ChIPs Global Summit Report 2: The DTSA and a system breach by hackers - what does it mean for your trade secrets?

The DTSA panel shares best
practice to reasonably protect
your trade secrets
As readers will know, one of the AmeriKat's favorite topics is trade secrets.  She was therefore quick to rush to the Defend Trade Secrets Act (DTSA) session that was moderated by Jeanine Hayes (Chief Intellectual Property Officer, Nike).  Jeanine explained that years and years are spent on product development at Nike which is tied to very public marketing campaigns only at the last stage.  Trade secret protection during the product development is therefore exceptionally important.  The DTSA was driven substantially by industry who recognize that trade secrets is an important right (see the AmeriKat's reports on the legislation here).  A reason for the big push for the DTSA was the need for consistency around the enforcement of the right.  There are good state laws, Jeanie noted, many of which are similar as between each other, but from a corporate perspective there needed to be ease of efficiency.

A big difference between state laws and the DTSA is the ability for ex parte seizure orders.  Lily Lim (Finnegan) explained that the provision is completely new, but is meant to be rarely used.  In order to get such an provision into the DTSA, Lily explained there was a lot of negotiation to neuter the provision by way of numerous safeguards.  Previously, a plaintiff could obtain a temporary restraining order (TRO) or engage with the FBI and government attorneys on the criminal side.  Now, private practitioners have an extraordinary remedy available to them that gives them a lot more power behind what they do in that, when we are talking about trade secret theft which occurs within seconds, they now have the ability to act quickly to stop the theft across state lines.  Being able to obtain a quick remedy is therefore crucial and the ex parte seizure order provides for this.  However, Lily explained, we haven't seen a whole lot of action yet.  We have seen applications for ex parte orders, but she is still unaware of any orders that have been granted.  Instead, temporary orders for holding information have been granted.  Nevertheless, the ex parte provision has opened a door to get to the courthouse faster, irrespective of whether or not when you leave the courthouse you walk away with an ex parte seizure order or a TRO.

Dale Cendali (Kirkland & Ellis) explained that you often have seizures in trade mark cases and/or those cases where there is a criminal or close to criminal element.  She suspected that the ex parte seizure order was going to require the same showing, with a higher proof as to what a plaintiff says is a trade secret and that it is going to be misused imminently.  Now that the ex parte provision is expressly in the legislation, it was commented that this may give federal judges more comfort in ordering ex parte relief.  "A lot of the time when you seek TROs, the judge asks if I have called my adversary, as there seems to be a reticence from federal judges in granting a TRO."  She continued, "I would not be surprised if people will go to court on an ex parte seizure order but also ask for a full blown ex parte injunction - if you are going to write the brief, you may as well get it all done."  Too right, agrees the AmeriKat, it is what we do in the UK after all!

Judge Beth Freeman (District Judge, US District Court of the Northern District of California) stated, to laughter, that the ex parte seizure order "may be your shiny new toy, but it is not my shiny new toy".  She commented that time is the most critical element in these cases, for example, where someone is at the airport ready to flee the jurisdiction with a bag of trade secrets.  You have to get the wheels of justice moving quickly.  Filing your brief on PACER and hoping the law clerk sees it in 1-2 days is fine, but it may not work very well in many cases. Judge Freeman commented that in the very urgent cases, parties may need to be on the courthouse step and calling the clerks to alert them that an application is on its way.  Another issue is the need to describe the trade secret and theft with particularity.  If ordered, the judge will be ordering a federal marshal to show up somewhere to look for something.  The plaintiff needs to carefully describe what it is they are looking for and where it is likely to be, especially because the information is likely to be intermingled with personal information like children's photos and other documents on a personal computer.  Specificity is key.

Because the DTSA does not preclude the state law route, there may be a dual track.  If you suspect that you are going to be in federal court, most people will plead state law claims as well (as why not).  The state law claims may have different requirements and statute of limitations.  Plaintiffs should also consider whether certain trade secrets cases really need to be in federal court.  Indeed, there are advantages of being in state court (i.e. no need for a unanimous jury or endless depositions).  When you are thinking about forum, these are issues that should be considered.

An in-house perspective from the semi-conductor industry flagged up a few key issues:
  1. Although there is great reliance on patents, because software is becoming increasingly important in the context of whole system solutions, know-how is becoming incredibly valuable.  Trade secret protection is therefore important.  
  2. Companies have to establish a whole system of policies.  Because you are operating in a company where your engineers want to collaborate with numerous people across the globe, it is not always easy to physically control the flow of information between tens of thousands of people and products.  There is no way to track them all, so we have to exercise control with policies. 
  3. Internal alerts are important so that you are notified when employees start downloading numerous files or any other activity that is not keeping with that user's profile.  
  4. Keeping logs is crucial.  If you do not have detailed logs, you have no evidence.   
  5. Auditing is incredibly important.  If you are being reasonable in your IT system protection, you should not legally lose your trade secret protection just because someone is more clever.  But whatever system you have put in place, you need to check it periodically to make sure it is being implemented.  You therefore need to establish internal audit processes to check the physical security (camera, swipe card access) and electronic access (to make sure people are following policies).  
All of these considerations and measures will help to show, under the DTSA (like under state law) that you have taken "reasonable efforts" to maintain secrecy.  Of course this will always be a grey area because reasonability will depend on the particular facts of a case.  However, it was suggested that looking to the body of Federal Trade Commission law is a helpful starting point.  Lily explained that a lot of companies are facing privacy issues and have to deal with obligations that the FTC is actively enforcing.  If you are an IP counsel and you are looking into trade secrets issues, you should look into FTC enforcement actions as that area of law will give you a lot of information as to what is the bare minimum for what may constitute reasonable security measures from a consumer perspective.  The FTC is not pushing forward a "gold standard" ideal, but the case law does provide you with an indication as to the "floor" of security measures.  

The panel also cautioned about the security risk of laptop cameras.  Just because you have a secure R&D room with swipe card access, physical monitoring with cameras and assurances that your engineers in the R&D room follow the letter of your trade secrets policy, this does not mean you are safe.  For example, even if your engineers follow your instructions to disable the camera features on their laptops, this, we have realized, is not enough.  This may still not be construed as a reasonable effort to secure your trade secrets, because their laptop cameras can be hacked into remotely without anyone noticing.  The FTC has recently issued guidance on this.  

The panel also agreed that having a trade secrets protection/security policy was better in showing that you were mindful of protecting trade secrets, than having no policy at all.  However, the biggest vulnerability for plaintiffs is evidence that you have a policy but that you have not followed it.  If you have hired a consultant who has developed a very sophisticated policy for your trade secrets protection, that you initially followed but then neglected, then that is going to be prima facie evidence that you thought protection was necessary but were then reckless with your own trade secrets. This is an easier route in for the defence in order to dismember your complaint than focusing on the reasonableness of the policy itself.

The panel closed by debating how the pleading requirements may change under the DTSA.  For example, in California there are discovery rules that require a plaintiff to disclose trade secrets first.  When plaintiffs do not have to disclose this information and the defendant is first forced to explain what it is that they are doing, it follows that the plaintiff immediately says that everything the defendant has done is trade secret misuse.  What will happen under the DTSA?  Well, the panel concluded, we need a case first.....
ChIPs Global Summit Report 2: The DTSA and a system breach by hackers - what does it mean for your trade secrets? ChIPs Global Summit Report 2:  The DTSA and a system breach by hackers - what does it mean for your trade secrets? Reviewed by Annsley Merelle Ward on Friday, September 16, 2016 Rating: 5

No comments:

All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here: http://ipkitten.blogspot.com/p/want-to-complain.html

Powered by Blogger.