sales executives of plaintiff Document Technologies Inc (“DTI”) collectively decided to leave DTI and signed new employment agreements with LDiscovery. LDiscovery provided the four with agreements that indemnified them from claims of improper conduct by DTI as well as significant signing bonuses to make up for lost compensation during the one year non-compete period they agreed to abide by. The Court found nothing wrong with these agreements and also that accepting employment and engaging in preparatory meetings and analysis of the marketplace were permissible preparatory acts and do not violate the non-competition prohibitions in their agreements with DTI. The Court also found that there was no breach of the employee non-solicit where the four employees coordinated their job search since they had each individually resolved to leave DTI in advance of coming together. Collectively reaching the conclusion to seek alternative employment was found not to be a breach of the employee non-solicit provisions each had in their agreement with DTI. The Court was skeptical that where the employees were all “at will” versus subject to a term contract, that the three prong test of enforceability under BDO Seidman could be met. The fact that they marketed themselves as a “package” deal was not unfair competition supporting a finding of breach. Similarly, LDiscovery could not be held liable for tortious interference by recruiting the team, providing them with signing bonuses and by indemnifying them.

This decision provides a good framework for legal analysis when determining the propriety of a team move and whether certain conduct of the employees and their new employer warrant injunctive relief.