“While companies are not required to institute every security measure possible to ensure that their confidential information qualifies as a trade secret, the more security measures implemented, the greater the likelihood that courts will find that the trade secret owner undertook ‘reasonable measures.’”
Trade secrets have become an increasingly valuable asset to many companies, but compared to other types of intellectual property, including patents, copyrights and trademarks, they are extremely “fragile,” and require that an owner undertake as many steps as possible to protect their information and be vigilant about the need to protect such information to the fullest extent possible. The failure to do so may lead to a court’s finding in a misappropriation case that the information in question is not protectable as a trade secret. As described below, it is very easy for trade secrets to lose protection under a variety of circumstances, even where the owner has taken what it believes are “reasonable measures” as required for trade secret protection under 18 U.S.C. § 1839(3)(A. In short, authorities in this area teach that the more steps a party undertakes to protect its trade secrets, the more likely that a court will find those steps to constitute “reasonable measures.”
Turning first to what constitutes a reasonable measure, neither the federal Defend Trade Secrets Act (DTSA), nor the Uniform Trade Secrets Act (UTSA), which has been adopted by almost every state, defines this term. The issue of whether an owner has taken “reasonable measures” often becomes the central issue of trade secrets theft cases, because a defendant can almost always point to additional measures that the trade secret owner could have taken, but for some reason did not. However, “[j]ust because there is something else that [the defendant] could have done does not mean that their efforts were unreasonable under the circumstances.” Hertz v. Luzenac Group., 576 F.3d 1103, 1113 (10th Cir. 20009).
The reasonable measures test focuses primarily on the actions of the owner and on the economic circumstances surrounding the particular industry and is a question of fact. The extent of the security measures need not be absolute but must be “reasonable under the circumstances. One court has described these measures under the Economic Espionage Act as “modest.” United States v. Howley, 707 F.3d 575 579 (6th Cir. 2013). However, a lack of security measures is strong evidence that the secret has no real value and is undeserving of the legal protection. Further, if the owner fails to attempt to safeguard his or her proprietary information, no one can be rightfully accused of misappropriating it. On the other hand, security measures to protect trade secrets impose both direct and indirect costs on the owner of the secret and thus “perfect security” is not required. The owner of the information “must assess the value of the material it seeks to protect, the extent of theft, and the ease of theft in determining how extensive their protective measures should be.” 142 Cong. Rec. S12213 (daily ed. Oct. 2, 1996).
What the Courts Have Said
The cases addressing what constitutes a “reasonable measure” are legion, however, a 2019 case from the Northern District of Illinois suggests a number of basic steps that a court will consider in determining whether the owner adequately protected its confidential information to qualify as a trade secret and is a reminder that where a party fails to do so, courts will not step in and provide protection when such information is misappropriated. Abrasic 90 Inc. v. Weldcote Metals, Inc., 364 F.Supp.3d 888 (N.D.Ill. 2019). In that case, the plaintiff asserted that its former president retained a flash drive that contained “a comprehensive summary of [plaintiff’s] transactional information, including the sales data, prices, and costs for its products and identities of its suppliers and distributors.” The plaintiff claimed that this information and other information possessed by other defendants was intended for use in a new competing company and sought an injunction from using this information.
The court found that “there are two basic elements … [f]or the information at issue to be considered a trade secret.” (1) “’sufficiently secret’ to impart economic clause because of its relative secret,’” and (2) “’reasonable efforts’ to maintain the secrecy of the information.” The court found that while the type of information at issue qualifies as a trade secret, it denied the request for a preliminary injunction because “plaintiff “took almost no measures to safeguard the information that it now maintains was invaluable to its competitors. The company’s almost total failure to adopt even fundamental and routine safeguards for the information at issue belies its claim that the information has economic value to its competitors ….”
In particular, the court noted that, while the almost complete lack of security measures made “it difficult to identify the most significant shortcoming,” it did highlight the lack of non-disclosure and confidentiality agreements with those who had access to the alleged trade secrets, and stated that such failure “often dooms trade secret claims.” The court also cited that plaintiff had no policy “regarding confidentiality beyond a vague generalized admonition about not discussing [plaintiff’s] business outside of work,” which “did not define, delineate or specify which information was considered confidential.” The court also cited plaintiff’s failure to:
- to train employees about their obligation to keep certain categories of information “confidential”;
- to require that its employees with access to the confidential information “sign non-disclosure agreements or otherwise agree not to disclose it”;
- to ask departing employees whether they possessed any confidential information and to instruct the departing employees to return or delete confidential information;
- to train employees with responsibility for maintaining sensitive company information on data security;
- to implement and maintain comprehensive data security policies and practices;
- to restrict access to sensitive company information to employees on a need-to-know basis, such as giving employees a one-time-only password to access the information; and
- to differentiate access to sensitive information from access to non-sensitive information.
The last factor often may not be given enough consideration by companies.
This understanding was recently reinforced by Judge Alsup of the Northern District of California, who is presiding over a criminal trade secret case involving allegations that former Uber executive Anthony Levandowski stole trade secrets from Google’s self-driving unit Waymo LLC. During a hearing, the Court stated that “just because some engineer at Waymo says it’s a trade secret” does not mean that it is, and just because large companies tend to “lock up everything,” it does not mean that such information is in fact a trade secret. These are words of warning coming from a judge who is not just one of the most astute federal judges but is also one of the most knowledgeable and observant when it comes to trade secret litigation.
When Trade Secrets and Patents Collide
In determining how to adequately protect information to qualify as a trade secret, parties need to understand that disclosure by a third party who has no duty to maintain its secrecy is usually enough by itself to prevent the owner of such property from making a claim for misappropriation under the DTSA or UTSA. While this understanding is well-established, an unpublished 2019 California Court of Appeals case highlights the ease with which a party may lose trade secret protection in such circumstances. Intellisoft, LTD, v. Wistron Corp., 2-19 WL 5204293 (Cal.Ct App. Oct. 16, 2019). There, the Court upheld a trial court’s determination that, where plaintiff’s alleged trade secrets were made public by a third party in a patent, the information no longer met the definition of a trade secret under California law. The court rejected appellant’s argument that the information still deserved trade secret protection because it was the rightful owner and had made no public disclosure. The court stated that “information that is made public no longer retains the essential quality of a trade secret, regardless of whether the person who made the secret public was rightful possessor or a third party. Once a third party makes the secret public, the possessor of the trade secret no longer has the option to withhold the information.”
On the other hand, it is worth noting that a district court in Louisiana confirmed that information included in a patent application remains an actionable trade secret until the application is published. Cajun Services Unlimited, LLC v. Benton Energy Service Co., No. 17-0491, 2019 WL 2410933, (E.D.La. June 7, 2019). In other words, the fact that a trade secret later becomes part of the public domain as part of a published patent application does not deprive the trade secret owner’s claim for misappropriation that occurred before publication. This is important because it provides a choice to a patent applicant to pursue the patent application or drop the application before it is published and protect the invention as a trade secret.
Failure to Mark
Finally, two more 2019 cases illustrate the fragility of trade secrets and how mistakes by trade secret owners lead to the loss of trade secret protection. First, in Hoover Panel Systems Inc. v. Hat Contract Inc. [2019 WL 2743589 (N.D.Tex. May 9, 2019)], the parties had entered into a contract requiring the disclosing party to explicitly mark any materials that it believed to contain protected information with “confidential or proprietary or marked with words of similar import,” which plaintiff failed to do even though it apparently considered parts of such information to be trade secrets. The defendant disclosed the unmarked information to third parties. The court granted defendant’s motion for summary judgment on the misappropriation of trade secrets claim finding that the failure to mark meant that plaintiff had failed to adequately protect its trade secrets.
In contrast, however, an Alabama district court held that even though plaintiff failed to mark certain documents as “confidential,” and that some courts have held that not so marking may preclude a finding that the company took reasonable measures, in this particular case, the plaintiff sufficiently pled that it took reasonable measures. The court explained that the “analysis of the measures taken to protect secrecy is fact specific,” and that “under all the circumstances, if the employee knows or has reason to know that the owner intends or expects the information to be secret, confidentiality measures are sufficient.” Based on this understanding, the court found that plaintiff had alleged sufficient reasonable measures including (1) the non-marked information was contained on a password-protected, limited-access server; (2) the employee had signed a written acknowledgment of his obligation to keep sensitive business information confidential; and (3) the plaintiff has discussed with the employee the need to keep confidential the proprietary information in the document at issue.
This decision makes clear that, while companies are not required to institute every security measure possible to ensure that their confidential information qualifies as a trade secret, the more security measures implemented, the greater the likelihood that courts will find that the trade secret owner undertook reasonable measures.
Keeping Trade Secrets Through Trial
Further, in determining whether to pursue a claim for trade secret misappropriation, trade secret owners often must weigh the advantages of pursuing such litigation with the almost certainty that despite best efforts to keep the information at issue secret during the litigation, some of the information will inevitably be disclosed. The issue becomes more acute when the disclosing party fails to take certain measures, as addressed by a 2019 Texas Court of Appeals case. Title Source, Inc., v. Housecanary, Inc. 2019 WL 2996974 (Tex. 4th Cir. Ct of App. July 10, 2019). There, the parties entered into a stipulated protective order that outlined the procedures for sealing materials in court, but did not address filing or keeping trade secrets under seal at trial. After a seven-week trial, the trial court granted the disclosing party’s motion to seal certain exhibits containing trade secrets that had been openly displayed during the trial. The appellate court, however, reversed this decision finding that while the SPO generally applied to the trial, the court failed to address that the SPO also required a court to consider a Texas rule of civil procedure that created a comprehensive scheme with burdens presumptions against sealing [ ] notice, procedures, ….” According to the court, “the trial court abused its discretion by sealing the exhibits without applying the [the Texas rule’s] standards and procedures, as agreed and ordered in the SPO.” The concurrence noted that the trial court also erred by sealing exhibits that had been publicly disclosed in open court, and that when the disclosing party used the exhibits at trial, it was required under the Texas Uniform Trade Secrets Act to take reasonable measures to keep information secret and it failed to do so by obtaining a separate order or agreement, as required by the stipulated protective order.
The More Measures, the Better
Trade secrets are the most fragile type of intellectual property and can easily lose protection if the owner fails to undertake reasonable measures or fails to vigilantly update and ensure that such measures are being followed by employees and third parties. While it is not possible, nor is it required, that the protection be iron clad or fool proof, the more measures that an owner undertakes, the less likely a court will find that confidential information does not qualify as a trade secret in a misappropriation case, such as where the information is inadvertently disclosed by a third party in a patent application.