employee defection & trade secrets digest

The Employee Defection &Trade Secrets Digest

Fisher & Phillips LLPattorneys at law

Solutions at Work®

www.laborlawyers.com

The Employee Defection & Trade Secrets Digest is a unique publication dedicated to covering developments, trends and strategies related to the issues that arise when employees move between competitor firms. The law of employee defection and trade secrets is about much more than non-competes and trade secrets. It encompasses arange of issues including common law claims such as breach of duty of loyalty, civilconspiracy and unfair competition, to statutory claims such as those arising under thefederal Computer Fraud & Abuse Act.

By Ron S. Brand

Employers with California operations routinely attempt to restrict the ability of theirformer employees based in California from engaging in unfair competition by using a variety of post-employment restrictivecovenants (such as covenants not to competeand covenants not to solicit customers).Unfortunately, many of these employers are unaware of California’s strong public policyagainst post-employment restrictive covenants,and simply do not know the types of restrictivecovenants that are actually enforceable in California. Accordingly, these employers userestrictive covenants that, while enforceable inother states, are unenforceable in California.This leads to situations where employers do notobtain the benefit of what they bargained for, orworse, open themselves up to liability for engaging in unfair competition themselves.

California has a long history of protectingthe interests employees have in their own mobility and betterment, and ensuring that theyretain the right to pursue any lawful employ-ment and enterprise of their choice. This policyis expressed in California Business and Profes-sions Code section 16600 (“Section 16600”),which provides: “Except as provided in thischapter, every contract by which anyone is restrained from engaging in a lawful profession,trade or business of any kind is to that extentvoid.” California courts have repeatedly held

that Section 16600 should be interpreted as broadly as its language reads. In fact, the California Supreme Court recently affirmedSection 16600’s prohibition against covenantsnot to compete. See Raymond Edwards II v.Arthur Andersen LLP (2008) 44 Cal.4th 937,946-947. Nevertheless, there is hope for employers with California operations who wantto protect their legitimate business interests (including their trade secrets) and who want toseek relief for the acts of unfair competition oftheir former employees. Not only are there four statutory exceptions to Section 16600, butCalifornia courts have carved out a few exceptions that provide significant protectionsto employers in California. The types of post-employment restrictive covenants that are generally found to be valid and enforceable inCalifornia are: (1) a covenant not to competeauthorized by statute; (2) a covenant not to solicit customers while making use of the former employer’s trade secrets or confidentialproprietary information; (3) a covenant not to solicit employees; (4) a covenant not to engage in acts constituting unfair competition;(5) confidentiality, non-use and non-disclosureagreements; and (6) employee’s agreement toassign inventions.

Covenants Not to Compete Authorized byStatute

A covenant not to compete is the most restrictive type of covenant an employer can

Demystifying California: Can California Employers Protect Against the Dangers Posed by Departing Employees?

ANALYSIS

Continued on page 2

2009, No. 1

CONTENTS

• Demystifying California: Non-Compete and Trade Secret Lawpage 1

• Can Litigation Place Your Trade secrets at Risk? page 4

• The Computer Fraud & Abuse Actpage 6

• “Wipe That Memory Clean” –Memorizing Trade Secretspage 9

• “Garden Leave” Emerging in the U.S.page 10

• Implementing a Trade Secrets Protection Programpage 12

• State Information Security Law – Informing Clients WhenTheir Information is Takenpage 17

• Protecting Trade secretspage 19

• Contact Informationpage 20

© 2009 Fisher & Phillips LLP

Atlanta � Charlotte � Chicago � Columbia � Dallas � Denver � Fort Lauderdale � Houston � Irvine � Kansas City � Las VegasLouisville � New Jersey � New Orleans � Orlando � Philadelphia � Portland ME � Portland OR � San Diego � San Francisco � Tampa

2

use to restrain its former employees. It prohibits an employee fromworking for his or her former employer’s competitors for a period of time, within a defined geographic radius. As discussed above, Section 16600 voids covenants not to compete altogether.(Moreover, Section 16600 extends to covenants by which a former employee is penalized (e.g., by forfeiting pension rights) for competing with his or her former employer after leaving its employment. See Muggill v. Reuben H. Donnelley Corp. (1965) 62Cal.2d 239, 242.)

However, California Business and Professions Code sections16601-16602 (“Sections 16601-16602”) provide four exceptions to Section 16600’s prohibition of covenants not to compete: (1) any-one selling the goodwill of a business; (2) a shareholder “selling orother disposing” of all of his or her shares in a corporation; (3) ashareholder of a corporation that sells all or substantially all of itsoperating assets and goodwill (or any division or subsidiary), or allof the shares of a subsidiary; or(4) a partner upon dissolution ofthe partnership, the partner’swithdrawal from the partnershipor disposition of the partner’s interest. To be enforceableunder Sections 16601-16602, acovenant not to compete mustalso be reasonable in scope; itmust be shown to be reason-able and necessary to protectthe buyer’s interest in terms ofduration, activity and territory.

Sale of Business And itsGoodwill

This exception allows thebuyer of a business to preventthe seller from diminishing thevalue of the business that hasjust been purchased.

“Sale or Other Disposition” ofAll Shares Held by Share-holder

California courts have interpreted this exception to require thata covenant not to compete is valid only when the sale is of a substantial interest in the employer-corporation so that the shareholder, in transferring all of his or her shares, can be said totransfer his or her interest in the employer-corporation’s goodwill.See Bosley Med. Corp. v. Abramson (1984) 161 Cal.App.3d 284,290. Employer-corporations cannot use this provision as a subterfuge by requiring an employee to purchase a single shareand agree not to work for a competitor. When all the shares of theemployer-corporation are sold, even a minority selling shareholdermay be bound by a covenant not to compete with the purchaser.See Vacco Industries, Inc. v. Van Den Berg (1992) 5 Cal.App.4th

34, 38-49.

Employer Liability for Attempting to Enforce Invalid CovenantNot to Compete

Employers who ignore Section 16600 by using an unenforce-able covenant not to compete to prevent former employees fromobtaining employment by a competitor may be opening themselvesup to liability for engaging in unfair competition. California Businessand Professions Code section 17200 prohibits unlawful, unfair orfraudulent business practices in whatever context such activitymight occur, including an attempt to enforce a covenant not to compete under Section 16600. See Application Group v. HunterGroup, Inc. (1998) 61 Cal.App.4th 881, 906-907. Moreover, an employee who is fired for refusing to sign an invalid covenant notto compete may be able to claim a wrongful termination in violationof public policy based on the employer’s violation of Section 16600.See Thompson v. Impaxx, Inc. (2003) 113 Cal.App.4th 1425, 1439;D’Sa v. Playhut, Inc. (2000) 85 Cal.App.4th 927, 933.

Covenant Not to Solicit Customers

A covenant not to solicitcustomers prohibits the formeremployee from soliciting busi-ness from certain customers ofthe former employer. A covenantnot to solicit customers istreated as a covenant not tocompete under Section 16660,since a former employee hasthe right to compete with his orher former employer, even forbusiness of those who hadbeen customers of the formeremployer, provided such com-petition is fairly and legally conducted. See Reeves v. Hanlon (2004) 33 Cal.4th

1140, 1149. However, Califor-nia courts have recognized a judicially created exception toSection 16600 for cases wherea former employee uses a

former employer’s trade secrets or confidential proprietary information to solicit the business of the former employer’s customers, and will enforce a covenant not to solicit customers insuch a case. See Thompson v. Impaxx, Inc. (2003) 113 Cal.App.4th

1425, 1425; Morlife v. Perry (1997) 56 Cal.App.4th 1514, 1526. A few California courts, without discussion, appear to uphold

covenants not to solicit customers without determining whether theinformation used was in fact a trade secret or confidential propri-etary information. See Golden State Linen Service, Inc. v. Vidalin(1977) 69 Cal.App.3d 1, 9 (covenant not to solicit customers “appears to be valid and enforceable insofar as it provides that theaffected employee will not solicit Golden State’s customers afterleaving its employ”). Nevertheless, the vast majority of Californiacourts have determined that a covenant not to solicit customers isonly enforceable to the extent necessary to protect an employer’s

ANALYSIS

The Employee Defection & Trade Secrets Digest | 2009, No. 1

Continued from page 1

trade secrets or confidential proprietary information. Accordingly,employers with California operations need to tread carefully whenattempting to enforce a covenant not to solicit customers in a situation where evidence of use of trade secrets or confidential proprietary information is lacking.

An issue often litigated regarding covenants not to solicit customers is whether the former employee actually solicited thecustomers. Under California law, a former employee has the rightto mail announcements of his or her new employment to the formeremployer’s customers, even if their identities are trade secrets.See Aetna Bldg. Maint. Co. v. West (1952) 39 Cal.2d 198, 203. Indeed, merely informing customers of a change in employment,without more, does not constitute solicitation. Under California law,customer contact constitutes solicitation when it “personally petitions, importunes and entreats. . .customers to call. . .for information about the better products or services the departing employee can provide and for assistance during the transition period.” See American Credit Indem. Co. v. Sacks (1989) 213Cal.App.3d 622, 636.

Even in the absence of a covenant not to solicit, Californiacommon law and statutory law protects California employers. Indeed, a former employee is prohibited from using his or her former employer’s trade secrets or confidential proprietary informa-tion to solicit his or her former employer’s customers, and a formeremployee is prohibited from destroying his or her former employer’sbusiness relationships with its customers through improper means(e.g., trade disparagement).

Covenant Not to Solicit Employees (“Anti-Raiding Covenant”)A covenant not to solicit employees prohibits a former

employee from soliciting other employees to join a new business(the so called “anti-raiding covenant”). Under California law, sucha covenant may be valid and enforceable even in the absence oftrade secret misappropriation or unfair competition, as long as it isreasonable in time and scope. See Loral Corp. v. Moyes (1985)174 Cal.App.3d 268, 280. However, a covenant not to hire employees (as opposed to a covenant not to solicit them) is unenforceable. As the court of appeals noted in Loral, “Equity willnot enjoin a former employee from receiving and considering applications from employees of his former employer, even thoughthe circumstances be such that he should be enjoined from soliciting their applications.”

Covenant Not to Engage in Acts Constituting Unfair Competition

A covenant not to engage in acts constituting unfair competition have been upheld by California courts. See Metro Traffic Control, Inc. v. Shadow Traffic Network (1994) 22Cal.App.4th 853, 862. The term “unfair competition” under California law includes a broad rage of conduct, including: (1) competitive acts by current employees that are adverse to theinterests of his or her current employer; (2) current or former employee’s misappropriation of employer’s trade secrets or confidential proprietary information, and other employer property;(3) soliciting former employer’s customers while making use of trade secrets or confidential proprietary information; and (4) soliciting employees to leave the employer.

Confidentiality, Non-Use And Non-Disclosure AgreementsThe most basic and widely used restriction, a confidentiality,

non-use and non-disclosure agreement is used to ensure that anemployer’s trade secrets or confidential proprietary information willnot be disclosed to competitors or misused by the former employee.California courts have consistently upheld such agreements to protect an employer’s strong interest in its trade secrets and confidential proprietary information, and have consistently found that Section 16600 does not invalidate such agreements. See Readylink Healthcare v. Cotton (2005) 126 Cal.App.4th 1006,1022.

Employee’s Agreement to Assign InventionsUnder California law, persons employed to create or deign

new products may not put the results of their work to their own useor benefit. All the creations and designs of the employee that relateto the employer’s current or anticipated business belong to the employer. Many times an employer will require its employees to assign to the employer all inventions created by the employees,even if created at home and on their own time. However, pursuantto California Labor Code section 2870(a), such an agreement isnot enforceable if (1) the employee did not use any equipment, supplies, facility, or trade secrets of the employer; (2) the inventionwas developed entirely on the employee’s own time; and (3) the invention does not relate to the employer’s business or to the employer’s actual or demonstrably anticipated research or development, or does not result from any work performed by theemployee for the employer. According to California Labor Codesection 2870(b), an agreement to the contrary is against Californiapublic policy and will not be enforced. Additionally, when requesting an employee to sign an agreement for assignment ofinventions, the employer must notify the employee in writing thatthe agreement does not apply to inventions that are fully protectedunder California Labor Code section 2870(a).

ANALYSIS

3

“[T]here is hope for employers with California operations who want to protecttheir legitimate business interests. . . .”

By Michael R. Greco

It is 4:15 on Friday afternoon. The office manager andentire sales team from your Chicago office have justresigned without notice to join a competitor. The office manager attended all of the company’s strategic planning meetings in late 2007, which led tothe rollout of your 2008 business plan. The sales repscontrol two of the company’s top five accounts, and itappears they have already started calling the clients,perhaps even prior to their surprise resignation. Various client files are missing or incomplete, andcertain computer files appear to have been downloaded and then deleted. Your CEO’s first inclination is to pursue immediate legal action againstthe former employees and the firm that hired them.“We need to find out what they took, when they tookit, and how they are using it!” His second remark is aquestion: “What do you mean we might have to showour trade secrets to our competitor if we file a lawsuit?”

Further disclosure of trade secrets through litigation is a validconcern. Courts around the country have held that plaintiffs mustspecifically identify the trade secrets at issue. This means that tradesecret plaintiffs may have to actually disclose the trade secrets theybelieve the defendants misappropriated, and not just in a summary,descriptive fashion. In one case, a plaintiff identified the trade secrets it believed to be at risk by producing “six single spaced,typewritten pages listing by general item and category hundreds ofpieces of [the company’s] internal information.” AMP Inc. v. Fleischhacker, 823 F.2d 1199, 1203 (7th Cir. 1987). The plaintiff’slist included: “business and strategic planning information for theComponents & Assemblies Division; new product development information; manufacturing information, including equipment,processes, cost and capacity information; financial information, including product-line profit-margin, sales, and budget information;and marketing and customer information.” An appellate court foundthis rather extensive, yet non-specific, list to be insufficient andstated: “[C]ourts have warned plaintiffs of the risks they run by failing to identify specific trade secrets and instead producing long

lists of general areas of information which contain unidentified tradesecrets.” Id.

Courts often require much more than just a description of aplaintiff’s alleged trade secrets. In IDX Systems Corp. v. Epic Systems Corp., 285 F.3d 581 (7th Cir. 2002), the plaintiff tried to argue that “a 43-page description of the methods and processesunderlying and the inter-relationships among various features making up IDX’s software package” is specific enough. IDX, 285F.3d at 583. The appellate court’s response was, “No, it isn’t.” Id.

Courts understand why plaintiffs do not want to identify their trade secrets with specificity. “Reluctance to be specific is understandable; the more precise the claim, the more a party doesto tip off a business rival to where the real secrets lie and where therival’s own development efforts should be focused.” Id. However,courts also recognize that generalized lists of trade secrets do littleto enable a plaintiff to prove its case, and deprive a defendant of itsright to challenge the plaintiff’s case. Indeed, even Coca-Cola, theholder of what is arguably the world’s most widely recognized trade secret, was not immune from producing its trade secrets: “The potential harm that would come from public disclosure of theformulae for old Coke, new Coke, diet Coke, and caffeine free Cokeis great, but virtually all of that harm can be eliminated with stringentprotective orders and other safeguards.” Coca-Cola Bottling Co. v.Coca-Cola Co., 107 F.R.D. 288 (D. Del. 1985) (internal citationomitted). So what is a plaintiff to do if it wishes to minimize disclosure of its trade secrets during litigation while maximizing itsability to discover what information may have been taken by defendants? Here are five tips to keep in mind:

1. Narrowly identify the trade secrets at issue. It is notuncommon for trade secret plaintiffs to allege that everything and anything qualifies as its trade secrets.Plaintiffs commonly assert broad allegations claiming thatthe allegedly misappropriated trade secrets include secret formulas, customer lists, customer preferences,business methods, etc. Although such descriptivephrases may be appropriate for a publicly filed complaint,the time may come in litigation when specificity is required. If that happens, a broader description of trade secrets may backfire and necessitate a broader disclosure. A narrow description targeted on the precisesecrets at issue can go a long way towards limiting thediscovery sought by defendants.

2. Make sure claims are based on fact, not speculation. Many trade secret plaintiffs cast a wide netin framing their allegations. Plaintiffs sometimes arguethat they were not around when the misappropriation tookplace, and therefore they need to thoroughly review all ofthe defendants’ files so they can identify the stolen trade

4

IN PRACTICE


“[C]ourts have warned plaintiffs of therisks they run by failing to identify specifictrade secrets and instead producing longlists of general areas of information whichcontain unidentified trade secrets.”

You Just Stole My Trade Secrets . . .Want Some More?Can Trade Secret Litigation Place Trade Secrets at Risk?

secrets. Defendants counter by arguing that plaintiffsshould not be granted access to a competitor’s trade secrets for the mere price of a filing fee. Courts are morelikely to permit plaintiffs to take discovery, and to limit defendants’ counter-discovery, if the allegations at issueare rooted in fact. Consequently, detailed allegations focused on narrow trade secrets arising out of concretecircumstances (e.g., the defendants downloaded our written 2008 strategic business plan) will go a long waytoward limiting discovery to truly necessary issues.

3. Avail yourself of procedural protections. Statutes andcourt rules provide ways in which plaintiffs can be protected against further misappropriation. For example, the vast majority of states across the country have enacted a version of the Uniform Trade Secrets Act. These statutes commonly require that acourt “shall” preserve the secrecy of an alleged trade secret by reasonable means which may include, but arenot limited to, granting protective orders in connectionwith discovery proceedings, holding in camera hearings,sealing the records of the action, and ordering any personinvolved in the litigation not to disclose an alleged tradesecret without prior court approval. Similarly, state andfederal rules of court commonly provide for the issuanceof protective orders directing that a trade secret or other confidential research, development or commercial information shall not be disclosed or be disclosed only ina designated way.

4. Assert credible non-trade secret claims that focus ondefendants’ conduct. Trade secret plaintiffs have theburden of establishing more than misappropriation; they must establish that the allegedly misappropriated information qualifies as a trade secret in the first place.To meet this burden, extensive disclosure may be necessary. Asserting non-trade secret claims may enable a plaintiff to frame issues for discovery by moreheavily focusing claims on the defendants’ conduct. For example, information taken from a computer maygive rise to a claim under the federal Computer Fraud &Abuse Act (“CFAA”). Although the CFAA has many specific requirements, a plaintiff need not establish thatthe information at issue constitutes a trade secret. Consequently, plaintiffs can argue that CFAA claims require greater disclosure from defendants because theyfocus more squarely upon what the defendants took, andwhen and how they took it. Other claims, such as abreach of duty of loyalty and breach of non-disclosureagreements, may carry the same benefit.

5. An ounce of prevention is worth a pound of cure.As noted above, in order to succeed on a trade secretclaim, a plaintiff must establish that the information atissue is in fact a trade secret. To do so, plaintiff mustdemonstrate that information was the subject of effortsthat are reasonable under the circumstances to maintain its secrecy. Ironically, if a company takes reasonable steps to ensure the secrecy of its information, it may actually prevent misappropriation from occurring in the first place. For more detail on steps that companies can take in an effort to protect their trade secrets, see infra articles entitled “Implementing a Trade Secrets Protection Program” and “Protecting Trade Secrets: Confidential Information and Customer Relationships Audits.”

In sum, a trade secret plaintiff may risk further disclosure oftrade secrets if it commences litigation, but careful planning andsolid legal counsel can help manage that risk and minimize unnecessary disclosure.

IN PRACTICE

5

This article originally appeared in the April 2009 issue of Risk Management magazine, which you can find at www.rmmagazine.com. Copyright 2009 Risk andInsurance Management Society, Inc. All rights reserved.

6

STRATEGY


Would you like to receive updates via e-mail concerning breaking devel-opments about employee defection issues? We would be pleased to include you on our distribution list.Send us your e-mail address.

Contact: Michael R. Greco

[email protected]

By Heather Z. Steele

The Computer Fraud and Abuse Act, 18 U.S.C. § 1030,(“CFAA”) is an expansive federal statute that imposes both criminaland civil penalties associated with unauthorized access of comput-erized information. Since its amendment in 1994 to include civilremedies – which permit any person who suffers damages or lossresulting from a CFAA violation to maintain a civil action againstthe violator for compensatory damages and injunctive relief – theCFAA arguably has evolved into a powerful tool that employers canuse against departing employees and their new employers. Specifically, an employer confronted with evidence that a formeremployee accessed its computer systems without or in excess ofhis or her authorization can assert a CFAA claim and receive thebenefits of being able to bring its action in federal court, as well asavoiding many of the burdens associated with claims based ontrade secret misappropriation, such as the burden of proving thetrade secret status of the information at issue and the burden ofproving that the former employee is actually using, or threateningto use, the information.

As CFAA claims against former employees have becomemore commonplace, numerous courts have had ample opportunity

to interpret the requirements necessary for an employer to establisha claim under the CFAA. The results, however, are not always consistent. To establish liability under the CFAA, an employer is likely to have to show that an employee either fraudulently or “intentionally” accessed a protected computer “without authorization or in excess of one’s authorization” and that as a result of this conduct, caused “loss to 1 or more persons during any1-year period . . . aggregating at least $5,000 in value.” See 18U.S.C. § 1030. Most courts interpreting the CFAA in the departedemployee context have debated two specific requirements: (1) what constitutes “without authorization or in excess of one’s authorization” under the CFAA; and (2) what is necessary to provethe requisite “damage” and/or “loss” under the CFAA.

Without and/or In Excess of Authorization:The majority of courts interpreting the CFAA’s “without

authorization” or “in excess of one’s authorization” requirementhave found that an employee exceeds the scope of his or authorized access to an employer’s computer systems once theemployee begins acting for a purpose against the employer’s bestinterests, acting for a competitive purpose and/or acting as someone else’s agent. For example, in a recent decision by the

The Computer Fraud & Abuse Act: A Powerful Litigation Tool for Employers?

United States District Court for the Southern District of New York,Calyon v. Mizuho Securities USA, Inc., No. 07-Civ. 2241, 2007 U.S.Dist. LEXIS 66051 (S.D.N.Y. Sept. 5, 2007), the Court consideredactions that often time occur in the departing employee context —an employee resigns, copies allegedly confidential information fromhis former employer’s computer system, and then e-mails the information to his personal e-mail accounts and/or to his new employer. Id. at *2. In considering those facts, the Caylon Courtheld that the employees’ actions established the basis for a claimunder the CFAA because “the plain language of the statute seemsto contemplate that, whatever else, ‘without access’ and ‘exceedsauthorized access’ would include an employee who is accessingdocuments on a computer system which that employee had toknow was in contravention of the wishes and interests of his employer.” Id. at *4. See also Pharmerica, Inc. v. Arledge, No.8:07-cv-486-T-26MAP, 2007 U.S. Dist. LEXIS 19992 (M.D. Fla.March 21, 2007) (holding that a former employee violated theCFAA by downloading and deleting trade secret information for competitive use and, therefore, without authorization).

Numerous other courts have reached similar conclusions. In ViChip Corp. v. Lee, 438 F. Supp. 2d 1087 (N.D. Cal. 2006), theUnited States District Court for the Northern District of Californiaheld that a former CEO’s unauthorized destruction of the corporation’s electronic files entitled the corporation to summaryjudgment on its CFAA claim. Id. at 1100. The former CEO admitted that he deleted ViChip’s computer files, but argued that hisactions were “technically authorized” since he did so while still anofficer and director of ViChip and, therefore, with authorization. Id.The ViChip Court found the defendant’s arguments unpersuasive,relying on International Airport Centers, LLC v. Citrin, 440 F.3d 418(7th Cir. 2006) for the proposition that “an employee could still bedeemed to have accessed the employer’s computer ‘without authorization,’ even though the agent’s employment had not yet terminated, and that liability could attach under the CFAA.” SeeViChip, 438 F. Supp. 2d at 1100. The ViChip Court further indicated that the former CEO had a duty of loyalty to the corporation and that this duty led to an agency relationship between the parties. Id. The Court held that when the former CEO decided to delete the corporation’s computer information (inpreparation for termination of his employment with the company),the former CEO breached his duty of loyalty and terminated hisagency relationship with the company – thereby, terminating hisauthorization to access company files. Id.

Many courts have focused on the termination of the agencyrelationship when considering whether an employee’s access tohis or her employer’s computer systems was “without authorization”or “in excess of [] authorization.” In Book Wholesalers, Inc. v.Rooth, No. 04 CV 2428 DMS, a 2005 unpublished decision fromthe United States District Court for the Southern District of California, the Court considered the actions of a former employeeof a book vendor who left employment and took her employer’sACT Database (containing over 11,000 files for customers and potential customers across the nation). The employer claimed thatalthough the employee did have authorization to access the ACTDatabase during her employment, she did not have authorization to download the entire ACT Database to either her personal or

work-issued computer and/or that her authorization ceased when she began acting outside the scope of her employment. The employer relied on prior case law and the Restatement ofAgency to argue that “the authority of the plaintiff’s former employees ended when they allegedly became agents of defendant.” The Rooth Court found support for the employer’s contention that its former employee had begun acting as an agentof its competitor at the time she downloaded and/or attempted toaccess the employer’s ACT Database and, therefore, granted the employer’s motion for a preliminary injunction against its formeremployee. But see Condux Int’l. Inc. v. Hangum, No. 08-4824, 2008U.S. Dist. LEXIS 100949, at *14-15 (D. Minn. Dec. 15 2008)(adopting narrow interpretation of “without authorization” requirement of the CFAA, stating that a broader interpretation “incorrectly focuses in what a defendant did with the informationafter he accessed it (use of information), rather than on the appropriate question of whether he was permitted to access the information in the first place (use of access)”). B&B Microscopes v.Armogida, 532 F. Supp. 2d 744 (W.D. Pa. 2007) (refusing to followthe reasoning that once an employee begins violating a duty of loyalty to his employer any authorized access is withdrawn, andholding instead that the employee had authorization to use his former employer’s laptop).

Damage/Loss:The concepts of “damage” and “loss” are broadly defined

under the CFAA. The CFAA defines “damage” as “any impairmentto the integrity or availability of data, a program, a system, or information that causes loss aggregating at least $5,000 in valueduring any 1-year period to one or more individuals.” See 18 U.S.C.§ 1030(e)(8). Congress defined “loss” under the CFAA to mean“any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment,restoring the data program, system, or information to its conditionprior to the offense, and any revenue lost, cost incurred, or otherconsequential damages incurred because of interruption of service.” See 18 U.S.C. § 1030(e)(11). In considering what is necessary to establish the requisite damage and/or loss under the CFAA, courts have often times reached differing results – somefinding that damage and loss can include loss of business, tradesecret information, etc. and others limiting the statute’s definitionof lost revenue to address only revenue lost due to an interruptionin services of the computer network.

The United States Court of Appeals for the Ninth Circuit recently held that lost revenue, including loss of good will, counts

STRATEGY

7

Continued on page 8

The majority of courts . . . have found thatan employee exceeds the scope of his or authorized access to an employer’s computer systems once the employeebegins acting for a purpose against theemployer’s best interests

8

toward reaching the damage and loss requirements of the CFAA.In Creative Computing v. Getloaded.com LLC, 386 F.3d 930 (9thCir. 2004), the defendant objected to the decision of the UnitedStates District Court for the District of Idaho, which required it to pay damages for loss of business and business goodwill in conjunction with a CFAA claim. Id. at 935. The Creative Computing Court found the defendant’s objection without merit, indicating that “[w]hen an individual or firm’s money or property areimpaired in value, or money or property is lost, or money must bespent to restore or maintain some aspect of a business affected bya violation, those are ‘economic damages’ covered by the CFAA.”Id. See also Frees, Inc. v. McMillian, 2007 U.S. Dist. LEXIS 57211,at *15 (W.D. La. Aug. 6, 2007) (“interpreting the [CFAA] to limit therecovery of lost revenue would lead to absurd results . . . When adefendant copies unauthorized data to gain a competitive edge, itmakes no sense to limit the plaintiff’s recovery when the lost revenue is a direct result of defendant’s misconduct”).

Similarly, in C.H. Robinson Worldwide, Inc., v. CommandTransportation, No. 05 C 3401, 2005 U.S. Dist. LEXIS 28063 (N.D.Ill. Nov. 16, 2005), the plaintiff alleged that the defendants violatedthe CFAA and that as a result of defendants’ actions, plaintiff suffered loss, including loss of the value of trade secrets and otherconfidential information and loss of competitive advantage. Id. at *3. Defendants filed a motion to dismiss, alleging that plaintiff failedto properly allege the requisite damage and loss as required by theCFAA. Id. at *2. The C.H. Robinson Court held that “[c]aselaw supports an employer’s use of the CFAA’s Civil Remedies to sueformer employees and their new companies who seek a competitive advantage through wrongful use of information fromthe former employer’s computer system” and that, therefore, theplaintiff properly alleged “loss” under the CFAA based on its allegations of loss in value of trade secrets and loss of competitiveadvantage. Id. at *4.

Other courts, however, have refused to count a loss of business or loss of clients towards meeting the $5,000 “loss”threshold. In Nexans Wires v. Sark-USA, Inc., No. 05-3820-CV,2006 WL 328292 (2d Cir. Feb. 13, 2006), the United States Courtof Appeals for the Second Circuit interpreted the CFAA strictly,holding that lost revenue considered under the statute includes only revenue lost from an interruption of service. The Nexans Courtstated that “the plain language of the statute treats lost revenue asa different concept from incurred costs, and permits recovery of theformer only where connected to an ‘interruption in service.’” Id. at*2. See also Hangum, 2008 U.S. Dist. LEXIS 100949, at *22-24(finding that although the employee’s activities “may well have compromised or diminished the confidentiality, exclusivity, or secrecy of proprietary information…the plain language of the[CFAA] requires some alternation of or diminution of the integrity,

stability, or accessibility of the computer data itself”). Other courtsfollowing a similar analysis have indicated that the end use of theinformation to compete unfairly, and which results in lost businessor goodwill, is not the type of loss contemplated by the statute.See, e.g., Civic Ctr. Motors, Ltd. v. Mason Street Import Cars, Ltd.,387 F. Supp.2d 378, 382 (S.D.N.Y. 2005) (holding that loss of “competitive edge” claim not caused by computer impairment orcomputer damage was not cognizable under the CFAA).

ConclusionAn analysis of the current state of the law on CFAA claims

indicates that, under the right circumstances, the CFAA is a powerful litigation tool that employers can use to obtain injunctiverelief and monetary damages against a departed employee and hisor her new employer. The body of law applying the CFAA to employment cases involving the unauthorized access of protectedcomputer information has grown significantly over the last fewyears. There is little doubt that the number of these claims will continue to grow in the future.

STRATEGY



By Heather Z. Steele

When an employee with knowledge about his employer’s tradesecrets resigns, the employer may be rightfully concerned aboutthe possibility of trade secret misappropriation. Some courts arewilling to grant trade secret protection to memorized information,while other courts focus on whether the information was taken in atangible format (e.g., documents or electronic media).

Historically, among those courts holding that departing employees are free to rely upon their memory, their holding has generally reliedupon the Restatement (Third) ofUnfair Competition § 42, which provides that “[i]information that forms the general skill, knowledge, training, and experi-ence of an employee cannot beclaimed as a trade secret by a former employer.” In an earlydecision on the issue by theUnited States District Court for the District of Nebraska, Cudahy Co. v. American Labo-ratories, Inc., 313 F.Supp. 1339 (D. Neb. 1970), the Court indicated that an employee who did not utilizeprinted documents, but ratherknowledge gained from con-stant exposure to his former employer’s business informa-tion, did not misappropriatetrade secrets. Some state court decisions have similarly recognizedthe distinction between physical documents and memorized information. In Peace v. Conway, 435 S.E.2d 133, 135 (Va. 1993),the Supreme Court of Virginia held that the former employees, who“did not take any documents or utilize any property that belongedto [their former employer]” did not “employ improper methods by utilizing their memories to compile a list of the names of [the formeremployer’s] customers and soliciting business from those customers.” See also, Metal Lubricants Co. v. Engineered Lubricants Co., 284 F. Supp. 483, 486-87 (E.D. Mo. 1968) (holdingthat information that could be readily assembled from memory isnot a trade secret); Gulf Toy House, Inc. v. Bertrand, 306 So.2d361 (La. Ct. App. 1975) (“Louisiana courts have refused to issue aninjunction against solicitation of customers of a former employerwhere the ex-employee did not use a secret list and merely reliedon memory.”).

Courts holding the opposite way have generally relied upon the widely enacted Uniform Trade Secrets Act (“UTSA”). Forexample, in Al Minor & Associates, Inc. v. Martin, 881 N.E.2d 850,853-54 (Ohio 2008), the Ohio Supreme Court indicated that the

majority position among the states that have adopted the UTSA isthat memorized information can be the basis for a trade secret violation. The Ohio Supreme Court held that a former employee’suse of customer information committed to memory constitutes a violation of the UTSA because nothing in the Act nor the commonlyrecognized six-factor test for determining trade secret status indicates that a distinction should be made between information in tangible versus memorized form. Id. By way of further example, courts acting under the UTSA in Arkansas, California, Florida, Illinois, Iowa, Massachusetts, Pennsylvania,

Rhode Island, and Washington have all indicated that informa-tion contained solely in an employee’s memory may be protected as a trade secret belonging to an employer. See,e.g., Ed Nowogroski Ins., Inc. v.Rucker, 137 Wash.2d 427(1999); Morlife, Inc. v. Perry, 56Cal.App.4th 1514 (1997); Allenv. Johar, Inc. 308 Ark. 45(1992). See also North AtlanticInstruments, Inc. v. Haber, 188F.3d 38, 46-47 (2d Cir. 1999)(citing Milgrim on Trade Secretsfor the proposition that “[t]hemajority rule is . . . that appro-priation by memory will be restrained under the same circumstances as will appropri-ation by written list”). But seeL&B Transport, LLC v. Busby,

No. 06-310-FJP-SCR, 2008 U.S. Dist. LEXIS 32590, at *10-34 (M.D. La. Feb. 13, 2008) (refusing to grant trade secret protection to customer lists, employee lists and/or pricing informa-tion located in a former employee’s memory even though Louisianaenacted a version of UTSA); Avnet, Inc. v. Wyle Labs, Inc., 437S.E.2d 302, 305 (Ga. 1993) (ordering defendants to return to their former employer tangible documents containing customer information, but stating that the former employees were at liberty touse such information to the extent it existed in their memoriesnotwithstanding Georgia’s enactment of the UTSA).

Employers should be mindful of these competing schools ofjudicial thought and should take steps to protect their confidentialand trade secret information by way of contract. Contracts shouldclearly spell out what information is considered confidential, andthey should contain restrictions against the use and disclosure ofsuch information, regardless of whether it is contained in hard copyor intangible format. Utilizing contractual restrictions of this naturemay also have the secondary benefit of increasing the chance thatconfidential information qualifies for trade secret protection.

ANALYSIS

9

“Wipe That Memory Clean?” or “Just Keep It Inside?”:Competing Views On Memorization of Trade Secrets

10

By Christopher P. Stief

Can you require your key employees to give lengthy advancewarning of their intent to resign, then send them home as soon asthey give notice, and prohibit them from competing in any way untilthe notice period expires? The answer may well be, “Yes.” Long astaple of United Kingdom employment agreements, so-called “garden leave” clauses are quietly emerging as a more commontool for American businesses to protect themselves against someof the harms caused by defection of key employees to competitorfirms. Many of the early adopters in the United States have been financial services firms such as Bear Stearns, Citigroup, Morgan Stanley and Cantor Fitzgerald, perhaps because financialfirms have a substantial employee presence in both the New Yorkand London finance markets. Many of these firms and others haveimplemented thirty, sixty or ninety-day notice provisions for keyupper level employees. But other industries are taking notice, asreported in a July 2008 article in Business Insurance magazine, entitled “U.S. Brokerages Eye U.K.-Style ‘Garden Leave’ For Defectors.”

During the recent spate of departures following Bear Stearns’well-publicized problems, courts in Massachusetts and New Yorkhad a chance to interpret and consider the enforceability of noticeprovisions signed by key Bear Stearns executives. As is so oftenthe case in employee defection litigation, the results were variedand not readily reconcilable. In one case, Bear Stearns & Companyv. Kym S. Arnone, a New York state court issued a preliminary injunction against a former Bear Stearns executive who was seemingly abiding by her ninety-day notice clause by staying home,but who admitted that she had been calling clients to inform them that she would be at Lehman Brothers after ninety days. Thecourt prohibited the executive from “soliciting, contacting or communicating” with clients. By contrast, a Massachusetts federalcourt denied Bear Stearns’ request for a preliminary injunctionagainst a former executive, Douglas Sharon, who began work immediately at Morgan Stanley. Interestingly, the court found thatBear Stearns was likely to prevail on its claim for breach of the notice provision, but reasoned that ordering specific performance ofthe ninety-day clause would violate the principle that a person maynot be forced to continue in an at-will employment relationshipagainst his will. The court cited Restatement (Second) of Contracts

§ 367, which embodies the familiar rule from first year law schoolContracts class that contracts for personal services may not bespecifically enforced (whether the reasons behind that rule reallyare implicated by injunctive enforcement of a garden leave clauseare open to debate, because the employee would not be forced togo anywhere near the employer; rather, the employee would simplybe at home).

The Benefits of Garden Leave ClausesIn its pure form, “garden leave” is a notice-of-termination

provision like those involved in the Bear Stearns cases, requiringthe employee to give substantial advance notice to the employer ofthe employee’s intent to resign. For the duration of the notice period, the employee is relieved of work duties and sent home to “work in the garden.” The employer agrees to pay the employee full salary and benefits during the notice period, withoutrequiring the employee to come to work, and the employee is correspondingly prohibited from commencing any competitive conduct such as solicitation of clients or co-workers. This clauseprovides the employer with many of the benefits of a non-competeagreement by requiring the employee to remain “on the sidelines”for a bargained-for period of time, but reduces some of the financialhardship to employees that courts sometimes cite as a factor militating against full injunctive enforcement of covenants not to compete.

The benefits to an employer are numerous, as long as the employee at issue poses enough competitive risk that it is worththe expense for the company to pay him to sit on the sideline.Under a carefully drawn “garden leave” clause, for the duration ofthe notice period:

• the employee remains “employed” and as a result continues to owe a duty of loyalty to the company;

• the employee loses access to records and informationsystems, and consequently cannot view or copy confidential business information;

• the employee is under an obligation not to transmit any confidential or proprietary information to his future employer, and confidential or proprietary information inthe employee’s memory may be stale or forgotten by theend of the notice period;

• the employee is barred from soliciting clients and/or co-workers to follow the employee to his or her future employer; and

• the employer is given time to replace the employee andtime to allow that replacement to develop relationshipswith the departing employee’s client base and businesscontacts free from competition from the departing employee.

GROWING TREND


“Garden Leave” Emerging in the U.S

A condensed version of this article was published in the November 2008 Issue of Corporate Counsel, and this article is reprinted here by permission.

“[B]ecause garden leave clauses offercompensation during the employee’stime on the sideline, the use of theseagreements can help blunt defensesbased on economic hardship by ensuringthat the employee has income during theleave period.”

GROWING TREND

11

In addition, a garden leave clause has the added attractionthat it may well increase the chances of success for your companywhen it comes time to seek injunctive enforcement.

The growth of garden leave clauses is, at least in part, a response to the frustration some employers have experienced withthe unpredictability of enforcement of traditional non-competeclauses. Indeed, in Great Britain as well as the United States, acommon judicial concern with some non-compete injunction caseshas been the personal impact on the employee of enforcing a non-compete clause that might prevent a former employee fromearning a living, particularly where the employee may be the solebreadwinner for his or her family. In fact, the Federal Rules of CivilProcedure and similar provisions in state court require the court toconsider the impact of the proposed injunction on the defendant.But because garden leave clauses offer compensation during theemployee’s time on the sideline, the use of these agreements canhelp blunt defenses based on economic hardship by ensuring thatthe employee has income during the leave period.

Garden Leave in the United StatesAdoption of garden leave clauses in the United States has

included two conceptually distinct forms: (1) a pure form, in whichthe concept of the “notice clause” is retained, and the employee remains a paid employee during the notice period, and (2) a “non-compete with pay” model, in which employment terminates,but the company agrees to pay its former employee certain compensation during the restricted period, which may or may notbe conditioned on proof of the employee’s inability to find otherwork as a result of the clause. There is very little published case lawin the United States interpreting the pure form of notice provision,such as the Bear Stearns cases, but published decisions generallyhave noted the reduced impact on the employee when interpreting“non-compete with pay” agreements, although other factors continue to be important. One court favorably cited the “safety net”clause in an agreement between Campbell Soup and one of its former employees. See, Campbell Soup Co. v. Desatnick, 58 F.Supp. 2d 477, 482 (D.N.J. 1999). The agreement to pay full salaryduring the injunctive period likewise was cited as a factor by thecourts in Minnesota Mining and Mfg. Co. v. Francavilla, 191 F.Supp. 2d 270, (D. Conn. 2002), Natsource LLC v. Paribello, 151 F.Supp. 2d 465, 470 (S.D.N.Y. 2001), Aetna Ret. Servs., Inc. v. Hug,1997 Conn. Super. LEXIS 1781, at *30-31 (June 18, 1997), Maltbyv. Harlow, Meyer Savage, Inc., 637 N.Y.S.2d 110, 111 (N.Y. App.Div. 1997), and Lumex, Inc. v. Highsmith, 919 F. Supp. 624, 629(E.D.N.Y. 1996). In some cases, such as the 3M case, payment tothe employee during the restricted period is conditioned on hisdemonstrating that he was unable to find employment consistentwith his ability and education solely because of the non-compete

covenant. A clause can be structured that works in a manner akinto unemployment compensation, under which the former employeemust document efforts made to obtain alternative employment, andthe failure to document such efforts can be grounds for the formeremployer to withhold compensation during the restricted period.This entails a substantial amount of ongoing entanglement with theformer employee, and some companies simply do not want to behounding former employees for documentation of their efforts tofind work each week.

ConclusionGarden leave notice clauses may well become more common

in United States companies. The pre-existing “non-compete withpay” cases suggest that some American courts have begun to accept the core concepts of garden leave. Yet companies must remember that courts likely will analyze garden leave clauses as restrictive covenants. This means they will be subject to the sameheightened scrutiny generally applied to non-compete agreements.When rolling out a new clause, it is important to pay attention to therequirements of specific state laws, such as those governing adequacy of consideration and scope of acceptable restraints. By following these guidelines, a well-drafted garden leave clausehas a better chance of enforceability under the laws of most states.But there are key variations in the law from state to state, so thereis no one agreement that can be rolled out as a single national form.A successful roll-out of a garden leave clause requires a similarlevel of attention as a national roll-out of a non-compete clause: asingle version can work in many states, but there are some keystates that may well need special treatment, including California,Georgia, Louisiana, Wisconsin, and others.

By Ron S. Brand and Robert Yonowitz

In the business world, information can make the difference between success and failure, or profit and loss. It is estimated that 70% of the value of an average business is held within its information systems. Although a tremendous amount of information can be obtained through legal means, such as searching public records, some unfortunately believe that the best way to get at a company’s trade secrets or other confidentialinformation is to steal them. Since most businesses depend on information, corporate espi-onage is a problem of gigantic proportions. The types of information unscrupulous indi-viduals or competitors seekare client lists, financial data,research and developmentwork, merger and acquisitionplans, and unannounced product specifications and prototypes. Any of this infor-mation could greatly benefit acompetitor, while at the sametime the theft of this informa-tion could have a devastatingfinancial effect on a business.For example, the theft of acustomer list (which is thenumber one item stolen by employees), could be sold to a competitor or used by the employee to start his or her own company, which in either case would affect the profitability of thevictim company.

When litigation over trade secrets ensues between employeesand companies, such as litigation related to enforcing confidentialityagreements, non-solicitation agreements and covenants not tocompete, the preservation of electronic evidence is nearly alwayscrucial to the outcome of the litigation. Too often companies thatbecome embroiled in such litigation find that the electronic evidencethey thought they could rely upon simply no longer exists and cannot be recovered. Or, companies find that the integrity of theevidence has not yet been preserved, so that it cannot be used effectively in such litigation.

This article seeks to show you how to protect your company’strade secrets so that in the event one of your employees steals a

trade secret, you will be in the best possible position to succeed inlitigation stemming from this theft. This article discusses what mightconstitute your company’s trade secrets, provides guidance on howto implement a proactive corporate program to protect trade secrets from improper and unauthorized access or disclosure, and discusses the forensic steps you can take to catch an employeestealing your company’s trade secrets.

The Growing Magnitude of Trade Secret TheftIn 1999, Fortune 1,000 companies lost more than $45

billion from the theft of trade secrets, according to a surveyby the American Society for Industrial Security (“ASIS”) and PriceWaterhouseCoopers.The Pacific Northwest NationalLaboratory, under contract bythe Federal Bureau of Investi-gation, developed an economicloss model in an attempt to assess economic losses result-ing from trade secrets theft.The model showed that theft of trade secrets caused over$600 million in lost sales andthe loss of 2,600 full-time jobs per year. Today, statisticsdrawn from various industry

sources show that losses due to trade secret thefts are estimatedat $150 billion a year. Average employee trade secrets theft nowcosts about $25,000 per incident, while a computer-assisted employee trade secrets theft runs about $430,000. Moreover, thesefigures do not take into account the fallout from trade secret theft.The fallout can include destruction of the company’s reputation, theinability to stay in business, the damage to employee morale, andthe time and energy taken from productive projects to deal with the theft.

Many Companies are Poorly ProtectedDespite the significant risks corporate espionage poses to

companies, few companies spend the money needed to secureand protect their trade secrets and to train their employees to safeguard their trade secrets. According to Dan Swartzwood, corporate information security manager with Compaq ComputerCorporation who testified at a Congressional Subcommittee hearing, the vast majority of the money that companies spend onsecurity is spent on physical and electronic measures designed to keep outsiders from penetrating corporate networks. However,according to the ASIS, 75% of the thieves are employees or independent contractors. The reality is that companies do little toprotect trade secrets from either the untrained or disgruntled employee.

12

IN PRACTICE


Implementing a Trade Secrets Protection Program

Statistics drawn from various industrysources show that losses due to trade secret thefts are estimated at $150 billiona year

One reason why many companies do little to protect their tradesecrets is that they fail to ask themselves the following critical question until after a trade secret problem arises: Of all the thingsI know about my company, what information would I not like to havein the hands of my competitors? If companies would only ask themselves that question regularly and institutionalize a processfor identifying and protecting that information, much trade secrettheft could be avoided. Another reason is that many companiessimply do not like to spend money on a problem they do not thinkthey have. Unfortunately, most companies have this problem.

What are Your Company’s Trade Secrets?The first step in assessing whether your company is

adequately protected, or in increasing the protections you have inplace, is to determine which of your company’s information islegally and practically protectable. There are two primary sourcesfor defining trade secrets: statutes based on the Uniform Trade Secrets Act (“UTSA”), which many states have adopted with various twists, and common law factors traditionally used by courtsin various jurisdictions. Under the UTSA, a trade secret is definedas follows:

Information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and notbeing readily ascertainable by proper means by, otherpersons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that arereasonable under the circumstances to maintain its secrecy.

Using either the UTSA or common law factors, or a variationof their themes depending on the state, courts have held that tradesecrets may include such diverse information as pricing and biddingformulas, feasibility forecasts, product designs, financial data, contract bids, internal marketing profiles, and other methods andsystems by a company. Two of the most commonly litigated examples of potential trade secrets are customer lists and theknowledge or training that a company claims it imparted to an employee and which it now wants to protect.

The decisions handed down by courts across the countrydemonstrate that virtually any type of information can be considered a trade secret, depending on the situation. Several factors are relevant in assessing whether particular informationconstitutes a trade secret:

• How much time and effort did the company put into developing the information;

• If the information relates to customers, whether the information is available through directories, industry publications or on-line resources;

• If the information relates to customers, whether the information is of the type that customers have in their possession and are willing to provide to competitors inthe same industry;

• How difficult is it for competitors to duplicate the information on their own;

• Whether the company intentionally or inadvertently disclosed the information in industry publications, tradeshows or on its web site; and

• If the information involves a compilation of data, howmuch of the underlying data is available publicly and howdifficult or unique is the compilation process.

In the litigation context, the key to a company’s success or failure of its trade secret argument is whether reasonable attemptswere made to protect its trade secrets from improper and unauthorized access or disclosure. As discussed more fully below,it is extremely important that you take proactive measures to protectyour company’s trade secrets. The stories are legion of companiesfailing to prove trade secrets because they did not take reasonablesteps to preserve their secrecy long before litigation occurs. By thetime trade secret status is being advanced or challenge, whateversteps were taken or not taken to protect trade secrets will be theones that usually determine the outcome of a case.

How to Implement a Trade Secrets Protection ProgramOnce you have identified your company’s trade secrets (or

perhaps more pointedly, the information for which you seek tradesecret protection), the next step is to identify the specific physical,information technology and other security protocols your companycan take to protect such information. So, what can your companydo to protect its trade secrets from thieves? The first line of defenseagainst any form of corporate espionage is to implement a tradesecrets protection program. This consists of a three-pronged approach: (i) addressing employment relationships; (ii) controllingaccess to your company’s trade secrets; and (iii) knowing your company’s employees.

A. Address Employment Relationships

i. Require Your Employees to Sign ConfidentialityAgreements, Non-Solicitation Agreements,Covenants not to Compete, and Assignment ofInvention Agreements

As a basic first step, to the extent permitted by applicable law,you should have your company’s employees sign confidentialityagreements, non-solicitation agreements, covenants not to compete, and assignment of invention agreements.

A confidentiality agreement accomplishes four primary purposes: (i) it acknowledges that the employee has been or will be

IN PRACTICE

13

Continued on page 14

14

exposed to certain company trade secrets and other confidentialand proprietary information; (ii) it identifies this information with atleast some degree of particularity; (iii) it prohibits unauthorized useor disclosure of this information; and (iv) it requires the return of alltrade secrets and other confidential and proprietary information on separation from employment and requires employees to sign a termination certificate declaring that all trade secrets havebeen returned.

A non-solicitation agreement prohibits a departing employeefrom soliciting, directly or indirectly, the company’s customers orclients, regardless of where they are located, to do business withthe employee. The primary requirement for a non-solicitation agreement is to identify the customers or clients that an employeecannot solicit. As a general rule, courts do not require that a specific geographical territory be included in the agreement, although various states do differ on this issue. In addition, when determining whether a non-solicitation agreement is reasonable,courts will often consider the extent to which the employee had actual contact with the customers or clients. Some states, likeCalifornia, are more restrictive and require that, in order to be enforceable, a non-solicitation agreement must be coupled with astrong interest in confidential customer or client information.

A covenant not to compete – also known as a “non-competi-tion agreement” or “non-compete agreement” – protects two aspects of corporate life: (i) customers or potential customers, andbusiness interests that a company has spent considerable effortdeveloping and which are vital to its financial health; and (ii) confidential information, which, if possessed, used or disclosedto unauthorized third parties could result in significant financialharm to the company. Most courts will enforce covenants not to compete, as long as they are drafted in accordance with statelaw. As a general rule, covenants not to compete are enforceableonly to the extent that they protect the legitimate business interestsof companies (such as protecting trade secrets) and they contain reasonable time and territory restrictions. To be reasonable as toterritory, a covenant not to compete should at most only addressthat territory in which the company actively conducts business (although it is safer to restrict the territory to that in which the employee was actively engaged). To be reasonable as to time, agood rule of thumb is that most courts will enforce restrictions up totwo years; three to four years will be closely scrutinized and held toa more rigorous standard; and five years or more will be virtually unenforceable (except perhaps in a sale-of-business context).

An assignment of invention agreement is a provision or separate document that “assigns” to the company any inventions ornew discoveries made by an employee or independent contractorduring the course and scope of his or her employment or workfor hire. Some states, such as California, regulate the use of assignment of inventions agreements by requiring certain notice toemployees (Lab. Code § 2870).

ii. Implement Appropriate Security Policies

Second, implement policies, to be signed by all of your company’s current employees and new-hires, addressing the following areas: (i) the use of computers, e-mails, voice mail

and the internet; (ii) physical access to trade secrets; (iii) telecommuting; (iv) employee privacy concerns; and (v) vendorsand third party access to confidential information.

iii. Train Your Company’s Employees

Third, train your company’s employees and new-hires annuallyin basic security awareness, the company’s security policies and procedures, their security responsibilities, and the proper procedures for reporting and dealing with theft of trade secrets.

Furthermore, consider including in the employees’ personnelfiles documents that show the steps taken to inform him or herabout the confidentiality obligations – such as a copy of the signedconfidentiality agreement, receipt of the employee handbook andother key policies, a review of the trade secrets protection program,and a record of attendance at training meetings that address theneed to protect trade secrets.

iv. Protect Your Company’s Trade Secrets Upon anEmployee’s Termination

Employee terminations create a particularly likely window forloss of trade secrets. Failure to take reasonable steps in the eventof a termination can result in loss of critical information, or loss oftrade secrets protection. In order to preserve your company’s tradesecrets, the termination or resignation of an employee with accessto this highly sensitive information should trigger related securityprecautions.

You should immediately disable the accounts and access privileges of the terminated employee, and change all passwords,remote access codes, and, in appropriate instances, even VPN and dial-in numbers immediately at the time of termination. Also, you should “unplug” a terminated employee’s computer systems and remove dial-up modems from the terminated employee’s workstation. Such actions will prevent the employeefrom accessing files after leaving. Examine the employee’s computer/laptop before he or she leaves to determine if the employee has accessed and/or copied sensitive information in recent months. Conduct an exit interview and remind the employee during the exit interview of his or her continuing duty notto disclose trade secrets, and reference any documents to that effect. At the exit interview, request that the employee return allcompany property. Consider using a checklist for returning company equipment, keys and confidential information. You mightalso consider obtaining from the departing employee information

IN PRACTICE



Employee terminations create a particu-larly likely window for loss of trade secrets. Failure to take reasonable stepsin the event of a termination can result inloss of critical information, or loss of tradesecrets protection.

IN PRACTICE

15

about his or her new employer, which could help you determine thepotential risk of any unauthorized disclosure or use of trade secrets.

B. Control Access to Your Company’s Trade Secrets

Controlling access to your company’s trade secrets meanskeeping the trade secrets confidential and providing access only tothose having a legitimate need for it. This is especially important inprotecting trade secrets because one or more critical elements ofproof under most state laws is showing that steps were taken toprotect the secrecy of the information.

i. Secure the Physical Environment

Examples of how you can secure the company’s physical environment include:

• Restricting access to servers, routers, and other networktechnology to those whose job responsibilities require access;

• Installing surveillance equipment to monitor access toservers and other critical systems;

• Keeping wire closets, server rooms, phone closets, andother locations containing sensitive equipment locked atall times;

• Keeping an inventory of the equipment and periodicallychecking for missing equipment;

• Placing locks on computer cases to prevent hardwaretampering;

• Locking file cabinets and offices that store sensitive information;

• Designating all documents containing trade secrets or confidential information as “confidential” and implementing procedures to help ensure that all documents deserving the “confidential” designation areappropriately marked when initially created;

• Cross-shredding all paper documents containing confi-dential information before trashing them;

• Securing all dumpsters and posting “NO TRESPASSING”signs; and

• Making sure all discarded magnetic media are erased.

While it is not necessary for your company to utilize every oneof the above-mentioned protocols in order for information to qualifyas a trade secret, your company’s failure to take routine physicalprecautions may lead a court to deny trade secret protection.

ii. Manage Access to the Company’s ComputerSystem Resources

Examples of how you can manage access to the company’scomputer system resources include:

• Implementing passwords for all employees for access toall critical system resources;

• Making sure passwords are set up with multiple characters (including numbers and letters);

• Requiring employees to change their passwords at leastevery 60 days and preventing them from reusing oldpasswords;

• Periodically training employees in password selectionand protection and training them not to tell their passwords to others;

• Implementing controls on employees’ use of the internet,the sites they can visit, and the software they can download; and

• Monitoring and logging employees’ internet actions.


16

iii. Secure the Company’s Computer System andNetwork

Examples of how you can secure the company’s computersystem and network include:

• Keeping audit logs of all access requests to criticalsystems and sensitive information;

• Encrypting sensitive information;

• If the company’s network is on the internet, using afirewall and auditing the servers for security holes ona regular basis;

• Making sure the system has all of the latest securitypatches and fixes installed;

• Making sure all portable storage devices brought intothe company are scanned for viruses before use;

• Backing up all workstations and servers at leastweekly and storing backups offsite;

• Keeping a log of all backups, including backup date,backup locations, and the employee performing thebackup;

• Periodically testing the backup system to ensure theability to restore date if necessary.

iv. Protect Against Third Party Disclosure

Examples of how you can protect the company against disclosure of its trade secrets to third parties (such as independentcontractors, vendors and suppliers) include:

• Training your company’s employees not to discuss thecompany’s trade secrets or confidential informationaround third parties;

• Instructing employees to report any repair people thatshow up without being called, and to not grant access toequipment until their identities are established;

• Requiring all visitors to wear visitor tags and be escortedat all times;

• Utilizing contract and licensing agreements that expresslystate the parameters for using certain information, and

that include restrictions on “reverse engineering” or disclosing that information during activities such as a contract bidding process;

• Utilizing confidentiality provisions in standard contractswith any subcontractors or suppliers; and

• Meeting with third parties to stress the need for confidentiality for certain projects or other situations.

C. Knowing Your Company’s Employees

One of the best ways to protect your company’s trade secretsis not to hire a thief in the first place. When hiring employees in sensitive areas, or who will have access to confidential information,you should do a thorough pre-employment screening of those individuals. You might also consider performing background checkson current employees, as long as those checks are done in accordance with applicable laws (such as the Fair Credit ReportingAct and analogous state laws).

In the broadest sense, the term “pre-employment screening” isshorthand for the process of assessing applicants for a company’sparticular job or category of job. The assessment is performed according to company policies, based upon the nature of the jobcategory and applicable laws which are designed not only to reveal fully qualified applicants, but also to potentially weed outthose employees who may end up stealing your company’s trade secrets. The elements of a pre-employment screening may include the following: education and credentials verification; past employment references; criminal history; motor vehicle report; social security number trace; credit report; workers’ compensationrecords; civil lawsuits; judgments, liens and bankruptcies; securityclearances; and merchant databases.

ConclusionThe day is past when trade secrets can be adequately

protected merely by requiring employees to execute confidentialityagreements, non-solicitation agreements and covenants not tocompete. Such traditional contractual protections can be of criticalimportance as a deterrent and in increasing the success in trade secrets litigation, but now companies must deploy an arsenal ofmodern electronic weapons and physical barriers to protect their trade secrets and retain their competitiveness. In today’s increasingly complex electronic world, effective protection againsthigh-tech theft must include proactive and reactive weapons. Without them, companies may have little chance of protecting theinformation upon which their business depends.

IN PRACTICE




By James McLaughlin

It certainly isn’t the first thing you think of when informed thata key employee has left the company to join a competitor firm. But in some industries, in-house counsel must be aware thatemployee defections may trigger regulatory duties that are separateand apart from counsel’s traditional concerns about protecting trade secrets and enforcingcovenants not to compete. If a departing employeetakes certain customer infor-mation when walking out thedoor, the company may be required to notify all the customers whose informa-tion was improperly taken ordisclosed.

State Breach NotificationStatutes

As of December 2008,forty-four states, the Districtof Columbia, Puerto Rico,and the Virgin Islands all had enacted legislation requiring notification of security breaches involvingpersonal information.1 Theselaws, which have been rapidly adopted by statesacross the nation, were created to address growingconsumer concern over theprivacy of personal informa-tion that citizens entrust toothers. These concerns areindisputably well-founded:The Privacy Rights Clearinghouse, a nonprofit consumer protectionorganization, estimates that over 253 million data records of U.S.residents have been exposed through security breaches since January 2005.

State information security laws — or as they are more commonly known, breach notification statutes — generally follow asimilar format. These laws require that companies or individualswho possess non-public personal information notify consumerswhen the consumer’s personal information has been accessedwithout authorization and the access has compromised the security, confidentiality, or integrity of the personal information. Personal information is most commonly defined as:

(1) first and last name, in combination with either

(2) the individual’s (a) social security number, (b) driver’s license or state identification card number, or (c) financialaccount number in combination with the means to accessan individual’s personal financial information.

Note that some statesdefine “personal information”more broadly to includemedical information andcredit card numbers. In theevent of a data breach, thecompany must notify its customers, in writing, thatthe security of their personalinformation has beenbreached.

There are some excep-tions — the notification requirement is not auto-matic. For example, somestates create a “safe harbor”for companies that maintainan information security pol-icy that includes a notifica-tion requirement. If thesecompanies comply with theirpolicies, they are deemed tobe in compliance with thestatute and no additional notification is required. Somestates also extend the safeharbor to institutions thathave implemented and com-ply with information securityprocedures pursuant to the

federal Gramm-Leach Bliley Act or HIPAA, which protect personal,financial and health data. In addition, many breach notificationstatutes have what is known as an “employee exception.” This provision excepts companies from the notification requirements inthe case of good faith acquisition by an employee or agent for lawful purposes, so long as the information is not used or subjectto further unauthorized disclosure.

Companies are well advised to have an information securitypolicy in place, including both a monitoring and response component. The goal should be to ensure that a company canquickly identify and respond to any information security breaches.But what happens when the security of personal information isbreached in an unexpected way?

ANALYSIS

17

State Information Security LawsWhat Are They And What Do They Have to Do With Employee Defection?

1 Only Alabama, Kentucky, Mississippi, Missouri, New Mexico, and South Dakota do not currently have breach notification laws.

18

ANALYSIS


Impact on Employee Defection ScenariosAlthough many companies are likely aware of breach

notification statutes and their requirements, most companies likelythink about these statutes only when information is stolen by ahacker, identity thief or lost by a careless employee (e.g., an employee who loses a laptop computer). But, it is important to recognize that these statutes may be implicated in the context ofdeparting employees who retain information upon leaving for acompetitor. Under the statutes, a company may be obligated to notify its affected customers of the breach, regardless of the factthat the information has not been lost or stolen in a manner anticipated by the statutes. Given the fairly broad language used inmost of these statutes to define “personal information,” it is quitepossible that a breach notification obligation would be implicatedin many departing employee cases. Whether the duty to notify istriggered, of course, will depend on what the employee took. Typically a departing employee who takes information does his bestto conceal that fact, so often it is hard for a company to know at the outset whether there has been a triggering breach or not. Sometimes it does not become apparent until some time later – perhaps during discovery in subsequent trade secret or non-compete litigation – that a breach requiring notification hastaken place.

Complying with state breach notification statutes presents an evolving challenge to companies entrusted with personal information by their customers. While the statutes generally followthe pattern outlined above, there are subtle variations from state to

state. In addition, companies are subject to the statute of each statein which they do business. To be sure, the best practice is to draft,implement, comply with and regularly update an information security policy, including a notification requirement when the security of a consumer’s personal information is breached.

What do you think of this issue of The Employee Defection & Trade Secrets Digest? We would be grateful to receive your input and comments:

• Topics for future articles• Comments on our format• Reaction to current articles• Questions

Contact any of our authors or the Editor-in-Chief. Contact informationcan be found on the back cover of thisissue.


1. Do your employees execute a confidentiality agreement?

2. Do your employees with significant customer relationship

responsibilities have agreements not to solicit your customers

after termination?

3. Do your employees with access to your key business

strategies and/or with significant customer relationship

responsibilities have limited agreements not to compete, in

states where permissible?

4. Do you have agreements preventing departed employees

from raiding your current workforce?

5. Have you recently reviewed any of the above-mentioned

agreements to make sure they comply with current law in the

states in which you operate?

6. Have you made sure that your severance/release agreements

do not supersede any of the above-mentioned agreements?

7. Do you implement policies, signed by all of your current

employees and new hires, addressing the use of computers,

emails, voice mail and the internet?


employees and new hires, addressing physical access to trade

secrets and/or confidential information?


employees and new hires, addressing vendors and third party

access to trade secrets and/or confidential information?

10. Do you periodically audit your personnel files to make

sure that critical employees executed the above-mentioned

agreements and acknowledgments regarding the above-

mentioned policies?

11. Do you mark important documents containing your trade

secrets and/or confidential information as “Confidential”?

12. Do you limit access to your trade secrets and/or confidential

information to only those employees with a legitimate need to

access such information?

13. Do you lock file cabinets and offices that store trade secrets

and/or confidential information?

14. Do you cross-shred all paper documents containing your trade

secrets and/or confidential information?

15. Do you secure all dumpsters and post “NO TRESPASSING”

signs in appropriate locations?

16. Do you train your employees not to discuss your trade secrets

and/or confidential information around third parties?

17. Do you instruct your employees to report any repair people

that show up without being called, and to not grant access to

equipment until their identities are established?

18. Do you require all visitors to wear visitor tags and be escorted

at all times?

19. Do you utilize confidentiality provisions in standard contracts

with subcontractors, vendors and suppliers?

20. Do you utilize contract and licensing agreements that

expressly state the parameters for using certain information,

and that include restrictions on “reverse engineering” or

disclosing that information during activities such as a contract

bidding process?

21. Do you meet with subcontractors, vendors and suppliers to

stress the need for confidentiality for certain projects or other

situations?

22. For your sales force (if applicable), do you limit each

employee’s access to the customer database to only those

customers for which the employee is responsible?

23. In states where appropriate, do you update employee

agreements when employees change job duties?

24. Do you limit access to your trade secrets and/or confidential

information on your computers to only those employees with

a legitimate need to know?

25. When an employee is terminated, do you immediately delete

the employee’s access to computers, phone systems, and

private property areas?

26. When an employee is terminated, do you conduct an exit

interview wherein you remind the employee of his or her

continuing duty not to use or disclose your trade secrets and/or

confidential information?

27. When an employee is terminated, do you request that the

employee return your property, including your trade secrets

and/or confidential information?

19

Protecting Trade Secrets:Confidential Information and Customer Relations Audit

Fisher & Phillips LLPattorneys at law

Solutions at Work®

www.laborlawyers.com

Atlanta(404) 231-1400

Charlotte

(704) 334-4565

Chicago

(312) 346-8061

Columbia

(803) 255-0000

Dallas

(214) 220-9100

Denver

(303) 218-3650

Fort Lauderdale

(954) 525-4800

Houston

(713) 292-0150

Irvine

(949) 851-2424

Kansas City

(816) 842-8770

Las Vegas

(702) 252-3131

Louisville

(502) 561-3990

New Jersey

(908) 516-1050

New Orleans

(504) 522-3303

Orlando

(407) 541-0888

Philadelphia

(610) 230-2150

Portland, ME

(207) 774-6001

Portland, OR

(503) 242-4262

San Diego

(858) 597-9600

San Francisco

(415) 490-9000

Tampa

(813) 769-7500

Office Locations

Ron S. [email protected](949) 798-2137

James P. [email protected](610) 230-2138

Michael R. [email protected](610) 230-2131

Contributing Authors in this Issue may be contacted as follows:

Heather Z. [email protected](610) 230-2134

Christopher P. [email protected](610) 230-2130

Robert Yonowitz [email protected](949) 798-2113

Christopher P. [email protected](610) 230-2130

Employee Defection & Trade Secrets Practice Group Chair:

Michael R. [email protected](610) 230-2131

Editor-in-Chief:

The Employee Defection & Trade Secrets Digest is a publication of Fisher & Phillips LLP and should not be construed as legal advice or legalopinion on any specific facts or circumstances. The contents are intended for general information purposes only, and you are urged to consultlegal counsel concerning your own situation and any specific legal questions you may have. Distribution of this publication should not be construedas an offer to perform legal services. Receipt of this publication does not create a lawyer-client relationship. Questions may be directed to DonaldB. Harden by electronic mail at [email protected] or by telephone at (404) 231-1400.

employee defection & trade secrets digest

Documents

covenants page

trade covenants

california business

california non

california courts

demystifying california

unfair competition page

california fromnot