Trade secret theft has always been a risk to U.S. businesses. Now, as the global economy evolves, that risk is changing.
More and more, trade secrets are being stolen for use by foreign competitors. Recently, a Michigan couple was convicted on federal criminal counts related to stealing trade secret information from General Motors valued at more than $40 million. Prosecutors presume they intended to sell the secrets to Chinese competitors.
Protecting trade secrets under state law
Trade secret protection laws in the U.S. currently consist of a patchwork of varying state laws and spotty federal legislation.
Litigating in state court works well for many trade secret cases, but there are some challenges.
First, while all but three states (Massachusetts, New York and Texas) have adopted the Unfair Trade Secret Act, differences abound among UTSA states, preventing uniform national application.
Second, trade secret cases often require extensive discovery in many states or even nations, complicating already cumbersome and time-consuming discovery procedures.
Finally, obstacles arise when litigation involves international entities, including obtaining jurisdiction and enforcing a state court’s orders.
Protecting trade secrets under federal law
Given these issues, some parties choose to enforce their trade secrets in the federal courts.
Trade secret cases enter the federal courts primarily in two ways: through diversity jurisdiction or through the Computer Fraud and Abuse Act, codified at 18 U.S.C. §1030 et seq. The CFAA provides civil and criminal penalties for individuals who access a non-public computer without authorization or who exceed authorized access.
While originally enacted to punish computer hacking, the CFAA can catch trade secret violators under its umbrella. However, application of the CFAA to trade secret cases differs by jurisdiction.
In some jurisdictions (e.g., the 5th, 7th and 11th circuits), courts read the CFAA broadly to encompass employees authorized to access computers who do so for an unauthorized purpose. In other jurisdictions (e.g., the 4th and 9th circuits), courts interpret the CFAA to preclude claims when an employee is authorized to access the information, even if that employee exceeds authorized use.
Recent federal legislation
Congress has attempted to close the gaps in federal trade secret protection law. The Economic Espionage Act of 1996, for example, punishes economic espionage, which includes theft of trade secrets and other sensitive information.
However, enforcement relies on government prosecutions, as the EEA does not provide a private cause of action. Thus, situations may arise in which the government – rather than the trade secret owner – controls how to prosecute and protect a company’s trade secrets.
More recently, Congress enacted the America Invents Act of 2011, which transitioned the U.S. patent system from a first-to-invent to a first-inventor-to-file system.
Under the old system, inventors who failed to patent their innovations within one year forfeited later patentability. Now, the AIA allows innovations to remain secret for longer periods of time without forfeiting patentability (provided no one else files for a patent first).
This provides a significant benefit to companies that, for strategic and/or economic reasons, believe maintaining secrecy is preferable to publicly filed patents.
Proposed federal legislation
Federal trade secret protection may soon undergo even more substantial changes.
The Protecting American Trade Secrets and Innovation Act of 2012, currently before the Senate Judiciary Committee, aims to fill additional gaps in trade secret protection law. Specifically, the act proposes to expand access to the federal courts by:
* Conferring federal jurisdiction on trade secret protection lawsuits in which the plaintiff provides sworn representation that the case requires nationwide service of process or involves a trade secret misappropriated from the U.S. to another country
* Allowing trade secret holders to seek pre-judgment injunctive relief
* Allowing courts to issue seizure orders and protective orders to prevent destruction of evidence
* Allowing trade secret holders to recover damages for actual loss, reasonable royalties, unjust enrichment, and exemplary damages for willful and malicious misappropriation. Attorney fees and costs may also be awarded to prevailing parties in cases of bad faith or willful or malicious acts.
The benefits of the proposed legislation to businesses possessing trade secrets are numerous. The act expands access to the federal courts and provides national companies with the option to litigate trade secret matters under a single federal statute.
The act proposes to supplement potential criminal prosecutions under the EEA by providing aggrieved businesses with additional access to the federal courts and would create more opportunities for businesses to bring federal trade secret actions without ceding control of the litigation to the government.
There is another legislative measure pending in Congress that may also aid in the protection of trade secrets: the Foreign and Economic Espionage Penalty Enhancement Act of 2012. The bill, which has passed the House and is currently on the Senate calendar, seeks to increase maximum penalties for economic espionage from 15 to 20 years. It also directs the U.S. Sentencing Commission to revisit and consider raising the guideline ranges for the crimes of economic espionage and trade secret theft.
The flurry of recent legislation reflects important discussions in Congress about additional avenues to protect U.S. businesses and innovations in a global marketplace. This activity should also prompt businesses to revisit their protection strategies.
Protecting your trade secrets globally
Even in a global economy, the best way to protect trade secrets remains prevention. Businesses must take reasonable steps to protect the secrecy of their innovations. If proper protections are not employed, the information may not qualify as a trade secret and the company may be unable to succeed on misappropriation claims.
Systematic safeguards to protect sensitive information are essential. Companies must first identify which information they consider secret. It is important to mark as confidential all digital and hard-copy files containing trade secrets, and maintain those files in a secure, restricted area. Any physical files should be under lock and key.
Given the challenges of maintaining confidentiality in the digital age, companies should focus on maintaining strong defenses for electronically stored information – or ESI – and institute policies to prevent unauthorized access or transfer, including password-protecting employee access.
Encryption of ESI to prevent access if the media is lost or stolen is prudent. If possible, trade secret information should not be broadly disseminated throughout the company and should be disclosed only on a need-to-know basis.
Requiring employees to sign confidentiality agreements and nondisclosure agreements, as well as utilizing noncompete clauses, is essential.
In addition, all personnel manuals should include sections detailing the company’s confidentiality and digital information policies, including explicit warnings that all computers are company property and for business use only, and employees have no right or expectation of privacy. These policies should set clear expectations and should be enforced and annually reviewed by management.
In addition to written materials, employee training should emphasize the need to protect proprietary information. Companies should require that all departing employees return and/or remove any confidential information, and should conduct robust exit interviews to ensure all information is returned.
The global economy presents additional challenges, including the use of suppliers, manufacturers and joint venturers. Companies need to be proactive in these relationships. Often strategic investment at the outset of such relationships may prevent catastrophic issues.
Companies should engage in due diligence prior to entering into the relationship to ensure that both parties understand, and will abide by, expectations of confidentiality and nondisclosure.
Businesses should require third parties to sign written agreements that detail specific measures regarding information protection. Such agreements should include provisions regarding the governing law, consequences for breach including injunctive relief, requirements that the third party adhere to best practices, requirements for systematic monitoring, and notice provisions if they suspect a breach of security.
Companies must remain vigilant and review, monitor and adjust these safeguards as the business relationship develops. Upon any suspicion of trade secret misappropriation or theft, it is essential that a business act quickly to fully investigate the suspicions, evaluate options and, if necessary, take decisive legal steps to prevent further use or disclosure of the trade secret.
As the economy continues to expand globally, methods to protect trade secrets must continue to evolve. Companies that blend the traditional and emerging methods of preserving trade secrets will best safeguard their sensitive information and financial success.
Patrick J. O’Toole and Allison S. Lukas practice at Weil, Gotshal & Manges in Boston.