Protecting Trade Secrets: Best Practices for New and Departing Employees

Transcription

1 NOVEMBER 6, 2014 Protecting Trade Secrets: Best Practices for New and Departing Employees Robert S. Shwarts

2 What is Intellectual Property? Trade Secrets Trademarks / Trade Dress Copyrights Patents 2

3 Trade Secret Theft Problem Profile in Silicon Valley 3

4 Profile of Employee IP Theft Trade Secret theft costs US companies $250 billion annually In 2012, asset theft (including IP theft) accounted for nearly 90% of all internal fraud in the workplace 60% of companies polled had experienced attempted IP theft The majority of IP thieves Are middle-aged male employees in technical positions. Signed IP agreements. Already accepted new jobs with competitors (65%) Stole data they were authorized to access (75%) 2011, Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall, Symantec Corp. 4

5 What Do Employees Steal? Trade secrets are the most common IP stolen by employees commercial information (business plans, customer information, and price lists) (48%) source code (20%) proprietary software (14%) 5

6 How Do Employees Steal? The majority of employees Believe there is nothing wrong with transferring employer data to personal devices and accounts (62%) Said it is acceptable to use competitive data from a previous employer (56%) Use , USB devices, remote network access, and cloud-storage to steal IP in the month before departure Personal cloud-based accounts are increasingly the most widely used method of data ex-filtration 6

7 What Does Trade Secret Theft Cost? $2.3 billion Pacesetter Inc. v. Nervicon Co. (2011) $919.9 million du Pont & Co. v. Kolon Industries, Inc. (2011) $465.4 million Lexar Media, Inc. v. Toshiba Corp. (2005) $310 million Bryant v. Mattel (2011) $192 million Sven Peter Mannsfeld v. Phenolchemie Inc. et al. (2008) $134 million USA Power LLC v. PacificCorp (2012) $118 million Bancorp Services LLC v. Hartford Life Insurance (2002) $112 million Brocade Commns Systems, Inc. v. A10 Networks (2012) 7

8 Trade Secrets Protecting Confidential Information 8

9 What is a Trade Secret? Information That is secret» disclosure to third parties without restriction destroys trade secret status That is subject to reasonable efforts to be kept secret That derives commercial value as a result of being secret 9

10 What is a Trade Secret? Source code Customer lists Sales forecasts and pipeline Business and marketing strategies Skills and work histories of other employees Product road maps 10

11 The Information Must be Secret To be a trade secret, the information must not be generally known Public, unrestricted disclosure destroys trade secret status» Publication on the Internet» Publication in treatises, books, articles» Presentations to third parties without nondisclosure agreements (NDAs), including trade shows and demos» Issuance of a patent 11

12 Reasonable Efforts to Maintain Secrecy To qualify as a trade secret, the information must be subject to reasonable efforts to protect its secrecy Examples:» Physical security» Electronic security» Consistent labeling» Employee training 12

13 The Impact of the Cloud There are lots of benefits from moving to the cloud, but using the cloud:» Reduces employer control of the data» Complicates forensic investigations» May undermine culture of trade secrecy» Policies need to take cloud usage into account 13

14 Derives Value as a Result of Being Secret If the information is not valuable, it is not a trade secret Must have value because it is kept secret Examples:» Source Code» Secret recipe for popular food/beverage 14

15 Misappropriation of Trade Secrets Misappropriation means: improper acquisition -ORimproper use -ORimproper disclosure of a trade secret 15

16 Misappropriation Disclosure or use of a trade secret by someone who A. used improper means to acquire the secret; or B. knew the secret i. came from someone who got it by improper means ii. iii. was acquired under circumstances giving rise to a duty of secrecy (e.g. departed employees, JV, NDA) derived from someone who was under such a duty (e.g., moonlighters) C. Knew they acquired a trade secret by mistake 16

17 Improper means Includes:» hacking» breach of a duty to maintain secrecy» unauthorized access» theft» bribery» misrepresentation 17

18 Common Misappropriation Scenarios Departing employees Joint development projects and collaborations 18

19 Available Remedies Injunction Damages for actual loss Unjust enrichment Reasonable royalty Exemplary damages for willful misappropriation (2x) Criminal prosecution and penalties 19

20 Trade Secret v. Patent Protection 20

21 Patents vs. Trade Secrets: Factors Favoring Patents Can t avoid patent infringement through reverse engineering or independent development Presumption of validity Exclusive monopoly VCs may prefer certainty of a patent 21

22 Patent vs. Trade Secrets: Factors Disfavoring Patents Finite duration Geographically limited to where patent is issued Provides competitors with window into your technology Invention may not be patentable 22

23 Patent vs. Trade Secrets: Factors Favoring Trade Secret Protection Unlimited in time (until disclosed) Unlimited in geographic reach Easier to get than a patent Cheaper (in theory) to obtain Immediately enforceable against misappropriation Don t have to reveal technology to competitors 23

24 Patent vs. Trade Secrets: Factors Disfavoring Trade Secret Protection Does not prevent reverse engineering Does not prevent independent development And MUST MAINTAIN SECRECY 24

25 Employee Mobility and IP Risks 25

26 Risky Business Risk that a new hire will bring confidential information that could lead to a lawsuit Risk that a departing employee will take valuable trade secrets to a competitor Triage high risk employees 26

27 Strategic Approaches to Mitigating IP Theft Create internal IP enforcement team Engage in pre-employment screening Adopt policies and best practices Training and education Continued monitoring a balance Risk assessment at employment exit 27

28 Departing Employees 28

29 Exit Procedures High-Risk Determination Exit Interview Termination Checklist Employee Certification Termination Letter Forensic Investigation? Enforcement? 29

30 Exit Interview Job satisfaction Reasons for departure New employer and new position Recruitment time line (interview, offer, acceptance) Retaining confidential information» Confirm employee is searched for and returned all company property, files, and data (including search of personal devices, electronic media, and webmail accounts) Disclosure of inventions Reminder of ongoing obligations 30

31 Termination Checklist HR items (benefit summary, commissions, final paycheck, etc.) Access terminated» Badge returned» IT credentials terminated Inventory all devices returned» USB drives and external hard drives, computers, tablets, smartphones, etc.» Include serial number, storage capacity, and as much identifying information as possible! 31

32 Employee Certification Searched for and returned all company data and materials, including any reproductions on cloud-storage accounts Compliance with Employment Agreement» Intent to comply with non-solicitation, non-disclosure and non-compete covenants Reminder of inventions disclosure and assignment provision 32

33 Termination Letter Standard letter to employee within one week following termination. Should include:» Reminder of ongoing contractual obligations» Summary of confidential information to which employee had access at company» HR/Legal contact information in the event issues arise Copy of letter to new employer if direct competitor 33

34 Follow-up: When to Investigate Initiate employee investigation where: Word of mouth that all is not kosher Recently used devices were not returned or recent data transfers occurred before exit Material false statements made during exit Solicitation of other employees Significant threat of inevitable disclosure at competitor 34

35 Investigation Process Collect and review key documents» Termination paperwork; agreements; employee s Assess employee s access to confidential information Evaluate competitive risk Perform forensic analysis of computer media and networks Develop response strategy based on business objectives 35

36 Criminal Trade Secret Statutes Federal: The Economic Espionage Act of 1996» Tracks civil trade secret standards, except adds a scienter requirement» Replace old patchwork system of prosecutor cases under mail fraud, wire fraud and ITSP» Different penalties for different types of defendants California: Cal. Penal Code 499c» Recently amended to criminalize misappropriation of nontechnical trade secrets 36

37 Pros and Cons of Simultaneous Criminal and Civil Trade Secret Cases PROS Puts Pressure on defendants in civil case Lends credence to civil case Civil discovery demands may require defendants to choose between taking the Fifth and capitulating in civil case Capitalizes on law enforcement authorities powerful investigative tools CONS Loss of Control Delay Lack of confidentiality or privilege Difficulty of gaining access to fruits of law enforcement authorities investigation Potential stay motion by defendants Potential pitfalls of relationship between civil plaintiff (victim) and law enforcement authorities 37

38 New Hires 38

39 Onboarding Procedures Repeatedly make clear that the company does not want stolen trade secrets Offer letter» Contingent upon employee being free and clear of burdensome contractual obligations to former employers HR/Legal Intake Interview New Hire Training» Incorporate training on IP/confidential information from former employers» Additional HR/Legal counseling session if high-risk Employee Certification Ombudsman Process trade secrets firewall 39

40 HR/Legal Intake and Screening Evaluate and assess claims against the company: Contractual obligations with former employers» Copy of agreement» Legal exit with former employer? Compliance» Employee searched for and returned all computer media and materials containing CI at exit? Recruitment timeline» interview, offer, acceptance, and who was involved New role for similarity/overlap» customers, technology, job duties 40

41 Employee Certification Comply with all former employee agreements. Regardless of whether an agreement was signed, never use or disclose to any company employee or customer any confidential information of former employer. Notify the company if the former employer corresponds with or in any way raises issues concerning his/her ongoing contractual obligations. 41

42 The Legalese: Employment Policies to Protect IP 42

43 Employee Agreement Non-solicitation covenant (customers and employees)» typical duration one year» obligation to notify company of new employers» questionable enforceability Non-disclosure covenant Inventions Assignment» Post termination obligations» Labor code

44 Employee Agreement Obligation to search for and return all company and third-party confidential information and property upon termination Waiver of privacy interest in IT assets, company computers and networks, and data Conflict of interest» Duty of loyalty» No violation of agreement with prior employers 44

45 HR Policies Employee use of computers, networks, and IT assets Employee personal and work use of:» electronic storage devices» cloud-storage accounts» web-based accounts Privacy policies that permit software monitoring Conflict of interest policies BYOD policies Work from home and remote access policies? 45

46 IT Policies Prohibit or regulate BYO device, computer, cloud policies Identify and control core IP» Monitor check-ins and check-outs Limit remote access Ongoing monitoring? Terminate all user access promptly upon resignation 46

47 Cloud Usage Policies Electronic designation of confidential data or digital watermarking Segregate secure project folders Electronic encryption Limit admin rights and user access. Maintain highest level of audit trail. Keep Core IP off the cloud 47