What Employers Need to Know to Safeguard Their Trade Secrets
The protection of trade secrets and other confidential information is important to the bottom line of every company, whether a Fortune 100 corporation or a small business. In furtherance of that objective, this post gives employers an overview of two federal laws that provide employers with such protection and will highlight certain protective measures employers can implement to prevent the misappropriation of trade secret information by employees.
The Defend Trade Secrets Act of 2016 (DTSA)
A federal law, the Defend Trade Secrets Act of 2016 (DTSA) allows employers to protect against the misappropriation of trade secret information. The DTSA defines “Trade Secret” in broad terms: “All forms and types of financial, business, scientific, technical, economic, or engineering information.” But, in order for employers to avail themselves of the protections of the DTSA, they must show that they took reasonable measures to keep such information secret. 18 U.S.C. § 1839(3). Employers can satisfy this burden by requiring all employees to sign and consent to a confidentiality agreement that specifically identifies and acknowledges information intended to be protected as a “trade secret.” See, e.g., Magnesita Refractories Co. v. Tianjin New Century Refractories Co., 2019 WL 1003623, at *10 (M.D. Pa. Feb. 28, 2019). The DTSA allows an employer to obtain injunctive relief, monetary damages, punitive damages, and attorneys’ fees.
The Computer Fraud and Abuse Act (CFAA)
In the increasingly digital workplace, it comes as no surprise that employees commonly use their employer’s computers to misappropriate trade secrets. In such cases, in addition to the remedies available under the DTSA, Employers may be able to obtain equitable relief or compensatory damages under the Computer Fraud and Abuse Act (CFAA). The CFAA provides employers with a civil cause of action if they have been injured by the wrongful access, including access without authorization or in excess of authorization, of a protected computer.
A recent ruling by the U.S. Supreme Court highlights the need for employers to review and update their access policies. The CFAA does not explicitly define “authorized access.” This led to a split among federal courts over whether the “authorized access” clause of the CFAA prohibits users who obtain information to which their computer access does not extend, or if the prohibition extends to those who misuse access that they already otherwise have. That question was resolved on June 3, 2021, when the Supreme Court decided Van Buren v. United States. Van Buren held that the CFAA does not apply to those employees who use otherwise authorized access for improper purposes thus significantly restricting the scope of the CFAA.
Take, for example, an employer who requires its financial staff members to use company credentials to log into its computer system to access the confidential financial information of the company (which would be a “trade secret” protected by DTSA). Perhaps one of the employer’s financial staff members plans to leave the employer to join a competitor. If the day before they leave, they log into the accounting system and misappropriate all of the employer’s trade secrets to take with them to the new employer, the employer would not have a CFAA claim under Van Buren because the access was authorized.
Employers who are concerned about the confidentiality of their trade secrets should consider the following preventive steps:
- First, employers should review their confidentiality and nondisclosure agreements to ensure their trade secrets are adequately identified and described. Regardless of whether access is “authorized” under the CFAA, access for improper purposes would constitute a breach of those agreements. Updated confidentiality agreements and non-disclosure agreements should be issued to all employees with access to valuable company data such as product formulas, customer lists, and contact information, business plans, and other documents related to marketing and business;
- In addition, employers should consider additional security measures, such as encrypting files containing trade secrets. Employers should only give passwords or credentials to those employees who directly work with the trade secrets, and may wish to limit employee access to only certain files or folders.
In the Information Age, the DTSA and CFAA have become increasingly common and effective tools for trade secret enforcement. Either or both of these statutes can form the basis for a cause of action against employees who have pilfered trade secrets through electronic means, and can be combined with causes of action for breach of contract when employees leave for competitors in violation of non-compete or non-solicitation agreements. Because both the DTSA and CFAA are federal statutes, they can provide a basis for jurisdiction in federal court, which can sometimes be a favorable venue for employers who have been victimized by departing employees or unscrupulous competitors who may hire them. In these cases, preservation of electronic records and data, and prompt forensic analysis of the impacted devices or networks, can be critical to building a strong case to obtain both injunctive relief or monetary damages. The assistance of counsel and expert witnesses (both testimonial and consulting) is also extremely important. Obermayer attorneys have experience counseling employers regarding trade secret, non-compete, and non-solicitation matters, including drafting agreements and policies and initiating litigation when it becomes necessary.
The information contained in this publication should not be construed as legal advice, is not a substitute for legal counsel, and should not be relied on as such. For legal advice or answers to specific questions, please contact one of our attorneys.