Implementing "reasonable measures" to keep confidential proprietary information secret will not only protect them from misappropriation, but may also enable a court to treat the stolen information as a trade secret and to provide the victim with claims and remedies under state and federal trade secret law. Indeed, under the right circumstances, installing appropriate safeguards may enable a party to locate and seize its trade secrets, or at least enjoin the movement, disclosure, and use of such information during the litigation.
Although the definition of "reasonable measures" under trade secret law is ever evolving, businesses should take the following measures:
1. Have all employees sign agreements that stipulate that certain information is a trade secret and subject to trade secret protection.
2. Provide notices to employees, pursuant to the Defend Trade Secrets Act, 18 U.S.C. 1836 et seq. (DTSA), of immunity from trade secret misappropriation claims to whistleblower employees who disclose their employer's trade secrets or confidential information to state or federal agencies for the purpose of reporting or investigating a suspected violation of law. Failure to provide notice of this and other immunities provided by the DTSA to employees, consultants and independent contractors, in any contract or agreement entered into after May 11, 2016, that governs the use of trade secrets or other confidential information, will bar the company from certain remedies (such as enhanced damages and attorney's fees) available under the DTSA. Such notices, which employees should counter-sign, could state:
Pursuant to the Defend Trade Secrets Act of 2016, I understand that:
An individual may not be held criminally or civilly liable for any federal or state trade secret law for the disclosure of a trade secret that: (a) is made (i) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (b) is made in a complaint or other document that is filed under seal in a lawsuit or other proceeding.
These required notices should be inserted in all (i) employment, independent contractor and consulting agreements, (ii) separation, severance and release of claim agreements, (iii) non-compete and non-solicitation agreements, and (iv) confidentiality agreements and agreements in employee handbooks.
3. Limit access to trade secrets to employees who need access to perform their jobs.
4. Have their trade secrets subject to password protection.
5. Have confidential information marked confidential.
6. Regularly remind and educate employees with access to confidential information about keeping such information secret.
7. If feasible, segregate networks, or at least install firewalls, so that a hacking of one network, or one part of a network, does not expose information in the companies' other network or portion of a network.
8. Engage outside specialists to monitor access and audit its computer and electronic storage systems.
9. With regard to possible cyber theft, although complete retrieval may be almost impossible, tracking devices may be installed to possibly locate Microsoft and PDF documents. Encrypting trade secrets may prevent, or at least reduce, damage caused by the theft of a trade secret, and buy time to locate and seize stolen information.
The need for, and sufficiency of these and other measures is as much a technological question as a legal one. Therefore, attorneys should meet with their clients and IT vendors to make sure their "reasonable measures" maximize protection under trade secret law.