This article was originally published by Corporate Compliance Insights on October 5, 2022. Image via Corporate Compliance Insights.

As insider threats increase, companies should work to make the most of federal trade secrets protections

A relatively new law (the Defend Trade Secrets Act) aims to give businesses a legal framework to fight against theft of trade secrets by insiders. María Amelia Calaf of Wittliff Cutter explains the nuances of the law and discusses how businesses can prevent misappropriation of valuable trade secrets.

Two founders hire their first employee to help develop a key component of their product. The employee works alongside the founders for years, gaining a front-row seat to every aspect of the business and enjoying unfettered access to critical proprietary information. The company grows over time and just as it is about to become public, the employee abruptly gives notice. A week later, the company finds out its trusted former colleague has taken a cache of documents, including client lists, pricing information and vendor contacts. Worse yet, they have joined a competitor in a similar role.

This scenario is becoming increasingly commonplace. Trade secret theft by insiders leaves employers vulnerable in the marketplace, threatening to destroy their hard-earned competitive advantage. Employers are not without recourse, however. The Defend Trade Secrets Act (DTSA) provides the legal framework for protecting businesses from trade secret misappropriation and empowers businesses to seek emergency injunctive relief, as well as monetary damages against those who unfairly seek to exploit its proprietary information.

This article discusses the DTSA framework and makes recommendations for businesses seeking to protect their trade secrets so that they are ready to advance a DTSA claim should they ever find themselves victims of misappropriation.

The legal framework

Enacted in 2016, the DTSA is the first federal law to create a private right of action for the civil misappropriation of trade secrets. Because by its own terms, the statute covers trade secrets “related to a product or service used in, or intended for use in, interstate or foreign commerce,” the DTSA applies across a wide range of industries and products.

To assert a claim under the DTSA, the company must show:

  • The misappropriated information is, in fact, a trade secret.
  • The defendant acquired the secret through improper means.
  • The defendant’s use of the secret resulted in harm to the plaintiff.

All three elements must be present for a DTSA claim to be successful. Because to establish the first two elements, companies must meet certain statutory requirements, this article focuses on those two prongs and what businesses can do to ensure they are best situated to defend their trade secrets and advance DTSA claims in the event of misappropriation.

The misappropriated information must qualify as a trade secret

As a threshold matter, the company must establish that the misappropriated information qualifies as a trade secret. Confidential or proprietary information is not automatically a trade secret for purposes of the DTSA. The statute sets forth specific requirements to meet the definition of trade secret.

Under the DTSA, a trade secret is defined as “financial, business, scientific, technical, economic or engineering information” that “the owner … has taken reasonable measures to keep … secret; and … derives independent economic value … from not being generally known to and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information.”

Accordingly, while a wide range of information can be protected as a trade secret, it is crucial that the employer show (1) it took reasonable measures to keep the information secret and (2) that the information is not generally known to, or readily ascertainable by, others in the industry.

The reasonableness measure is relatively straightforward. Although the DTSA does not specify what constitutes reasonable measures, courts have generally recognized measures such as confidentiality agreements, password-protection, sharing information with employees only on a need-to-know basis, and emphasizing the need to keep the information confidential in an employee handbook. These measures are the necessary minimum for any court to qualify information as a trade secret.

The converse is not true, however. Having these measures in place does not automatically entitle data to trade secret protection. The company’s practices matter. If the record shows, by way of example, that despite imposing confidentiality obligations on employees, those same employees frequently forward so-called trade secret documents to third parties via email without imposing any confidentiality obligations on those third parties, the existence of any internal measures will be irrelevant: the information will not be considered secret.

Thus, companies are advised not only to enact confidentiality policies and practices, but to comprehensively assess the use of its most critical trade secrets and monitor compliance with corporate policies. Frequent reminders to employees of the need to maintain confidentiality via trainings and/or yearly certification requirements also help establish the company’s efforts to take reasonable measures to protect its secrets.

Likewise, information that is widely available to industry participants or observable to users does not constitute trade secret even if the company treats it as such for internal purposes. Thus, for instance, a list of industry contacts purchased from a specialized vendor does not qualify as a corporate trade secret just because the employer limits its distribution internally or labels the document confidential. Nor are the identities of customers and their contact information, as another example, trade secret if those are otherwise ascertainable to industry participants.

It is thus not enough to have confidentiality agreements and data protection measures in place. The day-to-day practices matter to the analysis, as such business should have procedures in place to ensure that the most sensitive trade secret information is accessed and used in a manner that is consistent with its trade secret status. And be prepared to make a quick assessment in the event of a misappropriation about the possibility the relevant documents or files may not qualify for trade secret status under the DTSA and require the use of other claims to seek judicial relief.

The defendant misappropriated the trade secret

Once information is established as a trade secret, a company must show how the trade secret information has been misappropriated. There are three ways for the company to do so: acquisition, disclosure or use.

  • Acquisition: A trade secret is improperly acquired when a defendant accesses the trade secret without authorization, even if the information is not disclosed to or used by a third party.
  • Disclosure: Disclosure happens whenever the former employee shares the trade secret with a person or entity not authorized to receive or access the information — typically the new employer.
  • Use: A trade secret is improperly used if it is utilized in such a way that is likely to result in injury to the trade secret owner or enrichment to the defendant. For instance, relying on the trade secret to assist research and development for the new employer would constitute an improper use of the trade secret.

Establishing the second element under the DTSA is important because companies often seek emergency injunctive relief to stop the misappropriation and require the return of their trade secret information. (Because even the most straightforward DTSA litigation can take over a year to reach trial, it is critical to seek preliminary relief in these cases to minimize the impact of any misappropriation.)

At that early stage of litigation, companies do not necessarily have all the facts to establish disclosure or use. Discovery is needed to determine what happened to the trade secret information after it left the company.

Showing the employee has accessed the trade secret files, however, is often sufficient to ensure corporations can vindicate their rights at the preliminary injunction stage. As long as the new employee is “in a position to use” the trade secret information — which will invariably be the case if they are working for a competitor — merely accessing trade secrets without the company’s authorization is enough to satisfy the second prong of the DTSA.

The defendant’s use of the secret resulted in harm

While most trade secret cases (like other commercial litigation) are often resolved well before trial, a business will only be able to collect damages on a trade secret misappropriation claim if it can meet the third element: a showing of harm stemming from the alleged theft.

Because establishing that information is trade secret requires the company to show the trade secrets have independent economic value, this element is one of the simpler elements to establish. Harm follows if the trade secret has been used or exploited by a third party either to avoid development or research costs or simply to unfairly compete. Most cases will not reach this stage.

A powerful tool for protecting businesses

Although as explained here, the DTSA is a useful tool for protecting businesses from trade secret theft, companies should be proactive about having policies and procedures in place that minimize the risk of misappropriation in the first place. In addition to setting policies and procedures that protect trade secret information, such as the ones discussed above, companies are also advised to take proactive measures to minimize the risk of misappropriation when offboarding an employee, as it is the most common scenario.

It is not enough to cut access to the employees’ devices and accounts upon separation. Companies should also consider asking departing employees to:

  • Check their personal devices and accounts for any company files and documents.
  • Review home offices for company documents and/or files.
  • Certify that they deleted and/or destroyed any electronic or physical files or documents in their possession.

A review of accounts and devices for any unusual activity in the weeks prior to separation is another measure businesses should implement for those employees dealing with critical proprietary information.

Joshua Kelly, a litigation associate at Wittliff Cutter, provided research assistance for this article.

María Amelia Calaf

María Amelia Calaf

María Amelia Calaf is a partner at Wittliff Cutter in Austin. She focuses her practice on complex commercial litigation, with an emphasis on resolving non-compete, non-solicitation and trade secret litigation. Her extensive experience as a first chair litigator also includes the representation of corporations across a wide range of industries in disputes concerning business torts, intellectual property matters and constitutional challenges. She also has substantial experience pursuing and defending requests for emergency injunctive relief in state and federal courts.