Trade Secrets and Confidential Information

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

The NAIC Working Committee expressed a preference for a uniform nationwide standard: “This new model, the Insurance Data Security Model Law, will establish standards for data security and investigation and notification of a breach of data security that will apply to insurance companies, producers and other persons licensed or required to be licensed under state law. This model, specific to the insurance industry, is intended to supersede state and federal laws of general applicability that address data security and data breach notification. Regulated entities need clarity on what they are expected to do to protect sensitive data and what is expected if there is a data breach.  This can be accomplished by establishing a national standard and uniform application across the nation.”  Other than small licensees, the only exemption is for Licensees certifying that they have in place an information security program that meets the requirements of the Health Insurance Portability and Accountability Act.  According to the Committee, following adoption, it is likely that state legislatures throughout the nation will move to adopt the model law.

The model law is intended to protect against both data loss negatively impacting individual insureds, policy holders and other consumers, as well as loss that would cause a material adverse impact to the business, operations or security of the Licensee (e.g., trade secrets).  Each Licensee is required to develop, implement and maintain a comprehensive written information security program based on a risk assessment and containing administrative, technical and physical safeguards for the protection of non-public information and the Licensee’s information system.  The formalized risk assessment must identify both internal threats from employees and other trusted insiders, as well as external hacking threats.  Significantly, the model law recognizes the increasing trend toward cloud based services by requiring that the program address the security of non-public information held by the Licensee’s third-party service providers.  The model law permits a scalable approach that may include best practices of access controls, encryption, multi-factor authentication, monitoring, penetration testing, employee training and audit trails.

In the event of unauthorized access to, disruption or misuse of the Licensee’s electronic information system or non-public information stored on such system, notice must be provided to the Licensee’s home State within 72 hours.  Other impacted States must be notified where the non-public information involves at least 250 consumers and there is a reasonable likelihood of material harm.  The notice must specifically and transparently describe, among other items, the event date, the description of the information breached, how the event was discovered, the period during which the information system was compromised, and remediation efforts.  Applicable data breach notification laws requiring notice to the affected individuals must also be complied with.

In a very thorough analysis following a 3 day Preliminary Injunction hearing Judge Jed Rakoff declined to issue injunctive relief to a former employer seeking to enjoin four former employees and their new employer from competing or from soliciting clients or employees. The decision is far ranging in the employee movement context touching upon inadvertent retention of confidential information, the propriety of new employers providing broad indemnifications and large signing bonuses to the recruits,  and the scope of allowable “preparatory conduct” in a one year non-compete period, among other issues presented in the context of a group of employees in the eDiscovery services space collectively on the move.

Four senior sales executives of plaintiff Document Technologies Inc (“DTI”) collectively decided to leave DTI and signed new employment agreements with LDiscovery. LDiscovery provided the four with agreements that indemnified them from claims of improper conduct by DTI as well as significant signing bonuses to make up for lost compensation during the one year non-compete period they agreed to abide by. The Court found nothing wrong with these agreements and also that accepting employment and engaging in preparatory meetings and analysis of the marketplace were permissible preparatory acts and do not violate the non-competition prohibitions in their agreements with DTI. The Court also found that there was no breach of the employee non-solicit where the four employees coordinated their job search since they had each individually resolved to leave DTI in advance of coming together. Collectively reaching the conclusion to seek alternative employment was found not to be a breach of the employee non-solicit provisions each had in their agreement with DTI. The Court was skeptical that where the employees were all “at will” versus subject to a term contract, that the three prong test of enforceability under BDO Seidman could be met. The fact that they marketed themselves as a “package” deal was not unfair competition supporting a finding of breach. Similarly, LDiscovery could not be held liable for tortious interference by recruiting the team, providing them with signing bonuses and by indemnifying them.

This decision provides a good framework for legal analysis when determining the propriety of a team move and whether certain conduct of the employees and their new employer warrant injunctive relief.

In this age of social media, a frequently asked question is whether social media activity can violate a non-compete or non-solicit.   Although the case law is evolving, courts which have addressed the issue have focused on the content of the communication, rather than the medium used to convey it.  In so doing, they have distinguished between mere passive social media activity (e.g., posting an update about a new job) as opposed to more targeted, active actions (e.g., not merely posting about a new job, but also actively recruiting former co-workers or clients).

A “LinkedIn” case recently decided by the Illinois Appellate Court, Bankers Life v. American Senior Benefits, involved conduct which fell between these two extremes: an individual, Gregory P. Gelineau, who was contractually barred from soliciting former co-workers, sent three former co-workers  generic requests to become “connections” via LinkedIn.  The requests did not go further than that, but they were not purely passive in that they sent to specific individuals.  Gelineau’s former employer, Bankers Life, filed suit, accusing him of breaching his non-solicitation obligation.

After surveying decisions from around the country involving various forms of social media activity, the Court explained that the different results reached in these decisions “can be reconciled when looking at the content and the substance of the communications.” Here, the Court noted that the LinkedIn requests sent by Gelineau did not discuss Bankers Life or Gelineau’s new employer, did not suggest that the recipient view Gelineau’s new job description, and did not encourage the recipient to leave Bankers Life and join Gelineau’s new employer.  Rather, they were bare requests to become “connections” on LinkedIn.

The Court held that such bare requests were not the sort of direct, active efforts to recruit which would have been a breach of Gelineau’s contractual non-solicitation clause.

While the facts of Bankers Life fall in between the two extremes of social media activity addressed by other courts, the case ultimately turned on an evaluation of the content of the activity, as opposed to the medium.  This approach is consistent with that taken by courts whenever they are tasked with determining whether particular conduct constitutes an unlawful “solicitation.”

A recent decision from the Northern District of California, Magic Leap, Inc. v. Bradski et. al., shows that employers must meet a high standard when filing a California Code of Civil Procedure Section 2019.210 disclosure statement under the California Uniform Trade Secrets Act (“CUTSA”). See California Civil Code § 3426 et seq. The disclosure statement, which does not have a counterpart in the federal Defend Trade Secrets Act, requires a plaintiff to “identify the trade secret with reasonable particularity” before it can conduct discovery of the defendants’ evidence. See California Code of Civil Procedure § 2019.210. The sufficiency of these disclosure statements is often hotly contested in litigations under CUTSA.

While there is no bright-line rule governing how much specificity should be in a Section 2019.210 disclosure statement, courts have explained that the trade secret must be described with sufficient particularity to separate it from matters of general knowledge in the trade or of special knowledge of those persons who are skilled in the trade, and to permit the defendant and the court to ascertain the boundaries within which the secret lies. See Altavion, Inc. v. Konica Minolta Systems Laboratory, Inc. (2014) 226 Cal.App.4th 26, 43-44. The Northern District’s Magic Leap decision reinforces the importance of emphasizing a trade secret’s novelty in a Section 2019.210 disclosure statement under the CUTSA.

As described in its pleading, Magic Leap is a start-up that is developing a “head-mounted virtual retinal display, which superimposes 3D computer-generated imagery over real world objects.” It brought suit against two former high-level employees and their venture, alleging misappropriation of its trade secrets, among other claims. When Magic Leap submitted its latest Section 2019.210 disclosure, defendants Adrian Kaehler and Robotics Actual, Inc. moved to strike, contending that Magic Leap provided only vague, conceptual descriptions of its technology, and merely described well-known, well-studied, and obvious issues in highly technical fields. Magic Leap argued that, among other things, the defendants confused Section 2019.210’s disclosure requirement with litigating the ultimate merits of the case. It also argued that the defendants confused trade secrets with patents, which must be novel and inventive.

On June 9, 2017, a California federal magistrate judge granted the defendants’ motion to strike, ruling that Magic Leap’s disclosures “in totality fail to disclose the asserted trade secrets with ‘reasonable particularity.’” The judge allowed Magic Leap to amend its disclosures in order to identify its asserted trade secrets with greater specificity.

Although at this time the magistrate judge’s reasoning in Magic Leap is not public record, the ruling is another example of a court requiring a more exacting level of particularity from plaintiffs bringing a CUTSA claim. The ruling also emphasizes that, even if extensive measures are taken to protect information, the novelty of the underlying trade secret may affect a court’s analysis of the viability of a CUTSA claim. Tips for employers to prevent and protect against trade secret misappropriation in California were recently discussed in EBG’s Take 5 Newsletter.

Consider the following scenario that was the premise of the book Charlie and the Chocolate Factory (1964), and later adapted into the classic film Willy Wonka & the Chocolate Factory (1971): your company (Willy Wonka Chocolates) is in the candy business and develops an idea for an everlasting gobstopper (a sucking candy that never gets smaller).  Anticipating substantial profits from the product, the company designates the everlasting gobstopper formula as a trade secret.  As in the book and film, a rival chocolate company (Slugworth Chocolates) seeks to steal the trade secret formula in order to develop and market a competing gobstopper.

While Charlie and the Chocolate Factory is premised on a local competitor seeking to steal trade secrets for its own business, this post focuses on an adaptation to the story based in today’s global economy, and more specifically, the actions a company may take within the United States and abroad to protect against trade secret misappropriation.

Most U.S. companies are now aware of the protections afforded by the Defend Trade Secrets Act of 2016, 18 U.S.C. §§ 1836, et seq. (the “DTSA”).  Of most importance is that the DTSA created a uniform legislation that provides companies with a private civil cause of action for trade secret misappropriation.  As a result of enactment of the DTSA, a company that is the victim of trade secret theft has standing to file a civil suit in federal court.  The company may also report the theft to the United States Department of Justice because, in certain cases, the theft of trade secrets constitutes a crime under the federal Economic Espionage Act, 18 U.S.C. §§ 1831, et seq. (the “EEA”).

Due to jurisdictional limitations, however, the DTSA and EEA may not provide adequate protection when there has been a misappropriation of trade secrets in the international arena. Companies should, therefore, be aware of other methods to protect against trade secret misappropriation abroad.  One method is through the United States International Trade Commission (the “ITC”), an independent, quasi-judicial federal agency with broad investigative responsibilities on matters of trade. Pursuant to the Smoot-Hawley Tariff Act of 1930 (the “Act”), the ITC has jurisdiction to investigate and can render unlawful, the importation of goods stemming from “unfair methods of competition and unfair acts in the importations of articles … in the United States.”  The ITC has determined that trade secret misappropriation is a form of unfair competition that is protected under Section 337 of the Act, and the United States Courts of Appeals for the Federal Circuit has affirmed this interpretation in two separate cases. See Sino Legend Chemical Co. v. ITC, 623 Fed. Appx. 1016 (Fed. Cir. 2015), cert. denied, 196 L. Ed. 2d 517 (2017); TianRui Group Co. Ltd. v. ITC, 661 F.3d 1322, 1327 (Fed. Cir. 2011).

In Sino Legend Chemical Co., employees had been working for a U.S.-based company at a facility in China.  The employees stole trade secrets from the company and brought them to Sino Legend Chemical Co., a competitive Chinese company that began developing a competitive product and sought to sell it in the United States.  The U.S. company filed a complaint with the ITC, and after investigation, the ITC instituted a 10-year ban on the importation of products resulting from trade secret misappropriation that had occurred entirely outside the United States.  On appeal, Sino Legend urged the Federal Circuit to overturn the ITC’s decision, arguing that Section 337 of the Act should not apply because the trade secret misappropriation occurred entirely outside the United States.  The Federal Circuit disagreed and affirmed the 10-year ban instituted by the ITC, and in 2017, the United States Supreme Court declined review.

A company should be aware that even if a theft of trade secrets occurs abroad, the company may seek relief through the ITC to prevent the importation of competitive products into the United States that are developed as a result of the stolen trade secrets. Of course, relief through the ITC is limited because the ITC cannot stop the offending company that stole the trade secrets from marketing a competitive product in countries outside the U.S.  There remain, however, other methods to protect against the misappropriation of trade secrets abroad.

Similar to the DTSA, the European Union (“EU”) enacted its own framework for the protection of trade secrets via a directive that went into effect on June 8, 2016. The EU directive provides protection of “undisclosed know-how and business information against their unlawful acquisition, use and disclosure.”  Although the EU directive does not establish criminal sanctions, it does provide for civil means through which victims of trade secret misappropriation can seek protections, such as: (i) allowing for temporary restraining orders and injunctive relief; (ii) removal from the market of goods manufactured based on stolen trade secrets, and (iii) monetary damages.  Pursuant to the EU directive, each member country must incorporate the required provisions into its laws by June 9, 2018.  Importantly, the EU directive contains only the minimum requirements for the protection of trade secrets; however, each EU member country may elect to enact stronger protections.  It remains to be seen whether the EU countries will enact provisions more stringent than the EU directive.

Companies need to protect themselves from the Slugworths of the world. In Charlie and the Chocolate Factory, Slugworth was a local competitor that sought to steal Willy Wonka’s trade secrets, but in today’s global economy, Slugworth can steal trade secrets from anywhere and can also market competitive products throughout the globe.  As a result, companies need to be well versed in the various global protections against misappropriation of trade secrets.  Use of counsel knowledgeable of these various protections is critical to ensure that all avenues of relief are considered.

California has always been a challenging jurisdiction for employers in terms of limiting unfair competition by former employees and protecting trade secrets. However, employers in the state can significantly enhance their ability to protect their business interests in these areas with a little planning and strategic thinking.

In this issue of Take 5, we look at some proactive steps that employers can take to prevent unfair competition by departed employees and protect trade secrets from misappropriation:

Read the full Take 5 online or download the PDF.

NuScience Corporation is a California corporation that researches, develops and distributes health and beauty products, including nutritional supplements. In 2009, NuScience obtained by default a permanent injunction in a California federal court against Robert and Michael Henkel, the nephew of a woman from whom NuScience purchased the formula for a nutritional supplement, prohibiting them from selling or marketing NuScience’s trade secrets. Before the federal court injunction was entered, NuScience terminated the employment of David McKinney, NuScience Vice President of sales and marketing. McKinney signed a separation agreement wherein he agreed to maintain the confidentiality of certain NuScience-related matters. What followed might be good book material.

In June 2010, NuScience received an email from a third-party which included an email string between Robert Henkel and McKinney that caused NuScience to conclude Robert Henkel was violating the federal court injunction. Based on the emails, NuScience sued McKinney and Robert Henkel in California Superior Court for misappropriation of trade secrets, among other claims. (“NuScience I”) Robert Henkel again did not appear and the court entered a default against him in March 2011.

McKinney appeared in the state court action and was represented by Stephen E. Abraham. McKinney filed a motion to compel further discovery responses from NuScience and a motion for sanctions against NuScience which NuScience initially opposed. But before the motion was heard, NuScience filed a request for dismissal without prejudice. McKinney responded to the NuScience voluntary dismissal with a motion for attorney’s fees and costs under the Uniform Trade Secrets Act, California Civil Code Section 3426 et seq. (“UTSA”). The trial court granted the motion for attorney’s fees, concluded the record showed subjective bad faith on NuScience’s part, and awarded McKinney the $32,842.81 he requested.

NuScience moved for reconsideration contending that after it took Henkel’s default, Henkel called NuScience’s attorney and said NuScience “better back off and leave [them] alone” and that Henkels thereafter began posting threats to publish NuScience’s trade secret formula on the Internet. NuScience’s attorney reported the threat to the FBI, which informed him that it had assigned an agent to investigate and the pending investigation should remain confidential. NuScience asserted that Henkel then told NuScience’s attorney that he “would release NuScience’s formula to the world unless [NuScience] dismissed this lawsuit” and “cease all enforcement of the federal judgment against the Henkels.” NuScience asserted that only later did the FBI “reluctantly acquiesce[ ]” and allowed NuScience to discuss the investigation.

The court denied the motion for reconsideration.

NuScience appealed the attorney’s fees award and the Court of Appeal reversed the decision of the lower court. The Appellate Court found that the email exchange between McKinney and Henkel on which NuScience I was premised was evidence that they were engaged in internal experimentation with NuScience’s trade secret formula and further stated McKinney had been using the samples. The court found this was sufficient evidence of actual or threatened misappropriation under the UTSA. The court further found that the email exchange was evidence that McKinney intended to use the NuScience customer list to market to buyers in Asia and that since McKinney was unlikely to have derived information about customers interested in the formula other than through his employment with NuScience, a trier of fact could conclude McKinney intended to use the information he derived from NuScience’s customer list to compete.

The day after the trial court awarded fees under the UTSA in NuScience I, McKinney filed a malicious prosecution action against NuScience and was represented again by Stephen Abraham (“NuScience II”). NuScience filed a motion to strike under California’s Anti-SLAPP (Strategic Litigation Against Public Policy) statute. The trial court granted the motion, and rejected McKinney’s claim that the dismissal prior to the hearing on the discovery motion was a favorable determination on the merits, noting “undisputed evidence… that the case was dismissed in response to extortionist threats.” The court awarded NuScience attorney’s fees of $129,938.75. The order was affirmed on appeal.

NuScience then filed an action against McKinney, Abraham and his law firm, and two other individuals in March 2014 alleging malicious prosecution and intentional interference with contractual relations against Abraham. Abraham responded with special motions to strike the causes of action.

Abraham attacked the intentional interference cause of action under the California Anti-SLAPP statute on the grounds that the conduct Abraham was alleged to have engaged in – the filing of declarations in federal and state court lawsuits that were signed by McKinney – is protected conduct. The trial court, and subsequently the Court of Appeal, concluded there could be no breach of contract absent a disclosure or public disparagement and the disclosure/disparagement NuScience alleged was Abraham’s public filing of McKinney’s declarations. As such, it was protected activity.

The trial court also granted Abraham’s SLAPP back action in the malicious prosecution claim. The Court of Appeal agreed, finding that NuScience had not demonstrated that the underlying malicious prosecution claim was initiated with malice because, in part, the malicious prosecution was alleged against a former adversary’s attorney, and not the former adversary. The court held that malice harbored by an adversary may not be attributed to its attorney. NuScience tried to identify additional evidence of Abraham’s own malice on appeal asserting, in part, that Abraham “told NuScience that he intends to destroy NuScience,” but the court pointed out that the actual evidence stated “NuScience will be out of business in six months” and “NuScience will be done in six months,” which the court stated suggested, at most, that Abraham believed that litigation would be successful and that NuScience’s demise was imminent, “not that he intended to cause its demise.” The Court of Appeal affirmed the order dismissing the claims against Abraham and affirmed the award of Abraham’s attorney’s fees of $99,595.00.

While the initial trade secret dispute between the parties here was relatively straightforward, this case is worth highlighting because of the extensive litigation that followed. Despite the company’s legitimate interest in protecting its threatened trade secrets, there were certainly unintended consequences as a result of the company’s vigorous advocacy to protect its interests. NuScience became embroiled in litigation spanning the course of the next eight years, itself even becoming the defendant to a lawsuit. This serves as a cautionary tale and a reminder of the inherent risk to engaging in litigation.

The case is NuScience Corp. v. Abraham, B264334 (Ca. Ct. of App. 2/1/17).

In an order dated April 20, 2017, New York’s Court of Appeals agreed to hear Sergey Aleynikov’s appeal of his conviction under an arcane New York criminal statute.

Aleynikov is a former Goldman Sachs computer programmer, arrested in July 2009 and accused of stealing computer source code from the bank.  Originally, a federal jury found him guilty of violating both the National Stolen Property Act and the Economic Espionage Act, but that verdict was overturned by the Second Circuit in April 2012 (after Aleynikov had been incarcerated for over a year).

More recently, Aleynikov also has been prosecuted at the state level, as the Manhattan District Attorney secured a jury verdict convicting him of N.Y. Penal Law §165.07 (unlawful use of secret scientific material), which was overturned by the trial judge in 2015.  Earlier this year, New York’s Appellate Division, First Department, reinstated the jury’s conviction of Aleynikov.

Given the prevalence and dangers of trade secret theft, Aleynikov’s case has drawn extensive media scrutiny over the years, and his appeal to New York’s highest court will be watched closely.

Insurance coverage is not something which comes to mind when thinking about trade secret misappropriation. In fact, since this blog was started in 2009, I cannot recall a single post about an insurance coverage issue.

That being said, one of the first things prudent defense counsel will do when a client is sued for alleged trade secret misappropriation is to instruct their client to notify their insurance carrier and inquire as to whether there is coverage for some or all of the claims. Sometimes there is; sometimes there isn’t.  However, the prudent course of action is always to play it safe and ask.

In a recent decision issued by Judge Dow in the U.S. District Court for the Northern District of Illinois, Sentinel Insurance Company, LTD v. Yorktown Industries, Inc., the defendant in what seems to have been a garden variety trade secrets misappropriation case  – Yorktown — demanded that its insurance carrier defend and indemnify it under its insurance policies.  The carrier denied coverage and denied having any duty to defend, and then brought a declaratory  judgment action seeking vindication for its position.

In the underlying lawsuit for which coverage and a defense was requested, Yorktown was sued for violation of the Uniform Trade Secrets Act, intentional interference with contractual relations, intentional interference with prospective business advantage, unfair competition, and civil conspiracy (i.e., claims commonly seen in these types of cases).

Yorktown requested indemnification under an insurance policy which provided coverage for claims for, among other things, “personal and advertising injury.” Yorktown’s argument was premised on the fact that it had been accused of stealing another’s “advertising idea.”

Judge Dow made short work of this claim, holding that Yorktown had merely been accused of stealing a customer list and sales information and wrongly using that information, and that this alleged misconduct did not amount to an allegation that Yorktown copied an “advertising idea” or copied trade secrets in an advertisement. Additionally, among other things, Judge Dow noted that the policy contained an express exclusion for claims predicated on the alleged misappropriation of a trade secret.

In these types of disputes, a common instance in which there may be coverage is where a breach of fiduciary duty is alleged, or where there is a claim against a director or officer and a “D & O” policy is implicated. Here, there was no mention of such claims.

While Yorktown came up short before Judge Dow, the prudent course of action in every trade secrets case is to notify the carrier and inquire about coverage.   Because insurance policies (and lawsuits) come in all sizes and shapes, sometimes there is coverage; sometimes there isn’t.