Trade-Secrets Interview: Pamela Passman of (Part 2)

Last week, I published part 1 of my interview with Pamela Passman, CEO of regarding its recent trade-secrets report. Here’s part 2:

PamelaPassman CREATe org sm (3)Protecting Trade Secrets: You have done an excellent job setting forth a framework for companies to protect their trade secrets. But I have two issues with your approach. First, I am concerned that this process will result in the creation of documents that, if produced in litigation, will undermine misappropriation claims. This concern can be mitigated if an attorney is involved in creating and maintaining these documents, keeping them as attorney work product.

Pamela Passman: For most companies, lawyers will be involved in implementing the framework we propose and actively engaged in developing the documentation.  However, for many companies in emerging markets, there are small legal teams inside companies and outside lawyers are not generally engaged other than for disputes.  That should not limit a company’s focus on prioritizing, documenting and securing trade secrets, as in most cases, the ability to demonstrate that you have secured your trade secrets is critical to seeking redress if they are misappropriated.

PTS: Second, your approach may be difficult for small and midsize businesses, who have limited resources and in-house capabilities, to implement. 

PP: For many small and mid-size companies, trade secrets are at the core of their value and ability to compete and innovate. While many can’t implement a full comprehensive program, they should consider scaling the recommended steps in a way that is appropriate to the company.  For example, at, we are working with private equity firms that want to ensure that their portfolio companies are aware of leading practices and have the ability to implement business processes to protect IP and prevent corruption. Although the firms are small in size, they scale accordingly by prioritizing areas for improvement.

PTS: Turning to the report’s views of the future, you talk about “the emergence of walled gardens or the creation of IT networks that are separated from the wider Internet.” Can you elaborate more on what the “walled gardens” will look like? How would this differ from company intranets and smartphone apps that exist today?

PP: The walled garden scenarios stemmed out of recent moves that could point towards countries (or sectors or groups of entities) segmenting internet traffic. For example:

  • German telecom giant Deutsche Telekom, in which the government still owns a minority share, has publicly discussed the potential for German companies to place some information and activities on a separate, national internet system. Deutsche Telekom’s proposal is unlikely to be adopted at this point and would require major regulatory, technical and policy changes in Germany and the European Union. However, its announcement confirms that some of the world’s most advanced countries and companies are thinking about walled gardens as an option going forward.
  • Brazil’s government is also considering how it might segment or wall off parts of its internet traffic and emails. Sao Paolo is reacting to the recent US Government contractor who claims that US intelligence agencies were snooping on a large target set.

PTS: Finally, what are your next steps now that the report has been issued?

PP: There is tremendous interest in the topic of trade secret protection. As you know, several months ago the European Commission published draft rules to thwart the theft of trade secrets. This initiative, along with companies facing increased threats, have prompted invitations for to present our report findings to business organizations around the world.  We will be in France,  Germany and China in March, and Mexico in April meeting with companies and business organizations interested in comprehensive ways to advance IP protection, and in particular, mitigating trade secret theft. We are also presenting at conferences and via webinars in the U.S. and elsewhere.

Additionally, continues to work with companies around the world to help them put systems in place to better protect IP, and to work with their supply chain and other business partners. We do this with our three-step service, CREATe Leading Practices for IP Protection, which offers an assessment, benchmarking and tools and resources designed to improve systems for IP protection. It is currently available in English, Brazilian Portuguese, Chinese and Spanish.

Protecting Trade Secrets Blog Quoted in the New York Times

The New York Times has been covering the dispute between David Einhorn’s Greenlight Capital and an anonymous blogger who published Greenlight’s confidential investment strategy. I wrote about the case here. The New York Times published an article about the case that includes a quote from my blog post:

“Laws prohibiting trade-secret misappropriation by definition restrict speech,” Eric W. Ostroff, a commercial litigation and trade secret lawyer with Meland Russin & Budwick, wrote on his blog. “Allowing someone to hide behind an online pseudonym could render these laws ineffective.”

As the article notes, this is a very interesting case that highlights the competing interests between the First Amendment and trade-secret misappropriation laws. In a world where everyone has access to social media and blogging resources that allow for the free, easy, and widespread dissemination of information, trade-secret-misappropriation laws need to restrict people from anonymously disclosing trade secrets.

Trade-Secrets Interview: Pamela Passman of

Protecting Trade Secrets is launching a new regular feature, where we will interview people of interest in the trade-secrets world. Starting with Pamela Passman, President and CEO of “The Center for Responsible Enterprise And Trade ( is a non-profit organization dedicated to helping companies and their suppliers and business partners reduce corruption and IP theft in the forms of counterfeiting, piracy and trade secret theft.”

Recently, I published a blog post discussing a new trade-secrets report published by I asked Ms. Passman questions about and the report. I’ll be running the interview in two parts. Check back later this week for part 2.

PamelaPassman CREATe org sm (3)Protecting Trade Secrets: Let’s start with some background on When was it created? By whom? Why? What are its primary activities?

Pamela Passman: While at Microsoft, as Corporate Vice President and Deputy General Counsel for Global Corporate and Regulatory Affairs, I led  regulatory compliance work on a range of issues in more than 100 countries. For nearly six years I also headed Legal and Corporate Affairs in Asia, based in Tokyo, with a focus on Japan, Korea and the People’s Republic of China.

My collective experience—in compliance, corporate leadership, public policy and emerging markets—led me to consider a new approach to two critical issues for companies around the world: intellectual property (IP) protection and anti-corruption.

The genesis for the idea of was based in recognizing that companies such as Microsoft, GE, P&G and many others have spent years developing robust management systems and best practices to appropriately manage and use IP and to prevent corruption. Equally important, was a belief that the private sector can play a powerful role in driving responsible business practices and bridging regulatory gaps where adequate laws do not exist or enforcement is weak.

From these perspectives, was founded in October 2011. As a non-profit organization, works across industries and geographies with a mission to bring leading practices in IP protection and anti-corruption to all companies. The organization works to provide cost-effective and practical assessments, benchmarking, tools and step-by-step guidance for companies, particularly those that lack a track record of developing and implementing compliance programs.

PTS: Does have any policy objectives (e.g., lobbying for legislation, regulations)?

PP: is focused on ways the private sector can more effectively address the issues of IP protection and anti-corruption. We do this by helping companies around the world improve practices and put systems in place to mitigate the risks of IP theft and corruption. is not a lobbying organization.

PTS: What precipitated the “Economic Impact of Trade Secret Theft” report?

PP: In the organization’s first two years, our team gathered insights from companies around the world, gave countless presentations and partnered with think tanks, academics and experts on IP protection and anti-corruption. The challenge of trade-secret theft was a topic that surfaced throughout these exchanges. Companies are finding it increasingly difficult to protect trade secrets, both within companies and among third-parties.

PTS: Let’s turn to some of the details of the report. Your framework to safeguard trade secrets involves bringing key stakeholders into the process. Often, senior executives can be reluctant to participate in such a process. Any suggestions for building enthusiasm among senior executives?

PP: Most senior executives appreciate that trade secrets are key to the company’s value, ability to innovate and compete. For many, the question is where to start? Our intent was to break down a comprehensive approach into steps and provide tools for making the process practical. Providing a clear path and the benefits of safeguarding trade secrets can be helpful for building support internally.

PTS: Similarly, your report acknowledges that protecting trade secrets can require actions that may cut against other company priorities, such as maximizing productivity. For example, increased security measures may result in it taking longer for employees to access documents they need to perform their jobs. Any suggestions for building a corporate culture that values protecting trade secrets on par with other financial priorities?

PP: Each company must determine the correct level of actions appropriate for their corporate culture and then invest in training and awareness campaigns to help educate employees on the importance of protecting company trade secrets. In our work in Asia, for example, we see companies with increasing focus on building awareness within their employee base and key third parties – including  IP protection campaigns that use a variety of media to promote good practices, from posters in the company cafeteria to e-learning and screen savers for desktop computers.


Later this week, Ms. Passman responds to my two critiques of the report and discusses’s next steps. Report Makes the Case for Investing in Trade-Secret Protections

“Historically, . . . [trade secret protections] have been viewed as a cost, not an investment.” and PwC recently released a report titled “Economic Impact of Trade Secret Theft: A framework for companies to safeguard trade secrets and mitigate potential threats.” If you read this blog, you should read the report.

Next week, I will be interviewing for this blog one of’s principals responsible for the report. ( is a non-profit “dedicated to helping companies and their suppliers and business partners reduce counterfeiting, piracy, trade secret theft and corruption.”)

The report seeks to change the mentality described in the above quote. It starts by estimating the cost of trade-secret theft, and concludes (based on a review of various proxies for trade-secret theft) that economic losses based on trade-secret theft amount to between 1 and 3 percent of GDP. Hopefully, numbers like this draw greater attention to the real risks companies face.

It next outlines of categories of “threat actors” — those who seek to steal trade secrets. These include nation states, malicious insiders (including current and former employees, third-party consultants, and suppliers), competitors, transnational organized crime, and hacktivists (who try to use corporate information for political or social purposes).

Regarding employees, the report notes that “cultural and technological factors may heighten the insider threat in coming years . . . The nature of U.S. employees’ loyalties to their employers is changing because of the much higher rate of lifetime job changes.” The report also identifies “bring your own device” policies as an increased risk.

The report presents a framework for companies to identify and evaluate their trade secrets, audit their current protections, and make value-based improvements to these protections based on measuring ROI. This approach involves key stakeholders, educates them about the risks of trade-secret theft, and helps make the business case for protections.

While I have some issues with the framework (which, if handled improperly, could create documents that may undermine litigation efforts, and would likely need to be altered for many small mid-sized businesses), it provides a comprehensive, incredibly useful starting point and roadmap.

Next week, I’ll examine the report in greater depth when I interview

Trade Secrets and the First Amendment

Before this week, I had never thought much about trade-secrets issues intersecting with the First Amendment. But then I read the complaint in a lawsuit filed by hedge fund Greenlight Capital Inc. against the owner of a website called, which published a post disclosing Greenlight’s then-confidential investment strategy. The suit seeks to compel the website owner to disclose the writer’s identity so that Greenlight can sue for trade-secret misappropriation. A copy of the complaint is linked below.

Greenlight Capital, led by David Einhorn, is a hedge fund whose “activity in the investment markets is well known and closely watched by other traders and investment advisors.” In the complaint, Greenlight describes how it develops its investment strategies “at considerable expense,” and how it must keep this information confidential, since disclosure of its investment strategies could move the market.

In November 2013, Greenlight was building an equity position in Micron Technologies. This information was not public knowledge. On November 14, 2013, a writer on the website, writing under a pseudonym, disclosed Greenlight’s intentions regarding Micron. As a result, Micron’s share prices rose immediately. Greenlight now needs the writer’s identity, so that it can sue him or her for misappropriating trade secrets.

In a New York Times article discussing this lawsuit, high-profile First Amendment lawyer Floyd Abrams offered thoughts on how the suit implicated constitutional issues:

Floyd Abrams, a First Amendment lawyer with Cahill Gordon & Reindel, said there might be reasons for a judge to compel an anonymous blogger to be identified in a libel case. But he said there weren’t many good reasons for doing so in what would appear to be a largely commercial dispute. “There is a serious First Amendment issue here,” Mr. Abrams said. “He will have a pretty tough job persuading a judge.”

While Floyd Abrams has forgotten more about the First Amendment than I’ve ever known, his position strikes me as off point. Laws prohibiting trade-secret misappropriation by definition restrict speech. Essentially, the Uniform Trade Secrets Act* recognizes that, for example, if you obtain a trade secret you know was acquired by improper means, you are not permitted to disclose that information. Allowing someone to hide behind an online pseudonym could render these laws ineffective.

There are other interesting issues in this case. For example, Greenlight says it takes the following measures to protect this confidential information:

Greenlight’s employees are required pursuant to both firm policy and their employment agreements to keep information regarding Greenlight’s non-public investment strategies confidential. In addition, Greenlight’s prime brokers and custodians are required by confidentiality agreements and other duties to Greenlight to keep non-public information concerning Greenlight’s securities positions confidential.

Later, it notes that at the time published the post, “the only persons who lawfully possessed information regarding Greenlight’s position in Micron were persons with a contractual, fiduciary, or other duty to maintain the confidentiality of Greenlight’s position: Greenlight’s employees, counsel, prime and executing brokers and other agents.”

It’s not possible to tell from the complaint whether all of Greenlight’s employees, brokers, and agents are required to sign a confidentiality agreement. If not, Greenlight has a major gap in its confidentiality protections that could undermine its misappropriation claims — the defendant could argue that Greenlight did not reasonably protect its proprietary information. As I’ve discussed often before, it is critical to make sure that all employees, vendors, etc. with access to confidential or proprietary information sign agreements that, at a minimum, require them to keep this information confidential.

*Greenlight filed the case in New York, which is one of the few states that has not adopted some form of the UTSA.

Greenlight Complaint

Small Business Data Theft: Risks and Solutions

Data theft is a hot topic now, with the recent high-profile thefts at Target and others. This issue has consequences for companies trying to protect trade secrets. For example, if a company is not taking measures to protect against data theft, a court could easily conclude that the company has not reasonably protected its proprietary information, and thus is not entitled to trade-secret protection under the Uniform Trade Secret Act.

Two recent articles in Entepreneur address this problem head on. In “Why Your Small Business Is At Risk of a Hack Attack,” Heesun Wee explains the risks facing small businesses:

Last year, 31 percent of all attacks were aimed at companies with less than 250 employees, according to Symantec’s 2013 Internet Security Threat Report.

But many small businesses do not appreciate this risk:

Smaller ventures are particularly vulnerable because cybercriminals know they likely spend less to protect their digital information and infrastructure. Cheaper security measures also tend to be static, meaning those systems don’t evolve to keep up with criminals’ newest tricks. . . . Roughly 77 percent of small firms believe their company is safe from a cyberattack–even though 83 percent of those firms do not have a written security policy in place, according to the National Cyber Security Alliance and Symantec.

Small businesses need to do more to protect their sensitive data and proprietary information. In “Preventing Another Target Attack,” Eric Basu offers some suggestions for retailers that apply with equal force to many small businesses.

First, you should use network-monitoring software:

There are next generation software solutions that effectively visualize network traffic, break down machine-to-machine connections by service protocols and allow filtering by machine, service or even internet destination. For example, a North American-based retailer using a payment processing partner from the same continent should not see outbound connections from a POS terminal to places like Russia, China or Brazil.  If they do, the connection should be dropped and the security administrator should be notified of the machine initiating the connection.

Second, improve application-level security:

Keeping [software applications] up to date with the latest versions and patches as well as performing penetration tests on both internal- and external-facing interfaces would have gone a long way to preventing the lateral movements the Target attackers were able to pull off in a short amount of time. Companies that develop in-house applications should also ensure they are designed securely from the get go, performing both static and active secure code reviews at every minor release. Furthermore, only authorized white-listed applications should be allowed to run and properly identified.

Many small business do not have the know-how or resources to deal with this issue in-house. In that case, perhaps the most important step you can take is to speak with an IT expert to obtain customized recommendations for protecting your business’ sensitive information. Combining up-to-date IT solutions with proactive legal protections gives you the best chance of avoiding a problem in the first place. And it gives you the best chance to mitigate the damage if a breach occurs.

Sixth Circuit Rejects Dubious Trade Secret Claim

If you are thinking about bringing a trade-secret-misappropriation suit, do not take a ready-fire-aim approach. Before filing the lawsuit, you need to be able to articulate the precise trade secret at issue and how it was misappropriated. A recent case decided by the Sixth Circuit, Dice Corp. v. Bold Tech., 2014 WL 260094 (6th Cir. Jan. 24, 2014) gives an example of a trade-secrets claim that probably never should have been filed. A link to the opinion is below.

This case involved a dispute between two competitors who provide services and software to alarm companies. An alarm company using the plaintiff’s software decided to change to the defendant’s. In this circumstance, there needs to be a transition period, during which the alarm company is still using the plaintiff’s software, while running the defendant’s software in parallel on other servers. This ensures that the new software is properly monitoring the alarm signals before it goes live.

The plaintiff, perhaps angry over the loss of a client, accused the defendant of accessing and using its proprietary information during the transition process. It brought claims under the Michigan Uniform Trade Secrets Act, among others.

The trade-secrets claim was based on supposed misappropriation of (1) a file containing a master list of alarm codes, and (2) “receiver drivers” software that takes incoming signals and converts the data to the plaintiff’s standard. The Sixth Circuit rejected both. As to the list of codes, the court said:

The plaintiff fails to explain how this information, even if uniquely coded, is a trade secret. The [file] is a compilation of labeling codes created by manufacturers, not the plaintiff. The codes were collected by the plaintiff’s customers, not the Plaintiff. The plaintiff has not put forward an explanation of how the value of its unique labeling is derived from it not being readily ascertainable by proper means.

Regarding the software, the Sixth Circuit noted that “neither in the operative complaint nor in the plaintiff’s response to the defendant’s motion for summary judgment can we find a trade secret claim based on receiver drivers or software that performs that function.” Even if the plaintiff had properly pleaded a claim on this basis, the court still would reject it since “other than a generalized explanation of what the receiver drivers do, the plaintiff has failed to explain whether the receiver drivers derive economic value from their secrecy.”

Takeaway: This seems like the latest in a long line of trade-secrets cases that never should have been brought in the first place. Filing a lawsuit and litigating it through appeal is not cheap. Before doing so, make sure you can (1) explain what trade secret(s) were actually misappropriated, and (2) plead and prove the misappropraition (or at least feel comfortable that discovery is likely to lead to the evidence necessary to prove your claim). If you have difficulty doing either, think very carefully whether the suit should be filed. As the (overused) saying goes, sometimes discretion is the better part of valor.

Dice Corp. v. Bold Tech.

Discovery: Keeping Trade Secrets Secret

All litigators need to be familiar with trade-secrets law, since discovery requests often seek  proprietary information. When this happens, you need to protect your clients’ trade secrets in the discovery process. Last week, Florida’s Second District Court of Appeal addressed this issue in Bright House Networks, LLC v. Cassidy, 2014 WL 84237 (Fla. 2d DCA Jan. 10 2014) (opinion linked below). This case offers multiple takeaways for lawyers when your clients are faced with discovery requests calling for production of trade secrets.

In this case, the plaintiffs had a contract with their cable company that entitled them to perpetual free cable. After the defendant, Bright House Networks, purchased the cable company, it terminated the plaintiffs’  free services. The plaintiffs sued Bright House and won — a court ruled that they were entitled to lifetime free cable. In response, Bright House started issuing 1099s to the the plaintiffs for the free cable’s value. (Aside: cable companies are the worst.) The plaintiffs sued again, arguing that the 1099s violated the previous judgment, and that Bright House does not issue 1099s to other customers receiving free services.

In discovery, the plaintiffs sought information about all customers receiving free services. Bright House objected, arguing that this information was confidential and proprietary. The lower court overruled this objection, leading to this appeal.

The appellate court reversed, noting that

The Florida Evidence Code contains a privilege against the disclosure of trade secrets. . . . When a party objects to the disclosure of a trade secret, first a court must determine whether the requested information is, in fact, a trade secret. . . . Usually this determination requires the trial court to perform an in camera review of the information. . . . Second, if the trial court determines that the information is a trade secret, then the court must determine if the party requesting the information has shown a reasonable necessity for the information. . . . If the court orders disclosure, it must make findings to support its determination. . . . [T]he trial court may need to order safeguards to prevent the unnecessary dissemination of the information.

Here, the trial court never made an in camera review. The appellate court ordered the trial court to conduct this review and, if necessary, conduct a hearing to determine whether Bright House’s customer information is a trade secret.

There are several takeaways from this case. Carefully review all discovery requests to determine whether they call for the production of proprietary information. If so, timely object and be prepared to have the court review the material in camera.

If the court orders production, the company should avail itself of an immediate appeal if possible. In Florida, that is done through a petition for writ of certiorari, which allows interlocutory review of orders compelling discovery where compliance could cause irreparable harm.

Also, here Bright House conceded that it had offered free services to other customers but had not issued 1099s. In this opinion, the appellate court noted that “In determining necessity for the information, the trial court should consider the significance of Bright House’s stipulation.” Bright House knew what the information sought would show, and tried to prevent disclosure by conceding the point. This may prove successful. When faced with the possibility of producing trade secrets, you should balance the risk of disclosure with the effect a concession of the relevant point will have on the litigation.

Bright House Networks LLV v. Cassidy

Five Trade Secrets Businesses Don’t Know They Have

When a business owner or executive asks what kind of law I practice, and I tell them about my trade-secrets work, I often get a response along the lines of “Interesting stuff, but we don’t have any trade secrets.” Most of the time, they are wrong. Almost all businesses have some kind of proprietary information that can qualify as a trade secret, as long as the business reasonably protects that information.

Here are five categories of common information that can qualify as trade secrets, under the right circumstances:

  1. Customer Information. Many companies spend significant time and money gathering information about their customers. Some maintain simple address and demographic information, while others compile detailed customer databases with order history and precise customer preferences. The more detailed the information, and the more time spent compiling it, the more likely it could be a trade secret.
  2. Pricing Information. In many industries, pricing information is not publicly known. Such pricing information can qualify as a trade secret, as long as the company reasonably protects it. At a minimum, customer contracts should include a confidentiality provision.
  3. Profit-Margin Information. Like pricing information, profit-margin information can also be a trade secret.
  4. Contracts. I’ve had clients who spend years developing proprietary contracts that help them better serve their customers. In these cases, the contract can become a trade secret. Again, a confidentiality provision would likely be required, along with other protections, before a court will recognize a contract as a trade secret.
  5. Business Plans. Business plans inevitably include some kind of proprietary information, whether it be pricing-related, or market forecasting. If this information is not outdated, and is properly protected, it can be a trade secret.

If your company has one or more of these types of information, it may have trade secrets. But to enjoy protection under the trade secrets act, you must take reasonable measures to protect your information.  Consult with an attorney to make sure you’re in the best possible position to protect your proprietary information.

N.D. Ohio Discusses Damages in Trade-Secrets Lawsuits

The Northern District of Ohio recently discussed the various types of damages that can be obtained in Trade Secret Act (TSA) cases. It concluded that a plaintiff can recover for the money it spent acquiring the trade secret, but cannot recover for lost investment due to the ongoing trade-secret litigation.

In Mar Oil Co. v. Korpan, 2013 WL 5406078 (N.D. Oh. Sept 4, 2013) (link below), the plaintiff, MAR Oil Co., and defendant Korpan entered into an agreement under which Korpan would assist in MAR’s exploration for oil and gas reserves. During the agreement’s term, MAR Oil invested millions of dollars in exploration, including producing seismic readings. These readings are apparently very valuable, as they help in locating oil and gas reserves. Korpan had access to this information.

After the agreement expired, Korpan began working with the other defendants to locate oil and gas reserves in the same area, including on property where MAR Oil previously had a lease. MAR Oil sued, alleging that Korpan and the other defendants used its trade secrets, including the seismic readings.

MAR had three damages theories: (1) lost profits, (2) its acquisition costs for the readings, and (3) lost investment. There was no dispute that lost profits can be a measure of trade-secret-misappropriation damages. But the defendants argued that MAR could not recover for acquisition costs and lost investments.

The court started by discussing the damages available in misappropriation cases (citations and quotations omitted):

Ohio law [and the Uniform Trade Secrets Act] treats actual loss and unjust enrichment caused by misappropriation as two distinct theories of recovery. Each requires plaintiff to prove with reasonable certainty that it suffered a loss because of the defendant’s misappropriation. . . . [D]amages in trade secrets cases are difficult to calculate because the offending company has mixed the profits and savings from increased quality and quantity of products, as well as savings from reduced research costs, with its own natural profits.

The court then ruled that MAR can recover the money it spent acquiring the seismic data, since “if [the defendant] used MAR’s seismic data improperly, what MAR spent and [the defendant] thereby saved would appear to be a proper yardstick for a damage award.” Essentially, the defendant was unjustly enriched by the amount it would have cost to acquire the data.

As for lost investment, MAR argued that a potential investor withdrew an investment due to the ongoing litigation. The court would not allow MAR to seek damages for this lost investment, since “there must be a demonstrable link between misappropriation of the trade secret and MAR’s loss.”

As the court noted, calculating damages in misappropriation cases can be tricky. Plaintiffs need to start thinking about their damage models—and working with a damages expert—early in the case.

MAR Oil Co. v. Korpan — Order

%d bloggers like this: