This morning, the New York Times reported that the FBI is investigating whether front-office employees of the St. Louis Cardinals hacked into the Houston Astros’ computer systems. Apparently, the Cardinals’ employees gained access to the Astros’ “internal discussions about trades, proprietary statistics and scouting reports.”

Virtually all businesses have trade secrets and proprietary information, and baseball teams are no exception. One of the Cardinals’ senior executives, Jeff Luhnow, left the team for the Astros in 2012. While he was at the Cardinals,

The organization built a computer network, called Redbird, to house all of their baseball operations information — including scouting reports and player personnel information. After leaving to join the Astros, and bringing some front-office personnel with him from the Cardinals, Houston created a similar program known as Ground Control.

Once he left, others at the Cardinals allegedly hacked into the Astros’ computer system, using a low-tech method. Not surprisingly, these baseball executives don’t seem to be particularly tech savvy. They simply used the same passwords that Luhnow used when he was still with the Cardinals:

Investigators believe Cardinals officials, concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Mr. Luhnow and the other officials who had joined the Astros when they worked for the Cardinals. The Cardinals officials are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.

This is the first time I can recall this type of corporate espionage taking place between competing sports teams. It will certainly attract a lot of attention, and I’m eager to learn more details about what transpired.

But this case also has a very simple lesson for all companies. When you hire someone from a competitor, their former employer knows what password they were using at their prior job. Obviously, you don’t want them using that same password at your company. Consider assigning a new password. Or instruct the employee to use a different password than they used at their prior job. Either way, you need to make sure that passwords are changed regularly.

Companies that provide services to public agencies and entities are often put in a difficult position. To win business, they must include trade secrets as part of their bid. But most documents provided to public agencies are subject to disclosure under freedom-of-information laws. The New Hampshire Supreme Court recently addressed this issue in CaremarkPCS Health, LLC v. New Hampshire Department of Administrative Services (the opinion can be downloaded here).

Caremark submitted a bid for providing pharmacy benefit management services for New Hampshire’s health plan. As part of its bid, Caremark stated that certain information provided contained trade secrets. After Caremark won the bid, the final contract also indicated that Caremark had provided the department with trade secrets.

Soon after, two of Caremark’s competitors made public-records requests to inspect Caremark’s bid. Caremark filed suit and obtained an injunction prohibiting disclosure of the trade secrets (which were not identified in the opinion). The department appealed.

The New Hampshire Supreme Court addressed the question of “whether the [Uniform Trade Secrets Act] prohibits disclosure of trade secrets[.]” They answered this question in the affirmative and upheld the injunction.

The court focused on the portion of the UTSA providing that misappropriation occurs when someone discloses a trade secret without consent, if the trade secret was acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use. The court ruled that the department had acquired Caremark’s trade secrets under such circumstances, for three reasons:

• The request for proposal provided that the department would endeavor to maintain the confidentiality of those portions of the proposal “clearly and properly marked confidential”;
• Caremark marked the information at issue as confidential and proprietary; and
• The final contract provided that both parties were under a duty not to disclose trade secrets.

These three factors provide guidance if your company is in a similar circumstance. You need to have your attorneys carefully examine the RFP language, as well as the applicable state law, prior to submitting a bid. Then, you should mark any documents containing proprietary information and trade secrets. I would prominently affix “CONFIDENTIAL — TRADE SECRETS” on each page containing trade secrets.

Finally, do your best to negotiate the inclusion of confidentiality language in the final contract, as well as language requiring the governmental agency to inform you of any public records request that calls for the trade-secret documents (provided that those provisions are permissible under applicable law).

There is always risk when submitting trade secrets as part of a bid for a government contract. Not only could a court find that the documents are public records, but you are also relying on the government employees to recognize that requested documents were marked as containing trade secrets. Working with an attorney to implement protections like those discussed above can help minimize this risk. But in the end, you will need to make a business decision as to whether the chance of winning the contract is worth this risk.

I’ve had a string of injunction hearings in trade-secret and restrictive covenant cases the last two months, which has prevented me from writing regularly. In several of these cases, the defendants signed nonsolicitation and nondisclosure agreements that did not include a noncompete. This type of contractual protection is worth considering.

Recently, there has been a lot of negative press about noncompete agreements that large companies like Jimmy Johns and Amazon have forced upon low-level employees. These situations show that a noncompete is not always necessary. When deciding what contracts you will require your employees to sign, think about each employee’s role and what level of protection you need.

For lower-level employees with limited or no access to your proprietary information, a nondisclosure agreement may be sufficient. Sales or customer-relations employees would likely require a nonsolicitation agreement as well. Generally, it’s worth considering whether to limit noncompetes to those employees who have ongoing access to (or perhaps created) your trade secrets.

There’s a tangible benefit to leaving out the non-compete clause. In my experience, judges are far more comfortable preventing a former employee from soliciting employees, as compared to preventing them from working in an entire industry. I like being able to say “Your honor, we are not asking you to prevent John Doe from working in this industry. In fact, we have no problem with him continuing to work for his new employer. All we are asking is that Mr. Doe not be permitted to use our confidential information or solicit our clients.”

In the end, if you only need to prevent solicitation, including a non-compete can do more harm than good.

Of course, non-compete agreements have their place. Figuring out which agreements to implement is a critical decision that you should not make alone. Consult with an attorney who can help craft an overall strategy for protecting your trade secrets.

I read a very interesting and important article recently on PwC’s emerging technology blog about the intersection of 3D printing and trade secrets. I meant to write about it sooner, but one of the occupational hazards of practicing trade-secrets law is that you can get very busy very quickly.

This article focuses on manufacturing. It starts by talking about how a manufacturing company’s trade secrets often reside in multiple locations throughout the company, including product-specification documents, CAD drawings, and equipment configurations. “To gain access to a company’s secret sauce, thieves must patiently collect trade secrets from a variety of sources as well as try to reverse engineer products through trial and error.”

But now, 3D printing is exploding in the manufacturing sector:

According to a PwC survey of US manufacturers, two of three companies are already adopting 3D printing in some way. In our survey, we estimated that the global 3D printer market will soar to $6 billion by 2017, from $2.2 billion in 2012. From the printing of jet engine parts to soccer cleats, the technology is being hailed by some as a revolution in how more and more products will be developed, produced, and even sold.

And while 3D printing offers manufacturing efficiencies and technological advantages, it brings serious risks as well:

To realize the transformational benefits of 3D printing, you must encode the 3D printer with explicit instructions on how to design the product, including what materials to use, and when and how to use them. Today, intricate trade secret knowledge that took many years and millions of dollars to develop is typically scattered across the organization. As 3D printing is adopted, that information will be housed and concentrated in digital files that, like any other digital document, can be hacked.

All companies using 3D printing that involves proprietary information need to focus very closely on protecting this information. The article finishes with some very good advice to this end:

Like it or not, 3D printing provides the perfect portal for cyberthieves and exposes manufacturers to a level of risk that most are simply not prepared to deal with right now. The projected boom in 3D printing is a great reason for manufacturers to get serious about protecting their trade secrets today.

This echoes a theme repeated often on this blog: all companies need to take inventory of their trade secrets and the ways they are (and are not) protecting them. And this must be an ongoing process — as new technologies like 3D printing emerge, trade secret protections can become outdated and inadequate very quickly. Now is the time to start this process by speaking with an attorney who can work with you to craft protections appropriate for your company.

By Solomon Genet

As a semi-regular guest-author on this blog, I try to stick with bankruptcy-related trade-secret issues.  The bankruptcy court’s January 2015 decision in In re NMFC, LLC is worthy of note. There, the court determined whether the debtor still owned its trade secrets. A copy of the opinion is linked below.

The South Carolina bankruptcy court had to decide whether certain trade secrets were either: (1) sold by the chapter 7 bankruptcy debtor pre-petition as part of a lender-imposed UCC sale to a buyer; or (2) outside of the assets sold, and therefore property of the debtor’s bankruptcy estate.  The bankruptcy court examined the language of the Bill of Sale, which included the following items being sold: intellectual property used by the debtor “in the manufacture, sale or other commercialization of performance fibers.” In other words, the court had to decide whether this definition include the debtor’s trade secrets. The trade secrets at issue related to the development of battery technology.

The bankruptcy court focused on the term “commercialization.” It ruled that since, when the sale occurred, the pre-petition debtor (1) was only having preliminary discussions about applications for its trade secrets; (2) had not yet established how a product would be created or what properties, in terms of weight, size or otherwise, it would have; and (3) had not yet set up a trial schedule for the product or drafted a patent; the trade secrets were not yet at the stage of “commercialization.”  Therefore, these trade secrets were not sold to the third party and they instead belonged to the debtor’s estate.

This appears to be a harsh result against the buyer, but is a good lesson for the purchasers of trade secrets in the marketplace: make sure the purchase contract explicitly defines the trade secrets being conveyed.

In re NMFC, LLC

Solomon Genet is a partner at Meland Russin & Budwick, P.A. in Miami, FL. He specializes in complex commercial litigation, business insolvency, and financial-fraud-related matters in the State and Federal courts.

This morning, I read this article about how an IT worker at an investment-management firm tried to frame one of his co-workers:

Back in September 2013, executives at a well-known Coral Gables investment management firm got a shocking e-mail from a tech employee demanding to be promoted.

Jeffrey Bau threatened to leak “sensitive information” that would spur clients to “withdraw” their business from Bayview Asset Management.

But Coral Gables police detectives say Bau never sent the e-mail – in fact, it was a former co-worker scheming to frame Bau.

It’s not clear what motivated the IT worker. But he was sloppy. According to the article, he used his credit card to pay for the VPN connection he used to send the email.

While it sounds like the company’s sensitive information was not actually at risk, this article highlights a major security problem when it comes to protecting proprietary information: your IT employees/consultants.

These employees typically have complete access to your servers, including all proprietary information and trade secrets stored there. Thus, these employees have a unique ability to cause damage.

I litigated a case dealing with this issue. One of my client’s disgruntled IT employees downloaded a huge amount of customer data, including sensitive personal information, to a hard drive. He then threatened to make that info public. Although we were able to obtain an ex parte injunction and recover the hard drive before any damage was done, it was a harrowing experience for the client.

It is critical that your company implements protections to mitigate the risk that these employees will abuse their power to your detriment. For example, all IT employees or consultants should, at a minimum, sign a confidentiality agreement.

The confidentiality agreement you are using for other employees may not work for your IT employees. Consult with a lawyer who can help decide whether the IT employees’ agreements need to be altered in light of the unique access that IT employees have. Consider putting in a liquidated damages provision for unauthorized disclosure of any company information.

By the way, you may have noticed that I haven’t posted in a few weeks. I’ve been dealing with multiple evidentiary hearings, including for an emergency injunction. since I last posted. This hasn’t left me with much time for blogging. Hopefully, I’ll be posting more frequently starting soon.

It seems like threats to trade secrets and proprietary information are increasing exponentially. News reports of large-scale data thefts have become an almost daily occurrence. And employees are more likely to switch jobs, taking your proprietary information with them. Meanwhile, technology has increased the risk of inadvertent disclosure, since most employees are walking around with critical business information on their smartphones.

This leads to the question all trade-secrets owners must ask: What am I doing to create a culture of protection at my company?

Company culture comes up in a lot of settings, but not often enough in the context of protecting trade secrets. Since your employees are on the front lines, working with your trade secrets, they need to have protection at the front of their minds.

It is not easy to create a culture of protection. It takes a clear strategy, implemented consistently over time. It must start when employees are hired, with trade-secrets training included in the onboarding process. But training is nowhere near enough.

Trade-secret protection needs to be a part of every employee’s daily routine. The goal is to build habits that decrease the risk of disclosure. For example, employees need to lock their computers every time they leave. They need to be aware of and on the lookout for spear phishing scams. And they need to know exactly how to handle documents containing trade secrets or other critical proprietary information.

At the risk of sounding like a speaker at a corporate retreat, culture starts at the top. Employees need to hear from your company’s most senior executives that trade-secret protection is one of everyone’s core job responsibilities.

The new year provides an excellent opportunity to consider your company’s culture of protection. This culture has never been more important. If your company falls short, now is the time to make changes. If you do not have a formal trade-secrets policy, speak to an attorney to implement one.

Happy new year, everyone.

The American Intellectual Property Law Association’s Trade Secrets Committee will be presenting its Trade Secrets Summit this December 4-5, at Intel’s headquarters in Santa Clara, CA.

The Summit features a number of very interesting presentations, from judges, prosecutors/FBI agents, professors, and in-house and outside counsel. I will be moderating a panel debating whether Congress should pass a federal cause of action for trade-secrets misappropriation.

Registration costs $350 for AIPLA members and $695 for non-members, with discounts offered for in-house and governmental attorneys, and students. This includes 13 hours of CLE credits.

Sign up here. I hope to see many of you there!