Hello and welcome to Managing Trade Secrets. My name is Russell Beck. I'm a trade secret non-compete and employee mobility lawyer at the law firm Beck Reed Riden in Boston. Today we're going to cover five topics. First, trade secrets explained. In other words, what are trade secrets? What are we really talking about? Second, the legal framework for trade secret law. Third, misappropriation. Or what happens when somebody does something bad with your trade secrets. Fourth, how to manage trade secrets. And fifth takeaways. So with that, we'll get started directly into what is a trade secret. Normally when we think about trade secrets, the first thing that typically comes to mind for people is the secret formula of Coca-Cola. Sometimes people think about the Google search algorithm. Other times, people think about WD 40. And for those of you who don't know what WD 40 is, it is the product that unsticks things that shouldn't be stuck. And you can see their logo. All of life's problems can be solved with two things duct tape and WD 40. If it moves and it shouldn't, you need duct tape. If it doesn't move and it should, you need WD 40. So WD 40 actually stands for water displacement 40 or the 40th formulation. What's significant about that is that everybody can agree that the formula for WD 40 would be considered a trade secret under preexisting law. Law that has been displaced in virtually every state in the country at this point.
The first 39 formulas that didn't work that ultimately were replaced with the 40th formula were considered negative knowhow or things not to do the things that you learn from in order to come up with the thing that works. Well, those weren't protected previously under old law. They are protected now under current law. And while these are quintessential trade secrets, there are certainly plenty of other types of information that also constitute trade secrets. For example, every patent starts off as a trade secret, right? So if you look at what's on the screen, you've got the invention of the light bulb. And prior to that becoming patented, it had to be kept secret. The contraption on the right is a device for facilitating the birth of a child by centrifugal force that is a real patent. And then third, the toilet snorkel. And what that does is it allows you to breathe air if you're in a building that's on fire and you can't breathe because of all the smoke. For those of you who have seen the movie The Kingsman, the Secret Service, you may remember in a scene in that movie that this product was actually used. So when we try to figure out, okay, well, we get that it's not just the the Coke formula and it's not just the things that become patents. Well, what else is it, really? And the law really doesn't provide us with a lot of helpful guidance on this.
The restatement first of Torts, section 757, comment B says that an exact definition of a trade secret is not possible. The restatement first of torts is actually the first place that codified what all the laws were around the country. That was done in 1939. It's since been replaced with the Uniform Trade Secrets Act, and virtually every state, notably New York, has not adopted it and still relies on the restatement first of torts as well as as well as the restatement third of unfair competition. But even though the restatement has been replaced, the definitions and the language of the restatement still inform a lot of the decisions around the country in state courts and in federal courts. Now, since the restatement, we've had multiple different trade secret laws enacted around the country, both in the state level and at the federal level. So first, let's look at how each of these different sources of law actually identify what a trade secret is. And as you'll see, the language that I just quoted really does sum up what we're seeing in these statutes. So first, the restatement, first of torts, comment B and the restatement first of Torts. Just to be clear, that is not a statute. It's not even a law. It is just a summary of what the law was back in 1939. And to this day, it still carries a lot of weight with a lot of courts.
The definition under the restatement of torts is a trade secret may consist of any formula, pattern, device or compilation of information which is used in one's business and which gives him an opportunity to obtain an advantage over competitors who do not know or use it. Now notice a few things about this. First is that the definition starts with defining what types of information. It doesn't actually just say any information. Second, it limits whatever that information is to only information that's used in one's business. And what's significant about used in one's business is that the secret formula to WD 40, we can all agree that's still being used in the business because WD 40 is still a product that's being commercially marketed. But WD one through 39 are no longer used in the business. And so under the restatement, first of torts, that would be considered negative, nohow or negative knowledge. It's the blind alleys that don't get protection as a trade secret under the restatement of torts. The other requirement about the language in the restatement, first of torts, is that the information has to give an advantage over competitors. So a competitive advantage. Now if you move over to the Uniform Trade Secrets Act, Section one four, we see the definition of trade secrets, which is basically the trade secret definition that's that's been adopted in virtually every state, maybe with some modifications of various states. We've got a chart on that if you want to find it.
There's a 50 state chart that identifies how each state varies in its adoption of the Uniform Trade Secrets Act. But what's important is that the definition that we're about to look at comes out of the Straight Uniform Trade Secrets Act, which is just a model law that can be adopted in states. It's been adopted in every state except New York. And there's some question about whether North Carolina and Alabama have actually adopted or not. What they've adopted is certainly close enough. So looking at the language note the first thing trade secret means information. So now we've left from the restatement, first of torts definition, where information comes up much later and it's all qualified. Now under the Uniform Trade Secrets Act, information is the definition. So trade secret is information. And then it includes stuff including a formula pattern, compilation, program, device method, technique or process. You can basically ignore those words. Trade secret means information that and then you get to the next two bullets. Information that derives independent economic value, actual or potential from not being generally known to and not being readily ascertainable by proper means by other persons who can obtain economic value from its disclosure or use and is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. So remember that part because that's new. That last part is the subject of efforts that are reasonable under the circumstances To maintain its secrecy was not an express requirement under the restatement first of torts, but it is now under the Uniform Trade Secrets Act.
And again, that's been adopted in virtually every state, though there are variations in the way that it's been adopted. So we will come back to how the restatement of torts addresses some of these issues concerning the reasonable efforts and the economic value and all of that. But just sticking to the Uniform Trade Secrets Act definition at the moment, it's information that derives economic value, actual or potential, so it doesn't have to be existing economic value. Now what's the significance of that? The significance of that is compare that with used in one's business. So imagine that your you're the company that makes WD 40, but you're still on Formula 39. Well, that formula is not going to be used in your business, but it does provide actual or potential economic value, right? Because the value that you get from that is knowing how to move on to Formula 40 gets you a long way there. So there's real value to that. You can imagine that a competitor might be very interested in buying Formula 39 because that will get them most of the way there to Formula 40 gives them a real leg up. Now let's look at the Defend Trade Secrets Act, which is the federal statute. This is part of the Economic Espionage Act, which was adopted back in 1999 and provided essentially criminal liability for the theft of trade secrets.
It focuses on both state actors, so foreign actors as well as it also covers individual actors, but it really is a criminal act. Under the Defend Trade Secrets Act, the term trade secret means. And now look at how the definition has somewhat gone back to the restatement of torts, but still is very in line with the Uniform Trade Secrets Act in terms of its breadth. Trade secret means all forms and types of financial, business, scientific, technical, economic or engineering information. And then it gives a list. Now, what types of other information might be out there that might not fall within one of these buckets of financial business, scientific, technical, economic or engineering? Hard to imagine. And when Congress passed the TSA, they intended for this definition to be quite broad. They also based it on the Uniform Trade Secrets Act. So right now, we haven't seen anything that would distinguish between information that could be protected under the Uniform Trade Secrets Act, but not protectable under the Defend Trade Secrets Act, with the exception of the information has to be used or intended for use in interstate commerce. But that's a federal question, right? That that's how we get federal jurisdiction over this type of issue. Now the statute goes on its information, including patterns, plans, compilations, program, which I think is actually just really a typo. Devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs or codes.
And those are just examples. It is not the full expression of everything that might qualify. But again, as you can see, it is incredibly broad. And then the Defend Trade Secrets Act goes on to address some newer issues that really weren't big issues back when the Uniform Trade Secrets Act was promulgated, which was initially in 1979 and then revised in 1985. But now the TSA, having been passed in 2016, Congress was aware that there are more issues that we didn't look, that we weren't concerned with or weren't even aware of back when the Uniform Trade Secrets Act was was initially promulgated. And those issues relate to electronic storage of information. And so the TSA adds and whether or how stored compiled or memorialized physically or electronically. Right? So physically, electronically, graphically, photographically, or in writing. So all those different methods. But really, it's the electronic one that's the critical one. But it also adds a qualifier, much like what the Uniform Trade Secrets Act says. It requires that the owner thereof has taken reasonable measures to keep such information secret, and the information derives independent economic value, actual or potential from not being generally known to or readily ascertainable through proper means by another person who can obtain economic value from the disclosure or use of the information. So as you can see, the language is very similar. Slight variations, but for all intents and purposes, all of these definitions tend to come down to basically one thing, and that is it has to be information that has value because it's confidential.
And under the Uniform Trade Secrets Act and Defend Trade Secrets Act, it also has to have been confidential as a consequence of reasonable measures that were taken to keep it confidential. Now, I said we'll come back to that issue under the restatement of torts and we get back to that issue because the restatement of torts provides a six factor test to help courts, companies and individuals understand whether certain information is or is not a trade secret. And the six factors are not all requirements. But you can imagine that if you fail to actually take measures to keep the information secret, which is really the first two factors that we'll look at, then you can understand that the reality is it may not wind up being a trade secret. However, each of these factors gets looked at and weighed as part of the analysis about whether information is or is not a trade secret. So the first we look at is the extent known outside the business. Is it known only by the company or is it known by others? It might be known by competitors, and if it's known by competitors, how many competitors are there and do they all know it or just a couple of them? And is it the kind of thing that serves as a barrier to entry? So maybe there are only a handful of competitors.
They all know it, but it's a barrier to entry for anybody else who doesn't know it. It's also okay that the information may be known outside the business. If it's known by way of non-disclosure agreements and confidentiality agreements, so that anybody who knows it outside the business is restricted in how they can use it or in their ability to use it at all. Then we look at the extent known inside the business. And again, it's a similar concept. Generally, the way to think about this is the only people inside a business who should know what the information is are the people who need to know what the information is and the people who need to know now not they may need to know at some point in the future. So we'll give them some access to it. Now, the analysis is do they need to know the information and if so, then they can have access to it. And if not, then no, they really shouldn't have access to it. Now, as you can imagine, that may vary based on the size of the company, based on the nature of the information, based on how valuable the information is. So you could imagine that in a small company there may only be six employees and they may all need to know, whereas in a large company there may be thousands of employees and there may be a handful of people who know it, but only one of them really needed to know it.
That actually could impact the determination about whether the information is or is not a trade secret. The next factor is the extent or measures to guard the secrecy, and that's where we get the concept of reasonable measures under the Uniform Trade Secrets Act and the Defend Trade Secrets Act. This is a requirement, whereas under the restatement, it's only a factor. And again, we can look at a number of things that go into this. We look at what the company has done. So one of the things you would expect a company to do is have non-disclosure agreements. So anybody who's going to have access to the information would have to sign an agreement that they'll keep it confidential. In addition, the information should generally be kept under lock and key, and that goes both physically and electronically. Right? So you wouldn't want to have a circumstance where people could just walk into a building and see all of your trade secrets. You want to have it behind closed door, behind lock and key and make sure that. Of anybody who doesn't belong in that room looking at that information, can't get in that room and look at that information. Same thing with regard to documents. You're not going to want to have somebody go onto a computer and just be able to get on the computer without a username and password and then get on to the particular location in the computer without specific access to that location.
And in many instances, you're going to want to identify the document itself. To the extent we're talking about an electronic document that contains information, you're going to want to make sure that that document is indicated as confidential in some way. And that may be naming the document confidential, providing markings within the document once it's opened as well. So that it's very clear it's confidential. And of course, you're going to limit where that document is stored and how it's how it's stored on the server so that only the people who should be looking at that document have access to it. Another factor is the ease or difficulty to replicate the information. So if it's the kind of thing that a company can recreate in a day or two, that's not going to be a trade secret or at least this factor is going to weigh against that information being a trade secret. If it's the kind of thing that may take a very long time, then that factor will weigh in favor of it being a trade secret. Now, I say that, but there are always exceptions. There was a case involving a material that everybody thought would not work for the particular function that it was used for. And even the academic literature that was out there said that this particular molecule would not work.
But a company decided they would try it. And it turned out that the molecule worked perfectly. And so anybody could very easily recreate that, but nobody knew to. And so even though the Factor would weigh against the information being a trade secret, the fact that people didn't know about it and the fact that as it turned out, it gave great economic value to the company that allowed the information to be protectable as a trade secret, even though this factor went against it. The next factor, as it was just presaged, is the value to the company and competitors. The more valuable the information is. The more likely it is to be a trade secret, the less valuable, the less likely. And lastly, the effort or cost to develop the information. It may be that it cost almost nothing to to develop the information and that that may weigh against the information being a trade secret. On the other hand, it may have taken an inordinate amount of money and effort to develop the information. And if that's the case, that factor would weigh in favor of the information being a trade secret. But again, these are all just factors and they all go into a pot. And the court would have to decide whether the information does or does not qualify as a trade secret. Now, remember, this is under the restatement first of torts. This is not a test that applies to the Uniform Trade Secrets Act or the Defend Trade Secrets Act.
That being said, because there were decades where courts were using this six factor test to determine whether information was a trade secret. Courts often still look at this six factor test in order to determine whether information qualifies as a trade secret. Under the uniform Trade Secrets Act and the Defend Trade Secrets Act. That brings us then to, okay, what information is not a trade secret? So there are few types of information that is never going to be a trade secret. One of them, and one that's gotten a lot of attention lately is general skill and knowledge. So the kind of information that an employee could learn basically anywhere they learn it because they studied it in college or they read it in a book, or they watched a YouTube video, or it's the kind of thing that just through doing the work over and over and over again, somebody would learn it whether they were at a company, a company B or company C, that generally is going to be considered the employees general skill and knowledge, and they're allowed to take that from company to company. Information that's publicly disclosed is not a trade secret. So information that may be included in a patent application, for example, once that patent application becomes public, the information in there, if it was a trade secret beforehand, is no longer going to be a trade secret.
And then industry know how. So everyone in the industry knows how to do this. But as I said earlier, while that is generally true, it may be industry knowhow that serves as an enormous barrier to entry for other companies. And if that's true, then that industry knowhow may actually still be a trade secret. The question is, is it protected by all of the companies in the industry? And if it's not, then it's not going to be a trade secret. But if it is, it could be. So let's turn to then the legal framework. And as we think about how trade secret law works, we're guided by a few principles. So first, the rationale behind state trade. Secret law is to encourage invention and to provide innovators with protection for the fruits of their labors and to maintain and promote standards of commercial ethics and fair dealing. So that's two different components, right? It's the we want to encourage invention and therefore we need to protect it. And also we want to maintain and promote standards of commercial ethics and fair dealing. And that is a standard that comes up over and over and over and over again. You will see that in so many of the cases, because generally what's motivating these cases is somebody has stolen something, somebody has behaved badly, or people believe that that that somebody stole or behaved badly. So as said in jet spray cooler, a case in Massachusetts, that was one of the foundational cases to our law.
And in that case, the court said, Mr. Justice Holmes said that the company had the right to keep the work which it has done or paid for doing to itself. The fact that others might do similar work if they might does not authorize them to steal the plaintiffs. Again, straight back to that notion of commercial ethics and fair dealing. This guides non-compete law and you will again, you will see it over and over again. And that leads us then to the question of, well, what's a violation of trade, secret law? And we call that misappropriation. So somebody is misappropriating information, misappropriating a trade secret. That is the conduct that they are not supposed to engage in. So what is that? Well, that's defined as acquisition of a trade secret by a person who knows or has reason to know that the secret was acquired by improper means. So basically, somebody who got it when they shouldn't have and they knew that disclosure or use of a trade secret without express or implied consent by a person who. Right. So it's acquisition first and then use or disclosure and it's use or disclosure that's not permitted. But by whom? By a person who used improper means to acquire the knowledge. So back to a or by a person who at the time of the disclosure or use knew or had reason to know that the knowledge of the trade secret was derived from or through a person who had used improper means to acquire.
Again, coming back to I know that somebody has this improperly, so I shouldn't be using it or disclosure or use by a person who at the time of the disclosure or use knew or had reason to know that the knowledge of the trade secret was acquired under circumstances giving rise to a duty to maintain the secrecy of the trade secret or limit the use of the trade secret. So what does that mean? That means I, as an employee, for example, may have obtained the trade secret because of the work that I was doing for the company. Now, I having acquired the knowledge in that way, so I acquired it properly. I'm not allowed to use or disclose it because I've got a duty to maintain the secrecy. The next one involves disclosure or use of a trade secret of another without express or implied consent by a person who derived from or through a person who owed a duty to the person seeking relief to maintain the secrecy of the trade secret or limit the use of the trade secret. So now, unlike the one that we just looked at, I am not the one who's going to use or disclose it. That's not the problem. But somebody else has gotten it from me or through me. And now they know that I'm not supposed to use it.
They shouldn't be using it either, right? Their rights derive from me and my rights were limited. So their rights are limited as well. And then finally, disclosure or use of a trade secret by another without express or implied consent by a person who, before a material change of the position of the person, knew or had reason to know that the trade secret was a trade secret and knowledge of the trade secret had been acquired by accident or mistake. So now imagine that I find out. I find out some information and I say, Wow, this is really fantastic. This is great. And I don't realize that it's somebody else's trade secret, and I don't think that there's any problem with me using it. Maybe an employee brings it to my attention, but I think that it's perfectly appropriate they didn't learn it improperly, and I'm okay to use the information. My use at that point is fine and up to the point that I learn that this is someone else's trade secret and I don't have a right to it, I'm okay using that information. But once I find that out, I need to immediately stop. Otherwise it's misappropriation. Now, the exception to that is, well, what if there's a material change? So what if after I've done something that's basically irreversible? Well, at that point I'm allowed to continue using the trade secret, even though I know that it's someone else's trade secret and I shouldn't be using it.
I'm allowed to because of the material change. That's not going to be misappropriation. It doesn't mean I won't have liability to the owner, but on the other hand, I'm not violating trade secret law. Okay. So we're looking at this concept of the improper means, right? Somebody who used the information or disclosed the information or acquired the information through improper means. So what is improper means? Well, first, the Restatement Ever helpful provides the statement that a complete catalogue of improper means is not possible. In general, they are means which fall below the generally accepted standards of commercial morality and reasonable conduct. So we're right back to that same principle underlying trade. Secret law. The commercial morality and reasonable conduct. So examples of that might be taking something by physical force. I think we could all agree that that wouldn't be proper fraudulent misrepresentations to induce disclosure. Tapping of telephone wires and eavesdropping or espionage, those are all things that were identified back in the restatement as conduct that falls below the generally accepted standards of commercial morality and reasonable conduct. That also evolves over time. You might imagine that years ago, before we had all of the technology that we have, it might have been considered really unacceptable and unreasonable for somebody to fly over a head and take pictures of development work that's going on outside in a very private area. But now with satellites and Google Earth, you can look right into that same area without doing anything wrong.
It's freely available on the Internet. So the concepts of what is generally accepted do evolve over time as a consequence of just the evolution of technology as well as changes in cultural attitudes. So we think that things like stealing are bad. On the other hand, reverse engineering is okay because the idea is that we don't want to do something bad. But on the other hand, there's nothing wrong with wanting to try to find something out. And if you've got a product and you want to try to figure out how it works, as long as you're not violating any licenses, that's okay. Liability is not based on the actor's purpose to discover another's trade secret, but on the nature of the conduct by which the discovery is made. So the most common way that we see misappropriation and we have seen it over the years is by employees taking information. Now that is not necessarily because they're intentionally trying to steal information. Sometimes they are. Sometimes they're not. So now let's look at some of the ways that we actually have seen misappropriation over the years and how it's evolved over the years. So in the past, people would take information in boxes, in briefcases, on CD drives. That was one of the more technologically advanced methods of taking information years ago. And now what we're seeing is people are taking information in the cloud, they're taking it on thumb drives or other SSD drives, and they're taking it on their phones and other devices, as well as even by just taking photographs of computer screens that have the information on it.
So these are all newer ways of taking information that weren't available in the past, but really are now much more available because information is so readily movable and we have all the technology to do it quickly and easily. So when we think about the cloud, as the as an example, it's not just putting information in an email and sending it to yourself, though that is one very common way that people misappropriate information. But it's also like putting it in Dropbox or Google Drive or any one of the many different types of online storage accounts. Oftentimes that happens behind the scenes without anybody thinking about it because they set it up early and then wind up forgetting about it. And later when after they've left employment, they find, oh my goodness, look at this. I have all these documents that would not necessarily be misappropriation. The fact that somebody had it inadvertently, when you go back to improper means of use of acquisition, use or disclosure, that's not going to constitute misappropriation. But also the question then becomes, well, were you intentionally doing it or were you unintentionally doing it? All right. So with all of this, the next question is how do we manage our trade secrets? So let me set the stage for this.
Have you had more than one job? If so, think about what happened when you left one job and headed to another. Did you take information with you? Well, according to a survey, more than half of ex employees admit to stealing company data. According to a new study. That was back in 2009. The studies that have been done since validate this or actually suggest this may even be a little bit low. The other part about this, and what's a little bit alarming, is that half of the survey respondents say that they have taken information and 40% say that they will use it in their new jobs and that is a problem. And so what's the reason for that? Well, I think part of it is that employees attribute ownership of IP to the person who created it. So oftentimes people will think, well, I worked on that, so that must be mine. That's not necessarily true in most instances. If your employer paid you to do that work, it's not yours. Think about it this way. If you were paid to create a widget, would you think that you could take the widget and bring it home and that it's yours? No, you wouldn't. Intellectual property is funny because we think, well, you know, there are there are an unlimited number of copies of it, so it must be okay that I can take one of them.
But that's not true. The other issue is that over half of employees do not believe that using competitive data taken from a previous employer is a crime. But it is. Remember when I said before that the Defend Trade Secrets Act actually arose out of the Economic Espionage Act from 1996? Well, in 1996, that Economic Espionage Act was a criminal act. When the Defend Trade Secrets Act came into place in 2016, that created a private right of action. So in 2016, when the Economic Espionage Act was amended, Congress created a private right of action so that a trade secret lawyer could bring a case against somebody who had misappropriated trade secrets. And they could do that in federal court and not have to just rely on state law. What may not be apparent is that when an employee moves from one company to another, their knowledge is transferring with them and they may bring it to and apply it to the work that they're doing for the new company. And that will contaminate the work that they're doing for the new company if they're using trade secrets from their former employer. So at the moment that the recruiting process starts, people need to be very clear that a candidate does not share or bring with them any confidential information from their prior employer, and that continues during the term of their employment. They shouldn't be using any confidential information from a prior employer.
They shouldn't be disclosing any of that information. They shouldn't be putting any of that information onto their new employer's computers. And then when they leave, it's the exact same thing in reverse. We need to make sure that they don't take the information with them. We need to make sure that they leave it at the company, that any copies of it that they may have have been destroyed. And remember that then when they're leaving one company, they're starting at another one typically. And so the cycle starts again. And whatever it is that they're doing on the way out of one company and bringing to the new company, they're probably going to do on the way out of the new employer when they go to their next company. And it's not because they're doing anything intentionally wrong. They just need to understand that they shouldn't be doing this and thatrillionequires education and training. And that leads us to, okay, well, how do you get your house in order and how do you make sure that these things don't happen? Well, you develop a trade secret protection program, and the purpose of that is to know what you have. So you need to understand not just what you have, but what the value of what you have is. And then that may inform whether it can be and should be insured. Next, you want to determine what controls are needed and reasonable, and then make sure that you've implemented them.
So you want to make sure that you have in place different steps to make sure that the information that you just identified and determined is valuable. You want to make sure that you have appropriate steps in place to keep it confidential and to make sure that when that employee leaves, they're not taking it with them. And to be sure that while that employee is working for you, they're not inadvertently disclosing it or otherwise putting it at risk. So the goal is the prevention of inadvertent and unintentional loss, as well as the prevention of inadvertent and unintentional contamination of your information. So you don't want to lose it and you don't want yours contaminated by it. Now you can lock everything down, at which point you'll wind up with nobody being able to use or share information, but then also not being able to do their job. So there's a balance between the security of information and the efficiency and productivity of the company and its employees. That balance is hard to achieve, and that's part of the process of a trade secret protection program where you're understanding what information you have, what the risks are and how you can protect them reasonably. Now the question becomes, All right, well, I get it. What's the timing? When do we do it? Well, the answer is, first of all, now, if you haven't done a trade secret protection program already, you haven't put one in place.
Now's the time to do it, because the laws are changing around the country and you want to make sure that you're not violating those laws, that you're fully complying with them. And on top of that. You want to make sure, more importantly, that you're protecting your information from any inadvertent or intentional use or disclosure. You want to keep that information confidential. And the way to do that is through the protection program. And if you don't have one in place, your information is probably at risk. So you want to do that now. You also want to do it later. This is not a one time thing. You want to make sure that as your information changes over time, as laws change over time, as circumstances change over time, you are constantly updating this program. The general rule of thumb is you do it once every year, but it really can vary. And I would I would want to understand the nature of the business, see how quickly things change and whether the things that you've put in place for your trade secret protection program are sufficient. That will last a long time, or whether there are things that need to be changed wholesale or just tweaked. Moving forward, what does this program look like? Well, there are basically four pillars to it, understanding the interests to be protected, understanding the security landscape, administrative aspects, and then operationalizing.
So let's look at each one of those four. First the interest to be protected. So you need to understand what it is that you have. What trade secrets have you got? What other information do you have? And as you're doing this, don't necessarily limit it to trade secrets. You may want to look at your other intellectual property, and you may also want to look at other interests that you might be wanting to protect, such as customer goodwill relationships with your customers. The next part is to consider the obligations that you owe to third parties and that third parties owe to you. So, for example, if you're involved in a collaboration with another company, presumably you've got some sort of agreement under which you're sharing information. Hopefully you do. And that agreement will set out the terms by which information is shared. Generally, those agreements will also say, we expect that you will take appropriate measures to protect the secrecy of the information. Now, that language that I just said actually is kind of problematic. You want to make sure that you know what measures people are going to be taking. Oftentimes, you'll see in these agreements that companies commit that they will apply the same level of protections to your information that they apply to theirs. But unless you know what level of protection they apply to their information, that is not good enough. You need to understand what they're going to be doing and you want to spell that out in your agreements.
The reason that you want to do that is that if you've gone through great pains to protect your information and then you share it with a third party under a non-disclosure agreement where they say we'll protect it the same way we protect ours, and they don't take what you consider to be reasonable and appropriate measures or maybe what a court might later consider to be reasonable and appropriate. You may find that that closely guarded trade secret of yours is now valueless because the company that you shared it with and expect it to treat it properly wasn't. You also want to make sure that you have the right to check and make sure that they're complying. And you also want to make sure that at the end of it, at the end of the deal, whatever it may be, whatever collaboration you may be involved in, whatever joint venture you may be involved in, whatever sharing there is, or even with an employee, when you're giving them information to use for work, you want to make sure that at the end you have a process for dealing with either recovering the information or having the information destroyed or both, depending upon the nature of the information. The next step in the process is then to understand the security landscape, and that means both physical and electronic security. So you want to understand where is your trade secret information housed? Is it physically in paper? Is it electronically? If it's electronically, you want to make sure that it's properly secured both electronically and also that those electronic assets are physically secured.
So you want to make sure that basically the only people who get access to that information are the people who need to have access to it. We see particular challenges with remote work. It was a problem before Covid. It has been a problem since Covid. It has been a much more significant problem since Covid, because since Covid so many people are working remotely and it happened so quickly that the people who hadn't previously been working remotely and then started working remotely may not have been set up to protect information appropriately. There are all sorts of steps that people need to be taking in a home or remote work environment that we may take for granted in a work environment, but aren't the norm in a home environment. For example, even just the Wi-Fi network at home may not be password protected, whereas at work it typically would be. So we need to make sure that employees understand that. Next, administrative. So on the administrative side of things, we're talking about making sure that your agreements are up to date, that they cover the things that you want them to cover, that you have offer letters that are up to date, that cover the things you want them to cover.
You have policies that are up to date. Those policies may be confidentiality policies. They may be codes of conduct which tend to overlap. They may be data security policies, lots of different types. So the things you're going to want to do are review them and revise them. And in particular the agreements. Those tend to be the most critical, though your policies also are important. But on the agreement front, what agreements do you have? We're going to come back to that in just a minute. You're going to want to review them for compliance with both existing state laws and then also the changing state laws, because the laws around the country have been changing dramatically over the past decade plus and they're increasingly changing now. So, for example, as of July 1st, Michigan will be the fourth state to ban non-competes. So suddenly if you had non-competes in Michigan before July 1st, those were all valid, assuming that they satisfied the law. But after July 1st, any new agreements that you're using that may have been compliant before are now going to violate the law and there are significant consequences for violating the law like this. So you want to review your agreements for compliance with the existing laws and then also for anticipated changes, and then you're going to update them as necessary. So if your agreements don't comply, update them and make sure you bring them into compliance. Now, what type of agreements are we talking about? Well, there are a variety of different agreements.
So on this graph, we've got the amount of protection vertically and the enforceability horizontally. So the more protection that the particular agreement might offer, the higher on the chart it is and the more enforceable it is in a court, the farther to the right it is. So, for example, non-compete agreements, those are the agreements that restrict an employee from moving from one company to another in a way that would harm inappropriately the trade secrets or confidential information or goodwill of their former employer. At the other extreme are non-disclosure agreements, which are just agreements that say that the employee won't retain, use or disclose information that they shouldn't. And then various other agreements are plotted along the chart in the relative protections that they offer in enforceability. So, for example, there's at the top guard and leave clauses. So those offer the same level of protection as non-competes and they're more enforceable. Why are they more enforceable? Well, essentially, without getting into the details, they're basically non-competes that are paid for during the term of the restriction, unlike non-competes that, at least in theory, have been paid for prior to the restriction down to the right from there are non-solicitation agreements. And those are agreements by which somebody, a former employer, typically will agree that they won't solicit the customers that they worked with. And maybe it's a little more broad than that, But typically that's the type of restriction that's covered by a non-solicitation agreement.
And those tend to be fairly enforceable and they offer a good amount of protection. But you never know what's happening behind the scenes, and that's where you then turn to those no service agreements which are top left of that. And no service agreements are basically not just non-solicitation agreements, but they but the employee can't service the customer either. So even if the employee doesn't solicit the customer, the customer may still want to follow the employee to their new employer. The no service agreement would prevent them from would prevent the employee from working with that customer. Next are no recruit agreements. So the no recruit agreements are very enforceable by comparison, although with some developments at the NLRB, the National Labor Relations Board, no recruit agreements may wind up becoming less effective, at least for more junior employees. But no recruit agreements say that you can't basically try to bring your colleagues with you to a new employer. And then invention assignment agreements tend to be very enforceable and offer a lot of protection as well. And basically anything within certain parameters that an employee develops in the course of performing their work for their employer is owned by the company, not by the employee. Different states have different restrictions on how broad an invention assignment agreement can be. But as a general rule, the types of materials that an employee may be creating during the course of their employment that relate to the work that they're doing or relate to the business of the company, tend to be properly covered by an invention assignment agreement and therefore owned by the company, not the employee.
Okay, So let's then move on to operationalizing. So what that means is you've got all these great policies in place, all these fancy agreements, everything is locked down, you've got all your rules and you've got everything set up. You want to make sure that people understand what their obligations are and you want to make sure that they are held to those obligations. So that means that you can't just put in a policy that says you're going to treat the information confidentially and maps out what that means, but then not communicate that to the employee. You need to tell them. They need to understand what's expected of them. Otherwise, you can't expect that they're going to comply with it. And you also want to make sure that they are complying with it. So, for example, there's data loss prevention software commonly called DLP software, and that monitors to see whether employees or anybody for that matter, is moving large amounts of data off your server or through your systems. And if they are, typically somebody will be flagged to look into that. Many times that's appropriate, but sometimes it's not. And when it's not, you want to make sure that the company takes steps in order to protect its information.
So you want to then figure out what you need to do to make sure that your information is still protected. Perhaps it involves educating the employee that what they were doing was improper. Perhaps on the other extreme, if it involves actually bringing claims or charges against the employee for misappropriating information for stealing it. The circumstances obviously can vary wildly, but the company needs to make sure that the employees understand what the restrictions are and that they comply with them. That's also true for third parties. You want to make sure that whatever third parties have access to your information, they are complying with it, and you're making sure that they are complying with it and that you're taking all appropriate steps to ensure that your information is safe. Similarly, in the reverse, you want to make sure that your employees understand what obligations are owed to third parties and that the employees are complying with those obligations so that the company can comply with those obligations. So one way to think about a trade secret protection program is the seven S's. You can think of it as a flowchart. So first you state it, and that just means that you actually communicate all of this to the employees so that they understand what's required of them. And then you sign it. So have the employee both sign non-disclosure agreements, which are generally one of the most important documents to have, and then also any restrictive covenants that might be appropriate.
So the non-compete agreement, Non-solicitation agreement or any of the others stamp it. And that just means identifying information as confidential. So if you've got confidential information, stamp it confidential, mark it in some way. If it's electronic, maybe you name the document that way. Maybe you put inside the document a legend that says that it's confidential. Do not distribute. You want to secure it. So what we were talking about locking things up both physically and electronically. Make sure you do that and then anything that you don't need, shred it, destroy it. There's an electronic equivalent, obviously, right? It's the delete and double delete. But you may have to do more than that. Whatever you have to do, make sure that any information that you no longer need that would provide somebody else with a competitive or economic advantage, you want to make sure that that's destroyed so that nobody can get it, supplement it. And that means when an employee is leaving, make sure you retrieve the property, do an exit interview, ask them, do you have any of our information? Walk them through what that means. Explain about Dropbox, explain about emails, and make sure that they understand that they're not allowed to take that information and you have a process for getting anything back and then substantiate it. It may be that you do a forensic review. That means you bring in a company that will do a literal bit by bit copy of the employees work computer.
You could review that to see whether the employee stuck thumb drives in and put the company's information onto the thumb drive. You may need to do an internal investigation and talk to other employees to see what they've seen and what they've heard. And then pay attention. Keep your ears open. You may find out that something happens after the employee leaves. Maybe an errant email arrives from a customer. And that customer thought that they were emailing the employee at the new company, but they were actually using the old email address because their email auto populated incorrectly. Well, that provides you with some information that you now need to figure out. Okay, is there a problem here or isn't there? So keep your ears open. But in the meantime, while people are still employees, going back to our seven S's and working our way through that, you really want to make sure that you're heard right, that employees understand what you're trying to communicate so that they can be fairly held to a standard that you want to hold them to. That can involve training. Training is critical. It's not just telling somebody, Hey, you need to keep our information confidential. It's really explaining what that means. For example, some companies use training videos. We've put together some training videos for companies that explain to employees at the various points during their employment relationship what this actually means.
So avoiding mistakes when you're starting a new job, making sure that you're not bringing information with you to that new job, protecting trade secrets while you're working remotely, make sure that the home Wi-Fi is password protected. Make sure that any information that's printed out in hardcopy isn't left lying around. And when it's no longer needed, make sure that it's shredded and shredded appropriately with whatever level of shredding needs to be employed. And then finally, the exit plan, making sure that people understand what it means to be a good leaver when they leave. They need to understand that they shouldn't be taking information. They need to understand what their obligations are. So again, training is critical from the start of the employment relationship during the relationship and after the relationship, whether that's by way of videos or whether it's by way of in-person meetings or anything else, it is only fair that employees understand what's being expected of them, because if not, how can you expect them to protect your information? The last best opportunity for a company to protect its information is at the time of the exit when an employee says, I am leaving, you want to conduct an exit interview. You want to turn off their access to everything. We'll go through all of these in just a moment. But just at a high level, you want to monitor computers and servers to make sure that nothing is being moved around that shouldn't be moved around.
And then maybe you'll need to send a cease and desist letter to make sure that they comply with their obligations. And maybe you actually go so far as to need to file a lawsuit. We'll look at all of those now. First is conducting the exit interview. So what does that look like? Remind the employee to return and not retain company property and information so people don't necessarily realize that they may have printouts of documents that they printed out long ago. They may have electronic documents that they sent themselves by way of email years ago over the course of their employment in the normal course of employment, and they may still exist. Maybe they're backed up onto their Dropbox account. Maybe they're on thumb drives that were used at one point to do a presentation somewhere, and then the thumb drive was stuck in a desk drawer at home at some point, only to be found at some point later after the employee leaves. You have to walk them through all of that and remind them of the different places that they may have information so that they have a fair opportunity to look for it and return it to the company. And so you want to confirm compliance with all of those obligations to return the information as well as to return all equipment and any other property and remind the employee of all of their agreements and continuing obligations when they leave.
It's not as though they don't have any obligations to protect your information anymore. Those obligations still remain. They may have other obligations as well, including not to solicit your customers or including not to compete inappropriately, whatever their obligations are. Make sure to walk them through them so that they don't leave and find themselves inadvertently violating those obligations. You'll generally also want to provide all reminders and all copies of their agreements to them in writing so that they have them when they leave. One other thing that you may want to consider asking is who's the new employer and what are your job duties? Because that may inform whether there's a violation of any non-compete that may exist or whether there's actually a threat of misappropriation of trade secrets just by nature of the work that they're going to be doing for the new employer. Step two, you want to turn off all access. That means email, access, voicemail access, server access, access to outside services like Salesforce. You want to change all the passwords and disable access codes so that they can't access these things even accidentally because maybe they have their password stored on their home computer and they log into something and inadvertently wind up accessing your information. You may also want to wipe any information that's stored on their smartphones and iPads or tablets. So, for example, oftentimes companies will have sandboxed their email on an employee's personal iPhone.
So take the step to ensure that that email is wiped from the employees iPhone. Next, you want to continue to monitor your computers and servers for order and proper usage. Sometimes employees will continue to access email, maybe social media. Maybe they've stuck thumb drives in. You'll want to look and see whether whether that's happened, whether they've stuck hard drives in or disk burners. That doesn't really happen so much anymore, but hard drives certainly still does. You want to check to see whether they downloaded or uploaded files, whether they deleted, altered or copied files, whether they connect a Dropbox box, Google Drive or other FTP sites. Maybe you'll also want to look and see what websites they visited that may give you some insight about when they started looking for a new job, which may then inform how far back you need to look to see what conduct they were engaged in during that window of time that they were actually no longer committed to staying with the company. Depending upon what you find, if there is or is likely to be a breach of their obligations, you may want to send a cease and desist letter. So it's a cease and desist letter is basically a letter that says, hey, you've got these obligations. We have reason to believe that you are either violating or about to violate them, and we need you not to do that.
We need you to comply with your obligations. Depending upon what their response is, you may or may not be able to resolve things at that point. But this is time sensitive because if your information is at risk or your customer relationships are at risk, you're going to need to move quickly in order to explain to a court why it is that you need the relief from the court by way of some sort of an order from the court, whether temporary restraining order called a TRO or a preliminary injunction that says to the former employee and perhaps their new employer, you are not allowed to do whatever it is that you're doing. Maybe you're not allowed to work in that job for that new company, or maybe you're not allowed to be soliciting our customers, or maybe you're not allowed to be recruiting our employees, whatever it may be. You need to make sure that the court understands that this is important. And one of the ways to convey that is to move quickly. The failure to move quickly will convey just the opposite. Oftentimes. So you may have to file a lawsuit. When all else fails, remember that revenge is a dish best served with a subpoena. According to ChatGPT, at least. So what does that look like? Well, if a lawsuit is necessary, you're going to want to look and see. Okay, what are the causes of action that you may have against the employee? Typically, what we're talking about is the misappropriation of trade secrets, right? That's the taking of information that they shouldn't have taken.
Maybe the use of that or the disclosure of that information that will also typically involve a breach of a non-disclosure agreement. So a breach of a contract. It may also involve a breach of fiduciary duties. And in some states, there's this concept of the faithless servant doctrine which basically says if somebody breached their fiduciary duties. So whether by misappropriating information or by inappropriately trying to recruit colleagues that can give rise to this concept of a faithless servant, which then results in the disgorgement of any monies that have been paid to them during the time that they were faithless. There are other causes of action. We won't really get into them, but just the concepts of them are conversion. Taking Information. The Computer Fraud and Abuse Act, which is inappropriate use of a computer corporate rating, which is trying to do a lift out of a bunch of people out of the company. Tortious interference, which is just improper interference with relationships or contracts and unfair competition, which is that notion of doing something that really is commercially unethical. And then the question becomes, well, do you sue just the employee or do you sue the new employer or do you sue just the new employer? Thatrillionequires a very fact intensive analysis based on the particular circumstances.
But if you are planning on moving forward with a lawsuit, you're going to want to anticipate the evidentiary requirements, the defenses, the counterclaims and make sure you've marshaled your evidence. That includes identifying any witnesses, both fact or percipient witnesses, the people who saw what happened and expert witnesses. So the people who are going to testify about the forensic process used to review somebody's computer and devices and to determine whether information was or was not moved. You'll also want to line up a bonding company because although people don't often think about it, a court is not supposed to issue an injunction without considering what whether to whether to require a bond, and if so, and what amount that typically is provided by a company called a bonding company or a bonding agent that will basically say to the court, yes, we will guarantee that if money is owed, it will be paid. Before running headlong into filing a lawsuit, you want to consider whether a criminal complaint is appropriate. So under the Economic Espionage Act, for example, it may make sense to go forward with criminal charges rather than civil charges. That's a decision that should be made, obviously, in consultation with a lawyer. But it is something you do want to consider when the stakes are very high. And then also consider the procedural issues. Are you going to file in state court? Are you going to file in federal court? Are you going to file in a special business litigation session? What are you going to do? So you want to make sure that you've thought through all of these things before you file a lawsuit.
But again, you need to move quickly, but not precipitously. You want to make sure you've lined up your information and your witnesses and your facts, but you also need to be moving very, very quickly. So what are the takeaways? First, trade secrets can be almost any type of information. Second, misappropriation is the taking or using or disclosing of trade secrets, and employees are the ones that pose the greatest risk. They pose the greatest risk to your information, and they pose the greatest risk to third parties. Information. Next, the steps to protecting information. Know what you're protecting? Establish a program and make sure that the plan is followed. And finally, training is critical. Training on the way in. So meaning when they start work, training during employment and training during the exit. And now the training during the exit isn't so much a training as a reminder, but the reality is that is probably the most critical, if not the training on the way in. Now with that, there are a few resources that are available. I've listed them on the slide. They're all freely accessible and downloadable. Feel free to make whatever use of them you like. Thank you for your time and attention and I look forward to seeing you at our next program.
Read full transcriptSee less