The Secret to Trade Secrets Is Keeping Your Secrets Secret

As a result, both the DTSA and at least 48 state statutes that are based on the Uniform Trade Secrets Act (UTSA) require a party to take appropriate steps to maintain the secrecy of the information for which party wants trade secret protection. See, e.g., UTSA § 1(4)(ii); 18 U.S.C. § 1839(3); Beach 2 Bay Aerial Billboard Advert., LLC v. Fla. Beach Advert., LLC, 2017 WL 9510592, at *1 (M.D. Fla. 2017) (“Both the DTSA and UTSA generally define a trade secret as information that derives economic value from not being generally known to or readily ascertainable through proper means by another person, and that is subject to reasonable efforts to maintain its secrecy.”) (citing 18 U.S.C. § 1839(3) and Fla. Stat. § 688.002(4)).

The very recently published opinion by the Northern District of Illinois in Abrasic 90 Inc. v Weldcote Metals Inc., No. 18 C 05376 (N.D. Ill. 2019), drives this point home. In Abrasic, Joe O’Mera, a former president of plaintiff Abrasic 90, Inc., “a manufacturer of grinding and sanding discs doing business as Camel Grinding Wheels, U.S.A. (“CGW”),” “left to set up a competing abrasives business” and “took with him some CGW files containing . . . information about its pricing, customers, and suppliers.” Abrasic, slip op. at 1. The court denied CGW’s application for an injunction largely because CGW “did not protect its supposedly secret information,” based on the following findings, for example:

• “CGW took almost no measures to safeguard the information that it now maintains was invaluable to its competitors. The company’s almost total failure to adopt even fundamental and routine safeguards for the information at issue belies its claim that the information has economic value to its competitors and makes it quite unlikely that CGW will ultimately prevail on its trade secret claim.” Id. at *7.
• CGW “fail[ed] to require those with access to its supposed trade secrets to enter into non-disclosure and confidentiality agreements. . . . Failure to enter into nondisclosure or confidentiality agreements often dooms trade secret claims.” Id.
• “[T]here was no policy at CGW regarding confidentiality beyond a vague, generalized admonition about not discussing CGW business outside of work. That admonition did not define, delineate, or specify which information was considered confidential.” Id. at *8.
• “The confidentiality language in the employee handbook stating that employees are ‘not to reveal or discuss information about CGW, its customers or its employees when outside of the company’ is too broad and vague to confer meaningful protection over the information at issue. Not every shred of CGW information is a confidential trade secret; an employee would not be said to have violated the employee handbook or revealed a trade secret for having had a conversation with his wife about how his work day at CGW went, a discussion that would inevitably include ‘information about CGW.’” Id.
• “CGW did nothing to train or instruct employees as to their obligation to keep certain categories of information confidential. Those employed by or doing business with CGW who had access to the information at issue in its compiled or uncompiled format were not required to agree not to disclose it. CGW did not have exclusive relationships with its suppliers or distributors, yet, according to the testimony of multiple witnesses, CGW’s suppliers and distributors were not generally required to keep the information confidential or enter non-disclosure agreements. Nor did CGW insist that its own employees with access to the information at issue sign non-disclosure agreements or otherwise agree not to disclose it. O’Mera’s employment agreement required that he return CGW documents that he had in his possession upon the termination of the agreement or his employment, but that agreement was only in effect through 2012 at the latest and then was not renewed in 2013. O’Mera’s agreement also did not delineate which CGW information was subject to heightened confidentiality protections.” Id.
• “Although employees were instructed to return CGW property when they separated from CGW, they were not asked whether they possessed any of the information at issue or instructed to return or delete such information. Requiring that departing employees or contractors return company property when their relationship with the company ends is a routine, normal business practice, but precautions must go ‘beyond normal business practices’ for the information to qualify for trade secret protection.” Id.
• “When O’Mera . . . separated from CGW, so far as the record reflects, no one asked [him] what information [he] possessed, admonished [him] about the confidentiality of certain information, or demanded that [he] return any specific information.” Id. at *9.
• The person plaintiff “put in charge of maintaining the security of CGW’s data and information . . . had no training in data security (or virtually any other area of IT management) and was ill-equipped to identify, much less champion, sound data security practices.” Id.
• “[A]ccess to the shared drive where the information at issue was located” was granted “to 39 of CGW’s 108 employees” and “there is no evidence that . . . anyone [was ever denied] access to the shared drive who asked for it.” Id.
• “[T]he same password” was provided “to many CGW employees to facilitate their access to the shared drive, files were not encrypted, and there were no restrictions on employees’ ability to access, save, copy, print, or email the information at issue. Indeed, there is no evidence that supports the notion that employees even needed . . . authorization to access the shared drive; to the contrary, the testimony establishes that any employee could have, with a modicum of knowledge or the aid of another employee, enabled their own workstation to access the shared drive.” Id. at *10.
• When a new IT security person was appointed, “she suggested that CGW take some basic steps to improve the security of the information at issue, such as segregating access to documents on a need-to-know basis and adopting an ‘Acceptable Device Use Policy’ requiring that employees remove company data from their personal devices at the time of their separation. But CGW did not implement even those modest suggestions, further undermining its trade secret claim.” Id. (citations omitted).
• “Perhaps the most telling evidence that CGW did nothing in particular to safeguard its supposed trade secrets is that it took no measures to protect that information that were in any way different (much less more exacting) than the steps that it took to protect information that was indisputably not a trade secret. . . . CGW did not treat the alleged trade secret information any differently on the shared drive, for example, by placing it in a more secure folder within the shared drive. CGW labeled some of its documents relating to its research and development efforts as ‘proprietary,’ . . . but those are not among the documents implicated by CGW’s claims in this case. It takes virtually no effort and little sophistication to include a header on an Excel spreadsheet identifying a document as ‘proprietary’ or ‘confidential,’ yet CGW failed even to do that much with respect to the information at issue in this case. . . . The logical implication is that while CGW considered its research and development materials to be confidential, it did not hold that view of the information at issue in this case.” Id. (citations omitted).

The Abrasic court found that the foregoing “almost total failure to adopt even fundamental and routine safeguards for the information at issue belie[d]” the plaintiff’s claim that the information for which it sought trade secret protection had “economic value to its competitors.” That court, therefore, found it “quite unlikely” that the plaintiff would have “ultimately prevail[ed] on its trade secret claim” and consequently denied the plaintiff’s application for an injunction. Id. at *7.

Disputes regarding whether a litigant seeking trade secret protection took sufficient measures to maintain the secrecy of the information for which that party seeks trade secret protection are usually resolved by the trier of fact. See, e.g., Select Energy Servs., Inc. v. Mammoth Energy Servs., Inc., 2019 WL 1434586, at *6 (W.D. Okla. 2019) (“Like the issue of trade secrets, reasonable measures are generally an issue of fact for the jury,” and “[r]easonable efforts to maintain secrecy need not be overly extravagant, and absolute secrecy is not required.”). However, trade secret plaintiffs lose considerable leverage, and vastly complicate their damage claims, if a court refuses to enjoin the defendant from using the information for which that plaintiff seeks trade secret protection—particularly if the court’s decision is based a prediction that that plaintiff will not prevail at trial.

Given what is at stake with respect to an application for injunctive relief, the Abrasic court’s somewhat excoriating rebuke of the plaintiff’s failure to maintain the secrecy of its alleged trade secrets (Abrasic, at *7 (“CGW’s data security was so lacking that it is difficult to identify the most significant shortcoming”)) is an excellent reminder to keep your trade secrets secret.

Extra protection—above and beyond what is given to less important information—is critical. For example, the information that a party wants to qualify as a trade secret should, without limitation, be segregated and be accessible using passwords given only to those who need access. Weride Corp. v. Kun Huang, 2019 WL 1439394, at *7 (N.D. Cal. 2019) (finding that “restrict[ing] access to its code base to employees who are either on-site or have logged into the [company’s] network through a VPN—which requires a unique username and password”—“encrypt[ing] the source code” for which trade secret protection was sought, and “requir[ing] a unique username, password, and token” to decrypt the source code, and “requir[ing] all . . . employees to sign” a “Proprietary Information and Inventions Agreement” requiring employees to “hold in confidence and not disclose or, except within the scope of [their] employment, use any Proprietary Information” were reasonable measures to preserve trade secret status).

Clear trade secret provisions in employee handbooks and proactive use of nondisclosure agreements are equally critical. Even physical barriers may be appropriate. Abrasic, at *8; Flexible Techs., Inc. v. Sharkninja Mgmt. Co., 2019 WL 1417465, at *3 (D. Del. 2019). And all documents that a party wants to be treated by a court as a trade secret should be marked “confidential” and related emails should indicate that “the contents of those messages include proprietary information.” Id.

Last, this author recommends regular consultation with information technology professionals and implementation of any appropriate suggestions about updating measures to maintain the secrecy of trade secrets.

The bottom line remains clear: Keep your secrets secret if you want them to be subject to trade secret protection.

John A. Stone is a litigation partner at DeCotiis, FitzPatrick, Cole, &Giblin, LP’s New Jersey and New York offices, and specializes in IP and complex commercial and business tort litigation. 

_{Copyright © 2019, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).}