Protecting Employer Data from Employee Theft
New federal and state laws grant needed remedies for employers
A company’s protected business information is frequently one of its most valuable assets. Despite expensively drafted employment agreements protecting the sanctity and confidentiality of such data, discharged employees still improperly mine the company’s computer systems, and the results can be highly damaging: customer lists, pricing data, plans and designs pilfered and handed to competitors. Thanks to recently enacted legislation both at the federal and state level, companies are better able to obtain strong judicial remedies to protect their proprietary information.
New Federal Protections
On May 11, 2016, the Defend Trade Secrets Act (DTSA) was signed into law, and becomes the first federal statute that enables companies to enforce their trade secret rights. Prior to the DTSA, trade secrets were protected only through state statutes, usually a version of the Uniform Trade Secrets Act (UTSA). This patchwork of UTSA laws – and inconsistencies between the laws of the various states – often made it difficult for cross-border companies to pursue malfeasant employees for misappropriation of trade secrets. The DTSA, however, creates a single, federal legal platform to remedy the theft of trade secrets.
The new federal statute creates new powers and removes barriers for companies seeking to protect their data. For example, under most state UTSA laws, companies are required to disclose, prior to discovery, each trade secret at issue in litigation. The impact of this counter-intuitive requirement frequently quells the very enforcement of the laws were intended to protect. The DTSA contains no such disclosure requirement, which alone facilitates the ability to enforce the laws.
The DTSA also eschews the inevitable disclosure doctrine – merely possessing knowledge of a trade secret as a basis for obtaining injunctions to prevent former employees from working for competitors. Now, if an employer has “evidence of threatened misappropriation” of trade secrets, the employee can be enjoined from certain future employment even if the disclosure has not yet been made. Of course, it is unclear whether the judicial bench will enforce the broad-brush scope of the legislation and keep employees out of work, something that the bench is loath to do. Indeed, the DTSA specifically does not govern traditional non-compete agreements, and this the courts will be asked to enforce the DTSA as additional remedies to state restrictive covenant laws.
One of the more extraordinary powers under the DTSA is the allowance for “ex parte seizures” as a means to prevent the further dissemination of misappropriated trade secrets. Without any notice to the culprit, the DTSA allows trade secret owners to request that courts issue an order allowing law enforcement to seize stolen trade secrets (e.g., computer files, documents). There are built-in measures to curb abuse of this power, but when flight risk of the culprit or the severe harm to a company that comes with a massive misappropriation of trade secrets is present, the ex parte seizure gives companies the power to immediately halt the further spread of stolen information.
New Protections in Florida
The DTSA is intended to supplement – not preempt – state laws. In Florida, this means that the DTSA can work for employers in conjunction not only with the Florida UTSA (Fla. Stat. §§ 688.001–009), but also several new laws designed to protect companies from the misappropriation of its sensitive data.
On October 1, 2015, Florida’s Computer Abuse and Data Recovery Act (Fla. Stat. §§ 668.801–805) (CADRA) went into effect. Under CADRA, businesses can obtain relief from employees (and other individuals) who knowingly, and with intent to cause harm, obtain information from a covered computer without authorization. Companies bringing suit under CADRA may recover damages, lost profits, and profits gained by the employee from their unauthorized access. Companies are also entitled to seek injunction to prevent further violations and recover reasonable attorney’s fees if they prevail in the action.
Armed with protections under CADRA, companies are now able to obtain relief from former employees that do not return data upon termination, or current or former employees who are misusing their data access. CADRA is expected to be widely used as a litigation tool because prior to its enactment, Florida employers could only rely on the Computer Crimes Act (Fla. Stat. §§ 815.01-07), which allowed for civil action and recoveries only if a person has already been criminally convicted under the act.
Requirements for Employers
Each of these new federal and state laws carries certain requirements that employers must meet in order to obtain full benefit of their protections. Under CADRA, for example, employers must have “technological access barriers” in place on its computer systems to restrict access to data, and define parameters of an employee’s “authorized access” along with notifying employees when such access has been revoked. Under both CADRA and DTSA, companies must also have their policies and procedures in place, which will likely require revising employment agreements and handbooks to ensure accurate and clearly defined data access parameters and to provide mandated notices. For example, under DTSA, notices of whistleblowing immunity must be given in employee trade secret agreements to ensure the maximum recovery. Moreover, careful attention to jurisdiction clauses should be given to these agreements, since DTSA cases must be brought in federal courts. Finally, employers should monitor computer systems for unauthorized employee access and discipline employees for any violation, steps that will strengthen court cases seeking to enforce company rights.
Justice has taken time for the laws to catch up to the 21st century, but DTSA and CADRA afford welcome relief and long overdue protection for the lifeblood of companies. The combination of these new laws provide needed ammunition for employers to remedy the misappropriation of data that is often the lifeblood of companies. While companies have responsibilities, too, under these laws, revamping employment contracts as well as employee policies and procedures is a small price to pay to stem the proliferation of employee computer hacking and corporate espionage.
Allan A. Joseph is a founding member of Fuerst Ittleman David & Joseph, PL. Since 1991, Mr. Joseph has concentrated his practice on business-related disputes, including Complex Commercial Litigation, Business Litigation, Business Torts, Insurance Litigation, Real Estate Litigation, Shareholder and Member Derivative Actions, Intellectual Property Law, Alternative Disputes Resolutions Practice, International Law Litigation, Professional Malpractice Litigation, Civil Litigation, and Domestic Relations Litigation.
Stephen H. Wagner is a Partner with Fuerst Ittleman David & Joseph, PL. He practices primarily in the area of international business transactions, representing clients with trade and customs issues as well as corporate law matters.
Joseph and Wagner can be reached at 1001 Brickell Bay Dr., 32nd Floor Miami, FL 33131 or (305-350-5690), www.fuerstlaw.com