A recent order from the United States District Court for the Eastern District of New York in Art & Cook, Inc. v. Haber sheds light on two common issues in trade secrets litigation: (1) the meaning of “reasonable measures” to protect information under the Defend Trade Secrets Act (DTSA), and (2) whether customer lists receive trade secret protection. No. 17CV1634LDHCLP, 2017 WL 4443549 (E.D.N.Y. Oct. 3, 2017). The court’s order denying a preliminary injunction demonstrates that (1) misappropriation of a customer list consisting of publicly available information is not likely to give rise to claim under the DTSA, and (2), even when such information could be protected by the DTSA, low-level security measures will not suffice as reasonable measures to protect its confidentiality.
In Art & Cook, the plaintiff, a kitchenware company, brought suit against its former employee and salesperson under the DTSA. The plaintiff claimed, among other things, that the defendant had stolen certain information prior to his termination, including a compilation of contact information for buyers at various companies. The plaintiff offered evidence that it used a password-protected server, password-protected folders, and a third-party Internet company to protect its servers from hackers. A critical fact for the court was that the plaintiff asked the defendant to sign a non-disclosure agreement (and an employee handbook) years after the defendant was hired, but the defendant refused. The plaintiff not only continued to employ the defendant after his refusal to sign the agreements but continued to give the defendant access to the information claimed to be trade secrets. The court issued a temporary restraining order and soon thereafter held an evidentiary hearing on the plaintiff’s motion for a preliminary injunction. The court issued its order after that evidentiary hearing.
In its order, the court found that plaintiff’s customer lists were not protected by the DTSA. The lists at issue were spreadsheets containing names, emails, and phone numbers for buyers at approximately 72 companies. Some of the companies were the plaintiff’s existing customers, others were not. The plaintiff claimed that it took tens or hundreds of hours to create the lists but also conceded that much of the information on the list could be obtained by “hiring representatives, attending trade shows, and meeting buyers from various companies.” Some portions of the information could also be obtained through Internet searches. The court cited a long line of authority defining when customer lists rise to the level of protected trade secrets, observing that customer lists that contain customer preferences are often protected but that mere compilations of publicly available contact information are not, even if creation of the list requires a substantial amount of work. In light of that authority, the court found the plaintiff’s lists were not protected by the DTSA.
The court also held that plaintiff had not used reasonable measures to protect its purported trade secrets. The court was particularly concerned with the fact that plaintiff had attempted to secure a non-disclosure agreement, but that defendant (and several other employees) refused to sign the agreement. The court implicitly recognized that plaintiff had two options once defendant refused to sign the agreement: Prevent the defendant from accessing confidential information or potentially waive protection under the DTSA for the information in the future. Because plaintiff allowed defendant to continue accessing the information, the court found that plaintiff’s protective measures were not “reasonable,” that plaintiff was not likely to succeed in its DTSA claim, and denied the motion for preliminary injunction. The court went one step further and observed that in light of its decision on the preliminary injunction, any DTSA claim involving plaintiff’s limited protective measures was also vulnerable to a motion to dismiss.
The court’s order in Art & Cook, Inc. v. Haber provides helpful information for practitioners assessing potential claims and advising clients on how to protect their trade secrets. First, litigators should recognize that customer contact lists that consist exclusively of publicly available information are not protected under the DTSA and will not support a claim. A list contains some additional valuable information, like customer preferences, there may be a claim under the act. Second, when advising a client about protecting sensitive information, the client must understand that password protection for trade secret information—without more—may not be enough to establish reasonable protective measures. And while a non-disclosure agreement may be helpful in establishing reasonable protective measures, the employer must also make access to confidential information contingent on entering into the agreement, or risk losing trade secret protection for the information.