1 Challenges to Maintaining ConfidentialityNegative impact from increased outsourcing (call centers in India) and subcontracting Trade secrets’ existence and value are challenged by increased subcontracting – hiring and firing concerns Negatively impacted by increased employee mobility -- risks and strategies associated with telecommuters
2 Challenges From EmployeesMany employees transfer confidential information and trade secrets to personal devices (laptops, tablets, phones.) Many departing employees take confidential information with them. Many employees believe that they own the materials they create -- even though the don’t.
3 Largest Threat: Your EmployeesSeveral studies point to widespread data theft by insiders and employees “Hackers are no longer breaking in through back doors which may trigger alarms. Today they are stealing the keys of authorized users and walking right through the front door.” - Spencer Coursen, Pres. of Coursen Security Group Vast majority of employees have little appreciation of data security (hence those who fall for phishing). 83% of organiz. suffered a data security incident last year 46% stated improving and maintaining IT security is a top three IT priority 58% of threats come from the extended enterprise (employees, ex-employees and trusted partners)
4 Impact of Increased Employee MobilityProblem increases with mobile work force Lack of system controls Use of public servers Risk of viruses Inability to monitor when device not connected to company system Risk of loss/theft of actual device
5 Risks and Strategies Associated with TelecommutersCreate strong security infrastructure “As needed” access Encryption Use of password-protections Devices used for work BYOD vs. Company-provided VPN/Citrix-type access Data “back-ups”
6 International Travel Encrypted Devices CustomsGovernmental searches of devices Potential seizure Monitoring Secure Connections to Company servers? Consider “dummy” devices Connectivity
7 Federal Criminal StatutesEconomic Espionage Act of Amended in: Theft of Trade Secrets Clarification Act of 2012 Foreign and Economic Espionage Penalty Enhancement Act of 2012 Defend Trade Secrets Act of 2016 Computer Fraud and Abuse Act
8 Economic Espionage Act (18 U.S. Code §1830, et seq.)Trade Secret Theft: Criminalizes misappropriation of trade secrets related to products produced for or placed in commerce (interstate or international) with the knowledge or intent to injure the trade secret’s owner. Penalties: Individuals: Imprisonment up to 10 yrs. (no fines) Companies: Fines of up to US $5 million.
9 Economic Espionage Act (18 U.S. Code §1830, et seq.)Economic Espionage: Criminalizes the misappropriation of trade secrets (including conspiracy to misappropriate trade secrets and the acquisition of misappropriated trade secrets) with the knowledge or intent that the theft will benefit a foreign power. Penalties: Individuals: Fines of up to US $500,000 per offense and imprisonment of up to 15 years Companies: Fines up to US $10 million.
10 Defend Trade Secrets ActEnacted May 11, 2016 Makes it a federal crime to steal and use a trade secret Creates a federal private right of action to protect trade secrets In “exceptional circumstances” allows for the seizure of property to prevent the propagation or dissemination of trade secrets (beyond state law TRO and preliminary injunction)
11 Defend Trade Secrets Act - continuedMakes theft, possession or use of trade secrets a predictive act for RICO action -- with treble damages and attorney’s fees Limited right to seize property Does not adopt inevitable disclosure doctrine Protections for whistleblowers Immunity for disclosure of trade secrets to govt for sole purpose of reporting legal violations IF notice given in employee contracts governing trade secrets or confidential information. [18 U.S.C. § 1833(b)(1)]
12 Practice Tip for DTSA ImmunityAdd language to NDAs, Invention Assignment Agreements and all other agreements with employees regarding trade secrets and confidential information. Consider adding language to policies too Possible option: Quote 18 U.S.C. § 1833(b) “An individual shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that…”
13 What Does Secure Data Look like?Firewalls ICT monitoring s Internet activity Social media? Lock-down USB drives and “writable” drives “As needed” access Updating of “Confidential Information” lists Auditing Enforcement
14 Agreements Non-Disclosure Non-solicitation Non-competePre-employment NDA All employees Non-solicitation Non-compete Jurisdictionally-specific Not for all employees Scope and Reach Invention Assignment
15 Policies Information Security ICT Monitoring Email and Internet usageDevices/Equipment BYOD Social Media Cameras or other employee recording Use of Encryption Software Use of records management/“classification” software/systems
16 Training On-going Topics: Information SecurityCompany-specific “confidential information” Data Security on assigned devices Mobile Devices Public Spaces Physical Security
17 Trade Secrets vs Other Forms of IPTrade Secrets do not need to be registered (like patents, trademarks and copyrights) No governmental approval process is necessary for trade secrets Scope of information to be protected is broader (see, Salsbury Laboratories, Inc. v. Merieux Laboratories, Inc. 735 F. Supp 1537 (M.D. Ga 1987)
18 Patents vs. Trade SecretsPatents: Twenty (20) years monopoly for making, using, selling, offer to sell, or importing within a specific country. High bar for patentability. Trade Secrets Indefinite term, so as long as secret. Low bar to qualify as a trade secret. Reasonably high standards regarding adequate secrecy measures Protects against unauthorized misappropriation but not against independent invention, reverse, engineering, and patenting by others (limited infringement defense of commercial-use prior-user rights).
19 Patent vs Trade Secret - Factors to ConsiderWilling to publish invention 18 months after you file? Can competitors reverse engineer your invention? How valuable is the invention (commercially, strategically, etc.)? If granted, would you enforce the patent? Do you want a defensive publication? Are there adequate secrecy measures to protect the trade secret? Is there a concern of misappropriation?
20 QUIZ: IS THIS A TRADE SECRET?Sales leads
21 Probably Yes. Discussion: ANSWER:Does it have independent economic value? Is it generally known to the public or to others who could derive commercial value from its disclosure or use? Were reasonable efforts used to maintain its secrecy.
22 QUIZ: IS THIS A TRADE SECRET?Computer Source Code
23 Same discussion / analysis. ANSWER: Probably yes. Same discussion / analysis. Can it be easily reverse engineered without hacking into the company or bribing employees to gain access?
24 QUIZ: IS THIS A TRADE SECRET?Customer Lists
25 Probably Yes. ANSWER: Discussion:Does it have independent economic value? Is it generally known to the public or to others who could derive commercial value from its disclosure or use? Were reasonable efforts used to maintain its secrecy.
26 QUIZ: IS THIS A TRADE SECRET?Confidential Information
27 Only if it satisfies the criteria of a trade Secret.ANSWER: Only if it satisfies the criteria of a trade Secret. Discussion: Does it have independent economic value? Is it generally known to the public or to others who could derive commercial value from its disclosure or use? Were reasonable efforts used to maintain its secrecy.
28 POTENTIAL HANDOUTS: Do’s and Don’ts List ACC article: ACC article United States v Lange. U.S. Court of Appeals for Seventh Circuit upheld a criminal conviction under the Economic Espionage Act See Salsbury Laboratories, Inc. v. Merieux Laboratories, Inc. 735 F. Supp 1537 (M.D. Ga 1987)(noting that a trade secret does not have to be unique or novel- which is required for a patent).
29 ACC Materials: We've Got an Eye on You: Employee Monitoring and Communications, Privacy, and Data Security -- When the Non-compete Is Incomplete: Avoiding Trade Secret Litigation -- Do You Have an Edward Snowden in Your Ranks? Top Ten Tips on Mitigating Insider Threats -- Are Your Work s Safe? How to Protect Your Company’s Classified Information -- Lawyers Leading the Race to Cybersecurity --
30 Harvard Business Review Articles:The Danger From Within (Sept. 2014) --David M. Upton and Sadie Creese. https://hbr.org/2014/09/the-danger-from-within Cybersecurity’s Human Factor: Lessons from the Pentagon -- James A. (Sandy) Winnefeld, Jr., Christopher Kirchhoff, and David M. Upton. https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon Data Breaches Aren’t Just an IT Issue – Verizon. https://hbr.org/sponsored/2016/04/data-breaches-arent-just-an-it-issue
31 “6 Biggest Business Security Risks and How You Can Fight Back” – Jennifer Lohoff Schiff. “Insider vs. Outsider Data Security Threats: What’s the Greater Risk?” -- By Nena Giandomenico & Juliana de Groot. https://digitalguardian.com/blog/insider-outsider-data-security-threats “Employees Still the Biggest Threat to Enterprise Security” – Sara Drury. https://blog.digicert.com/employees-still-the-biggest-threat-to-enterprise-security/
32 ANY QUESTIONS?