One Simple Step in Outlook to Protect Your Trade Secrets

If you and your employees use Outlook, you can take one simple step now to dramatically reduce the risk of inadvertent sharing of confidential information: Disable email-address auto fill.

Everyone loves this feature. You type the first few letters of someone’s name, and Outlook fills in an email address. But the increased efficiency comes at a cost, as everyone occasionally sends an email to the wrong person whose name is similar to the intended recipient.

If that email contains confidential info, you’ve just compromised it. Hopefully, you sent it to someone friendly who will comply with your embarrassed request to delete the email. Even if there’s no confidential information, the recipients may question your ability to exercise discretion when necessary. (Also, imagine later trying to prosecute a trade-secrets action and having to produce in discovery an email sending the info at issue to some random guy.)

So I strongly recommend that you disable this feature. And have your IT department disable it for all employees. The relatively minor loss of efficiency is outweighed by the reduced risk of unwanted disclosure. And there’s an added benefit: not having to send sheepish apology emails to the mistaken recipients (and sometimes to the other intended recipients who now have an interloper privy to the discussion).

Here’s how you disable this feature:

File –> Options –> Mail –> Send Messages –> Deselect the radio button for “Use Auto-Complete List to suggest names when typing in the To, CC, and Bcc lines”

Alley-Oops: The Orlando Magic Tweeted a Picture Showing Team Trade Secrets

Sometimes companies forget about even the most obvious protections for their trade secrets. For example, “don’t tweet out a picture of your secret business strategies.” The Orlando Magic recently did just that.

Earlier this month, a player’s agent tweeted a picture of the player signing a new contract with the Magic. But the picture also showed a dry-erase board listing the Magic’s off-season free-agent targets and trade possibilities. Now there are reports that the Magic’s general manager, who has since been fired, took the picture.

It goes without saying that the Magic don’t want the rest of the league knowing about their off-season personnel plans, which are arguably trade secrets if appropriately protected. But for some reason, they left those plans on a dry-erase board and then let an agent—who could potentially benefit from knowing that information—into the room. And then they allowed the contents of the board to be shared with the rest of the world. Not particularly savvy.

The lesson here is simple, and seemingly obvious: trade secrets need to be secret. They shouldn’t be left up on a dry-erase board. Or in papers on someone’s desk. This episode shows that even intelligent people can have a lapse of judgment. If you implement and enforce a trade-secrets policy that only allows storage of trade secrets in secure media, and limits disclosure of trade secrets to those who need them to do their jobs, you can minimize the “human error” element that led to this embarrassing gaffe.

The Cybersecurity Article that Every Executive Should Read Immediately

I love this article, titled Why America’s Current Approach to Cybersecurity Is So Dangerous. It should be required reading for all executives at companies at risk of a cyber attack — in other words, all companies. While the whole article is great, its core message can be reduced to a single sentence: People, not technology, are the key to reducing the risk of cyberattacks. I could not agree more, as I’ve written about before. Every company needs to ask: what can we do to create a culture of protection?

The article starts by identifying the problem:

We should be concerned that, as a society, our minds go mushy when it comes to “digital literacy,” “information security,” “online safety,” or whichever name we choose. In fact, that mushiness is a major reason why America’s current approach to cybersecurity is so dangerous. We’re ignoring the behaviors of the overwhelming majority of actual users, and therefore leaving the largest attack surface undefended. . . . To the extent we are all part of the contest in cyberspace, we’re essentially deploying our troops without armor, our submarines without sonar.

And as a result, “cybersecurity has transformed what is actually a ‘people problem with a technology component’ into its exact opposite.” Yes! Technology is not a panacea for preventing cyber attacks. Technology can’t protect your company’s biggest vulnerability: the people working there. “Until we embrace a vision of public cybersecurity that sees all people, at all ranges of skill, as essential to our collective security, there will be no widespread cybersecurity.” The same goes with your company. You can spend millions or more on tech-based protections, but if you ignore the human risk, your security is virtually certain to fail. And of course, if you are at risk of a cyberattack, you are at risk of trade-secret theft.

The article finishes with a great analogy between cybersecurity and public health:

We need to get better to increase our herd immunity against botnets. We need to see that cybersecurity—like all aspects of safety, security, and resilience—is a shared responsibility. Better devices and apps won’t save us, since there are myriad other ways that individuals—even highly trained ones—become the weak link allowing bad guys to access personal, corporate, and government information assets. And almost all efforts at online safety, while well-meaning, are so poorly designed as to preclude knowing whether they work. It’s not magic: As with health or safety education, we need to start with basic steps and repeatable behaviors—like hand-washing or looking both ways before crossing.

This is the key. In a mature organization that has fully embraced and achieved a culture of protection, the employees will treat cybersecurity as second nature. Good habits will have become routine. Unfortunately, I have yet to encounter a company that has reached this point. For a variety of reasons—dependence on technology first among them—just about all employees have a host of bad habits that put the company at risk.

Creating this culture is not easy. To the contrary, it will require repeated, sustained effort, initiated and supported from the very top of the organization down, over a long period of time. Nor will it guarantee that all cyberattacks will be thwarted. But I see no viable alternative. Any company that has not made employee-level protection a top priority is virtually certain to suffer repeated cyberattacks.

Florida’s Restrictive Covenant Statute: The Power of Presumption

Florida has one of the most employer-friendly restrictive-covenant statutes in the country, Section 542.335, Fla. Stat. For example, the statute prohibits judges from considering any hardship suffered by the person against whom enforcement is sought. The statute also contains a rebuttable presumption that a violation of an enforceable restrictive covenant creates irreparable injury. Yesterday, Florida’s Third District Court of Appeal (which covers Miami-Dade County) issued an opinion showing the power of this presumption. The opinion, in Allied Universal Corp. v. Given, can be downloaded here.

Allied manufactures and distributes water-treatment chemicals. Defendant Given worked as a regional sales manger for Allied and signed a non-compete agreement. As part of his employment, he received training regarding various aspects of Allied’s business. Given resigned from Allied to work for Univar, a company that competes with Allied. Allied filed suit and sought a temporary injunction, which the trial court denied on the grounds that Allied failed to show irreparable harm.

The appellate court focused on the rebuttable presumption of irreparable injury and described the evidence offered by Allied:

At the evidentiary hearing on the motion for temporary injunction, Allied presented unrebutted evidence of the existence of statutorily legitimate business interests to be protected and evidence that Given had substantial relationships with specific prospective or existing Allied customers. Allied’s president, Mr. Palmer, testified that his company had trained Given, over the course of Given’s six-year employment, in its manufacturing and production techniques, marketing strategies, and confidential pricing strategies. In addition, Given had knowledge of existing and prospective customers, and had been sent to several trade meetings to cultivate these contacts.

Thus, the court concluded that Allied had successfully shifted the burden to Given to establish the absence of irreparable injury. But Given “failed to present any such evidence.”

Interestingly, Given argued that because he had not yet begun actively working for Univar, he had not breached the noncompete and no damages were incurred. But he admitted that if he were not enjoined, he would start working for Univar. The court rejected this argument, noting that “the only focus at the preliminary injunction stage is to maintain longstanding relationships and preserve the company’s goodwill.” In the future, plaintiffs can use this language to highlight the need to maintain the status quo.

Given Florida’s employer-friendly restrictive-covenant statute, noncompete and related agreements are powerful tools for Florida companies seeking to protect trade secrets and proprietary information. Cases like Allied show how this statute makes it easier for an employer to obtain an injunction prohibiting violations of a restrictive covenant.

Federal Court Denies Expedited Discovery In Defend Trade Secret Act Case

Trade-secret-misappropriation cases can move fast. Often, the plaintiff files a motion for temporary restraining order alongside its complaint. Sometimes, the plaintiff has enough evidence already to justify a TRO. Other times, the plaintiff needs to take discovery before the TRO hearing.

But the typical discovery deadlines in the rules of civil procedure are not well suited for these TRO proceedings. Thus, plaintiffs regularly seek expedited discovery. In my experience, the parties are often able to agree to an expedited discovery schedule, since defendants usually want to take discovery as well. But when the parties cannot agree, the court needs to get involved. A recent case out of the Middle District of Florida shows the importance of narrowly tailoring expedited discovery requests, particularly when asking a judge to permit this type of discovery.

In Digital Assurance Certification, LLC v. Pendolino, the plaintiff works with municipal bond issuers to comply with various SEC regulations. The plaintiff alleges that the defendant, a former employee, left to work for a competitor. And in his final week of work, according to the plaintiff, the defendant used a USB drive to access every document on the plaintiff’s shared drive. Thus, the plaintiff brought claims for violations of the Defend Trade Secret Act and the Florida Uniform Trade Secrets Act, among others, and filed a motion for a TRO.

In advance of the TRO hearing, the plaintiff filed a motion for expedited discovery. The court denied the motion. A copy of the order can be downloaded below.

The court first set forth the standard for determining whether the plaintiff had demonstrated good cause for expedited discovery:

Factors the Court considers in deciding whether a party has shown good cause include: (1) whether a motion for preliminary injunction is pending; (2) the breadth of the requested discovery; (3) the reason(s) for requesting expedited discovery; (4) the burden on the opponent to comply with the request for discovery; and (5) how far in advance of the typical discovery process the request is made.

Here, the court focused on the second factor, the breadth of the plaintiff’s requests. The court took issue with the scope of the plaintiff’s requests, noting that “while these matters may be relevant to the issues raised in DAC’s complaint, they go far beyond what is needed for the hearing on the motion for a temporary restraining order.”

Take away: When bringing a motion for a TRO, the plaintiff’s lawyers need to figure out quickly whether the parties will be able to agree to an expedited discovery schedule. If not, the plaintiff needs to draft discovery requests that are laser focused on the issues relevant to the TRO hearing. In my experience, judges will allow this type of discovery, as long as the requests are reasonable. Conversely, judges will protect defendants from overbroad discovery.

Digital Assurance Certification, LLC v. Pendolino

Trump and Trade Secrets: Signs of Encourgagement?

I’ve written several times about how Donald Trump’s rhetoric suggesting radical foreign-policy changes could threaten US companies’ trade secrets. See here and here. In particular, I’ve been concerned about Trump’s aggressive stance towards China, including statements about upending the “One China” policy.

Now that we’re several weeks into Trump’s presidency, we are seeing signs that his foreign policy won’t be so radical after all.

This New York Times Article, titled Trump Foreign Policy Quickly Loses its Sharp Edge, explains:

As Mr. Trump begins to shape his foreign policy, he is proving to be less of a radical than either his campaign statements or his tempestuous early phone calls with foreign leaders would suggest.

The article discusses how Trump’s actions as president differ from his campaign statements, including his recent affirmation of the One China policy. It also talks about how Cabinet members like Secretary of State Rex Tillerson and Defense Secretary Jim Mattis have emerged as persuasive voices, advocating for a more stable approach to geopolitical issues.

This is encouraging. I have been very concerned that Trump’s volatile, unpredictable style, combined with his lack of experience, would strain the relationships between the US and countries like China that have a history of state-sponsored trade-secrets theft. For now, it seems like there are voices of reason within his administration who have Trump’s ear. But at this very early stage of Trump’s presidency, substantial uncertainty remains.

Note: This is not a political blog, and I am not commenting on the more controversial issues discussed in the NY Times article. Here, I am solely focused on how the Trump administration’s actions impact companies’ trade secrets.

The New Protecting Trade Secrets

The world is changing, and so is this blog. Some of these changes are visual — you can see our new site design. But more importantly, there will be some substantive changes as well.

This blog is not designed to be political. It exists to provide insight, advice, and timely legal updates to those interested in trade secrets and protecting proprietary information. But we’ve arrived at a place where this blog’s purpose has intersected with the political world.

I believe President Trump’s actions have put American companies’ trade secrets at risk. I’ve written about that several times, including here and here. I am going to continue to write about how the new administration’s actions affect companies looking to protect their proprietary information, for better or worse. But understand: this is not a Republican vs. Democrat issue. Here, I am concerned only with how the President is (or hopefully isn’t) a threat to your trade secrets.

And I will, of course, continue my posts about recent caselaw, trade secrets in the news, and general advice.

I welcome any feedback about the new Protecting Trade Secrets.

A Fishy Dilemma: When to Seek an Ex Parte Injunction When You Suspect Trade Secret Theft

I’ve said it before: When it comes to protecting trade secrets, time is of the essence. A recent case out of the Middle District of Florida, Primo Broodstock, Inc. v. American Manufacture, Inc., shows what happens when a company that suspects trade-secrets theft sleeps on its rights. But this case has an interesting twist: The court suggests that the plaintiff should have moved quicker, even absent sufficient evidence of misappropriation. A copy of the order can be downloaded below.

This case involves shrimp. The plaintiff genetically engineered disease-resistant shrimp, called Primo Shrimp. It contracted to use the defendant’s shrimp-growing facility to study and breed Primo Shrimp for worldwide distribution. As often happens, the relationship fell apart. This led to an initial lawsuit, which the parties settled pursuant to an executed term sheet. Later, the plaintiff suspected that the defendant was going to sell live Primo Shrimp in China, in violation of the parties’ agreement and the plaintiff’s intellectual property rights in the shrimp.

Thus, the plaintiff filed this suit, which includes claims for violations of the Defend Trade Secrets Act and the Florida Uniform Trade Secrets Act. The plaintiff sought, twice, an ex parte temporary restraining order. The court denied both requests.

This opinion deals with the second request for a TRO. The court’s decision was, in large part, based on the plaintiff’s failure to move quickly:

More importantly, even if there is an emergency, it is one Plaintiff should have sought to prevent months ago. Plaintiff knew since at least as early as mid–September that Defendants believed the live Primo Shrimp were their property to sell after being left at AMI’s facility. Plaintiff also had evidence that Defendants had been actively looking (even if not yet “attempting”) to sell Primo Shrimp breeders to the market since at least as early as July 2016. Yet Plaintiff did not act to protect any continued legal rights in the animals. Having failed to do so, Plaintiff is not now entitled to ex parte injunctive relief.

But this case is more than just another illustration of the need to move quickly. In a footnote, the court suggests that the plaintiff should have done so even absent sufficient evidence:

Plaintiff’s failure to act is particularly inexplicable in light of the parties’ contentious relationship and prior litigation history. In his affidavit, Vice President Randall Aungst explains that Primo delayed seeking injunctive relief because, until recently, there was insufficient evidence showing that AMI was attempting to sell live Primo Shrimp. Maybe so, but that does not mean Primo could not have sought declaratory relief as to the parties’ rights and obligations under the Term Sheet, after receiving the letter from AMI’s attorney.

So according to the court, the plaintiff should have, at a minimum, brought a declaratory judgment action to resolve the dispute. Or filed for an ex parte TRO earlier, even though the plaintiff did not have sufficient evidence.

I disagree with the court’s analysis. Parties should not file for an ex parte TRO unless they can offer evidence justifying that extraordinary relief. And while a party is investigating, it should not have to file a declaratory judgment action, thus tipping the defendant off to its intentions. But this case suggests otherwise.

Investigating trade-secrets theft can create a strategic dilemma. Sue too early, without sufficient evidence, and the court could deny your request for an early injunction. Wait, and the court could say that you slept on your rights. These considerations require complex analysis that must be performed extremely quickly. That’s why it is critical to work with a trade-secrets attorney before you suspect misappropriation. That way, once you discover misconduct, you have access to an expert attorney who is familiar with your business and can offer informed advice as quickly as possible.

Primo Broodstock Inc. v. American Mariculture Inc.

AIPLA Trade Secrets Summit – March 2-3 in Atlanta

The American Intellectual Property Law association will be holding its annual Trade Secrets Summit at Emory University in Atlanta, GA, on March 2-3. You can find more information about the summit here.

I highly recommend this conference for anyone who reads this blog. It is an outstanding opportunity to learn about the latest developments in trade-secrets law, while networking with some of the country’s top trade-secrets attorneys. You can also earn a boat load of CLE credits.

College Football Trade-Secrets Scandal

A scandal involving Wake Forest University’s football team offers lessons for companies protecting their trade secrets. And a phenomenal name.

The Wake Forest coaches gave one of their radio broadcasters, Tommy Elrod, full access to the football team’s game plans. And Elrod has been leaking those game plans to Wake’s opponents — for years. Thus: “WakeyLeaks.”

Since the story broke, several universities have admitted receiving game plans, and the Atlantic Coast conference has fined Louisville and Virginia Tech.

A college-football game plan can be a trade secret. After all, it is information that, if kept secret, arguably offers economic advantage. Given the amount of money at stake, it’s remarkable that college and professional teams don’t adopt the same level of protections as a company guarding its trade secrets.

This episode shows that when it comes to trade secrets, access must be on a “need to know” basis. Wake Forest had no reason to share the full details of its game plans with a  radio broadcaster. When only give your trade secrets to those who need them for their jobs, you reduce the chance of unwanted disclosure.

Also, like Louisville and West Virginia, many companies encounter a competitor’s trade secrets, most often through new hires that bring a former employer’s information with them. But using this information creates a huge risk. Here, Louisville and West Virginia are facing fines and bad PR (and, though unlikely, a possible lawsuit for trade-secrets misappropriation). Use your employee-onboarding process to ensure that new employees don’t have, and don’t use, a prior employer’s trade secrets.

Trade-secret issues arise in all businesses and industries, including college and professional sports. And all companies face the risk of unwanted theft or disclosure of their proprietary information. It is critical to work with an attorney to protect your trade secrets.