Litigating Trade Secret Claims

Take Immediate Action to Preserve Evidence

The most crucial time for evidence collection and preservation is the very moment the employer suspects that information has been compromised. Authentic evidence is vital to successfully prove a trade secret case and maximize any recovery. Thus, the first step is to forensically secure the evidence, including the employee's computer, to prevent any unauthorized access. Indeed, many security breaches arise simply because of a failure by the employer to terminate a former employee's access.

As soon as litigation is anticipated, a litigation hold should also be issued to employees who may have relevant information. The duty to preserve evidence arises when a party reasonably anticipates litigation, and the failure to issue a litigation hold can lead to hefty sanctions, including terminating sanctions disposing of the case. Electronic Funds Solutions, LLC v. Murphy, 134 Cal. App. 4th 1161, 1182-1184 (2005) (court granted a terminating sanction striking cross-complaint for intentional destruction of evidence). Any document retention or destruction policy should also be suspended until it is ascertained who is involved and the relevant time period. Allowing e-mails to be deleted may defeat the case before it can even be presented. If there is other physical evidence, such as security footage, take immediate steps to preserve that as well, and do not assume that it is automatically retained. Equally important is ensuring the admissibility of such evidence. This can be achieved through following three important steps:

Forensic Examination : A forensic examination is typically conducted by a third party with expertise in preserving electronic data and experience testifying in court. The forensic expert will usually duplicate the employee's computer and analyze the registry of actions to determine what occurred and when. This review can provide insight into the former employee's conduct, including what was accessed and when; what was downloaded from where to what type of device ' USB, Smartphone, etc.; or whether information was uploaded to another site. The examination will usually also reveal whether wiping software has been used to cover their tracks or change file types.

Chain of Custody : This is the process by which evidence can be authenticated to prove that it is what it purports to be, for example, that the former employee sent the incriminating e-mail. It is not uncommon for employees accused of trade secret theft to deny that evidence can be attributed to them or to allege tampering. To avoid such challenges, employers must have a secure chain of custody. Employers must, therefore be careful to avoid accessing documents in a manner that may compromise the metadata. With respect to physical evidence, limit the number of individuals who handle the evidence, and strictly restrict access.

Witness Interviews : Gathering evidence while it is fresh and before a former employee has the opportunity to interfere with potential witnesses can prove invaluable. Such interviews should be conducted by an attorney to enable legally admissible declarations to be drafted as to the most relevant information, rather than broadly as to everything an employee knows. Declarations collected at the beginning of the case can help to prevent a witness from later changing his or her story.

Choose the Appropriate Preliminary Relief

After collecting and preserving the evidence, the next step is to decide how to proceed. The form of preliminary relief will depend on the type of trade secret compromised, its sensitivity, and the relationship with the former employee. Problems with evidence and witnesses will likely also impact the decision, as well as a desire to send a message to others about such conduct. While some have applauded the New York hedge fund for treating the matter as theft, commentators have questioned how such action would be perceived in Silicon Valley, and whether it risks alienating the workforce or dampening an organization's ability to hire.

The Facilitative Approach: Cease and Desist Letter

The benefits to attempting to resolve a suspected breach informally include preventing an adversarial relationship and reducing cost. Sometimes, employees simply “forget” about their obligation and can easily be persuaded to comply by letting them know they are on the radar. The American Intellectual Property Law Association (AIPLA) reported in 2013 that the average cost of litigating an intellectual property dispute where less than $1 million is in dispute exceeds $320,000 through the end of discovery and $580,000 through trial. Alternatively, the employee's new employer may recognize the risks more clearly and instruct the employee to cooperate. Thus, an appropriately worded cease and desist letter may be all that is needed.

Litigation: Immediate Injunctive Relief and Expedited Discovery

In stark contrast to the cease and desist letter, where valuable or particularly sensitive information is at risk, a temporary restraining order (TRO) may be necessary to prevent any immediate harm. Court-ordered relief is a much more burdensome and costly endeavor, but is also much more effective. The purpose of a TRO is to ask the court to issue a preliminary injunction pending litigation to seek a permanent injunction against the unlawful activity. To maximize the effectiveness of this procedure, the employer should also seek expedited discovery to depose the former employee and obtain any documentary evidence as soon as possible. In appropriate cases, the employer may also ask for a writ of attachment, which freezes the former employee's assets, preventing the funds and property from dissipating before judgment.

The standard for a TRO is tough, but a win sends a strong message to the defendant employee that the employer will prevail on the merits, enhancing settlement opportunities and providing ultimate insight into what the judge finds important. To obtain injunctive relief, the employer must show: 1) a substantial likelihood of success on the merits; 2) that it would suffer irreparable injury if the injunction were not granted; 3) that the balance of the equities tips in its favor; and 4) that the public interest would be furthered by the injunction. Winter v. Natural Resources Defense Council , 555 U.S. 7 (2008). If an employee then violates a TRO, the ultimate recourse is an action for contempt. Verigy US, Inc. v. Mayder , 2008 U.S. Dist. LEXIS 28315, 35 (N.D. Cal. 2008) (Defendants ordered to show cause why they should not be held in contempt for violating court's temporary restraining order).

The decision to pursue a TRO also carries risks, however, because if it is denied it may embolden the former employee to fully utilize any trade secrets or confidential information in ways beyond those the employer was seeking to address. Additionally, the employee's new company may decide to terminate the employee to avoid the risk of litigation. In such circumstances, the former employee may counterclaim against the employer for tortious interference. O'Neill v. GlobeSpan, Inc. , 2001 U.S. Dist. LEXIS 23113 at 2-3 (C.D. Cal. 2001) (employee alleged that former employer interfered with new employment relationship by claiming that he would inevitably disclose proprietary information).

Criminal Investigations

Another option to counter trade secret theft is to involve the government, but the decision should be a calculated one. Initiating a criminal investigation can be effective in creating the fear of jail time and drawing upon federal resources. The District Attorney has more weapons to use for gathering evidence than those available to civil lawyers. For example, the government can issue a search warrant or use a false identity to gather information. However, a criminal investigation will usually mean handing over control of the investigation, which will likely stifle the company's ability to pursue its own recourse. Involving the government should be a thoughtful and thorough decision, as there could be unintended consequences, such as negative publicity, damage to customer relationships, or adverse impact on stock prices.

Litigation

Causes of Action

Trade secret cases implicate a host of claims and potential derivative causes of action, including breach of contract, misappropriation of trade secrets, breach of fiduciary duty, and Lanham Act claims for unfair competition. Additionally, while courts have been less than uniform, an evolving area of law is whether trade secret owners can obtain treble damages and attorneys' fees under a Racketeer Influenced and Corrupt Organizations Act (RICO) claim. Originally enacted to prevent organized criminals from infiltrating legitimate businesses, RICO has been used to litigate trade secret claims where there is a pattern of “racketeering activity,” which can include anything from mail fraud, wire fraud, to transporting stolen property over $5,000 in value.

Similarly, the Computer Fraud and Abuse Act (CFAA), which prohibits the unauthorized access to information on a computer, also provides a private right of action. In the first trial of its kind in California, a former employee was recently sentenced to one year in jail after being found guilty of three counts of computer fraud in violation of the CFAA, two counts of unauthorized downloading, copying, and duplicating of trade secrets without authorization, in violation of the Economic Espionage Act (EEA), and one count of conspiring to violate the EEA. United States v. Nosal , 2014 U.S. Dist. LEXIS 4021 at 1-2 (N.D. Cal. Jan. 13, 2014). Because most modern trade secret cases involve a computer database, the CFAA provides another weapon for employers seeking to protect their trade secrets.

Potential Defendants

Another important consideration is whether third parties should be joined in the lawsuit. In many cases, an employee leaves one company to join a competitor. If there is evidence that the new employer engaged in wrongdoing, this raises potential claims for tortious interference with contract and civil conspiracy. Naming agents such as former employees, vendors or business parties as co-conspirators can help ensure adequate injunctive relief and monetary recovery.

Liability may also attach to parties who know of the misappropriation and approve or ignore it for their own benefit, for example, individuals who have invested in the future employer. Ajaxo, Inc. v E*Trade Group, Inc. , 135 Cal App. 4th 21, 66 (2005). In one California case, a company brought suit against its former employees, the corporation in which the stolen knowledge was allegedly used, and its directors, officers and principal shareholders. The court found that if the investors knew or should have known of the misappropriation, they too could be held liable. Part of the court's rationale was that those investors may have invested at a bargain price, knowing that the sole business assets consisted of stolen information and processes. PMC, Inc. v Kadisha , 78 Cal App. 4th 1368, 1385 (2000).

Be Aware of Counterclaims

Improperly pursuing a former employee or naming a competitor as a defendant without sufficient proof of wrongdoing is a risky business and it should be expected that a counterclaim will follow. These counterclaims can range from the pursuit of attorneys' fees, to legitimate contentions that the employer's actions are anticompetitive, to an entirely concocted story asserting that the former employee owns the trade secrets. For example, in one trade secret theft case, an employee filed a counterclaim asserting that the trade secrets had been given to her as consideration for settling sexual harassment allegations some two years earlier.

Conclusion

Most employers are aware of the need to take precautionary measures to protect and limit access to trade secrets and institute appropriate contractual safeguards. However, many employers believe that a breach will never happen to them. Recent cases show that breaches are more common than employers believe, and usually come from an employee inside the company or business partner. As technology continues to develop, employees are being presented with the means to access and abscond with the company's most valuable information. When the unexpected breach occurs, employers need to be prepared to act quickly to protect the evidence, limit damage, and ensure the fullest possible recovery.

Paul Cowie is a partner with Sheppard Mullin in Palo Alto, CA. Reach him at [email protected] 'or 650-815-2648. Dorna Moini is an associate in the firm's San Francisco office, and can be contacted at [email protected] or 415-774-2974.

In February 2014, a quantitative analyst at a New York hedge fund was arrested for using a decompiler program to view his employer's encrypted trading models and then sending them to his personal e-mail. He allegedly planned to take this information to a new employer, apparently for significant financial incentives. The incident is reminiscent of another widely publicized theft at Goldman Sachs. In 2009, a week before quitting his job to join another trading firm, Sergey Aleynikov, a programmer at Goldman Sachs, downloaded 32 megabytes of a proprietary algorithmic trading code from his employer. The code, which some called Goldman's “secret sauce,” was used for a high-frequency trading (HFT) system, whereby traders use computer algorithms to rapidly trade securities, taking advantage of minute price changes to make a profit. Aleynikov had been offered $1.2 million per year to join a startup seeking to develop its own HFT system. He took that offer and was arrested by FBI agents at Newark Airport before making the jump.

Although high-profile, these are not isolated incidents. Former employees escape with valuable information every day, resulting in substantial, sometimes devastating losses to employers. Some employees claim the trade secrets belong to them; others attempt to explain away their conduct. Devices such as the new untraceable Blackphone, developed by Spanish startup Geeksphone, adds another layer of complication as it encrypts e-mails and text messaging, and has anti-tracking services that will make it much more difficult to discover employee misconduct and gain access to data during litigation.

When facing such inside threats, many employers are aware of the standard precautionary measures to take, such as utilizing invention assignment agreements and confidentiality agreements, requiring passwords and limiting access to key databases. Fewer are prepared, however, with a plan and an immediate response team to address an actual breach. Following three key steps can help to make the difference. This article provides a glimpse into what happens on game day when valuable information is compromised and decisions need to be made fast.

Take Immediate Action to Preserve Evidence

The most crucial time for evidence collection and preservation is the very moment the employer suspects that information has been compromised. Authentic evidence is vital to successfully prove a trade secret case and maximize any recovery. Thus, the first step is to forensically secure the evidence, including the employee's computer, to prevent any unauthorized access. Indeed, many security breaches arise simply because of a failure by the employer to terminate a former employee's access.

As soon as litigation is anticipated, a litigation hold should also be issued to employees who may have relevant information. The duty to preserve evidence arises when a party reasonably anticipates litigation, and the failure to issue a litigation hold can lead to hefty sanctions, including terminating sanctions disposing of the case. Electronic Funds Solutions, LLC v. Murphy , 134 Cal. App. 4th 1161, 1182-1184 (2005) (court granted a terminating sanction striking cross-complaint for intentional destruction of evidence). Any document retention or destruction policy should also be suspended until it is ascertained who is involved and the relevant time period. Allowing e-mails to be deleted may defeat the case before it can even be presented. If there is other physical evidence, such as security footage, take immediate steps to preserve that as well, and do not assume that it is automatically retained. Equally important is ensuring the admissibility of such evidence. This can be achieved through following three important steps:

Forensic Examination : A forensic examination is typically conducted by a third party with expertise in preserving electronic data and experience testifying in court. The forensic expert will usually duplicate the employee's computer and analyze the registry of actions to determine what occurred and when. This review can provide insight into the former employee's conduct, including what was accessed and when; what was downloaded from where to what type of device ' USB, Smartphone, etc.; or whether information was uploaded to another site. The examination will usually also reveal whether wiping software has been used to cover their tracks or change file types.

Chain of Custody : This is the process by which evidence can be authenticated to prove that it is what it purports to be, for example, that the former employee sent the incriminating e-mail. It is not uncommon for employees accused of trade secret theft to deny that evidence can be attributed to them or to allege tampering. To avoid such challenges, employers must have a secure chain of custody. Employers must, therefore be careful to avoid accessing documents in a manner that may compromise the metadata. With respect to physical evidence, limit the number of individuals who handle the evidence, and strictly restrict access.

Witness Interviews : Gathering evidence while it is fresh and before a former employee has the opportunity to interfere with potential witnesses can prove invaluable. Such interviews should be conducted by an attorney to enable legally admissible declarations to be drafted as to the most relevant information, rather than broadly as to everything an employee knows. Declarations collected at the beginning of the case can help to prevent a witness from later changing his or her story.

Choose the Appropriate Preliminary Relief

After collecting and preserving the evidence, the next step is to decide how to proceed. The form of preliminary relief will depend on the type of trade secret compromised, its sensitivity, and the relationship with the former employee. Problems with evidence and witnesses will likely also impact the decision, as well as a desire to send a message to others about such conduct. While some have applauded the New York hedge fund for treating the matter as theft, commentators have questioned how such action would be perceived in Silicon Valley, and whether it risks alienating the workforce or dampening an organization's ability to hire.

The Facilitative Approach: Cease and Desist Letter

The benefits to attempting to resolve a suspected breach informally include preventing an adversarial relationship and reducing cost. Sometimes, employees simply “forget” about their obligation and can easily be persuaded to comply by letting them know they are on the radar. The American Intellectual Property Law Association (AIPLA) reported in 2013 that the average cost of litigating an intellectual property dispute where less than $1 million is in dispute exceeds $320,000 through the end of discovery and $580,000 through trial. Alternatively, the employee's new employer may recognize the risks more clearly and instruct the employee to cooperate. Thus, an appropriately worded cease and desist letter may be all that is needed.

Litigation: Immediate Injunctive Relief and Expedited Discovery

In stark contrast to the cease and desist letter, where valuable or particularly sensitive information is at risk, a temporary restraining order (TRO) may be necessary to prevent any immediate harm. Court-ordered relief is a much more burdensome and costly endeavor, but is also much more effective. The purpose of a TRO is to ask the court to issue a preliminary injunction pending litigation to seek a permanent injunction against the unlawful activity. To maximize the effectiveness of this procedure, the employer should also seek expedited discovery to depose the former employee and obtain any documentary evidence as soon as possible. In appropriate cases, the employer may also ask for a writ of attachment, which freezes the former employee's assets, preventing the funds and property from dissipating before judgment.

The standard for a TRO is tough, but a win sends a strong message to the defendant employee that the employer will prevail on the merits, enhancing settlement opportunities and providing ultimate insight into what the judge finds important. To obtain injunctive relief, the employer must show: 1) a substantial likelihood of success on the merits; 2) that it would suffer irreparable injury if the injunction were not granted; 3) that the balance of the equities tips in its favor; and 4) that the public interest would be furthered by the injunction. Winter v. Natural Resources Defense Council , 555 U.S. 7 (2008). If an employee then violates a TRO, the ultimate recourse is an action for contempt. Verigy US, Inc. v. Mayder , 2008 U.S. Dist. LEXIS 28315, 35 (N.D. Cal. 2008) (Defendants ordered to show cause why they should not be held in contempt for violating court's temporary restraining order).

The decision to pursue a TRO also carries risks, however, because if it is denied it may embolden the former employee to fully utilize any trade secrets or confidential information in ways beyond those the employer was seeking to address. Additionally, the employee's new company may decide to terminate the employee to avoid the risk of litigation. In such circumstances, the former employee may counterclaim against the employer for tortious interference. O'Neill v. GlobeSpan, Inc. , 2001 U.S. Dist. LEXIS 23113 at 2-3 (C.D. Cal. 2001) (employee alleged that former employer interfered with new employment relationship by claiming that he would inevitably disclose proprietary information).

Criminal Investigations

Another option to counter trade secret theft is to involve the government, but the decision should be a calculated one. Initiating a criminal investigation can be effective in creating the fear of jail time and drawing upon federal resources. The District Attorney has more weapons to use for gathering evidence than those available to civil lawyers. For example, the government can issue a search warrant or use a false identity to gather information. However, a criminal investigation will usually mean handing over control of the investigation, which will likely stifle the company's ability to pursue its own recourse. Involving the government should be a thoughtful and thorough decision, as there could be unintended consequences, such as negative publicity, damage to customer relationships, or adverse impact on stock prices.

Litigation

Causes of Action

Trade secret cases implicate a host of claims and potential derivative causes of action, including breach of contract, misappropriation of trade secrets, breach of fiduciary duty, and Lanham Act claims for unfair competition. Additionally, while courts have been less than uniform, an evolving area of law is whether trade secret owners can obtain treble damages and attorneys' fees under a Racketeer Influenced and Corrupt Organizations Act (RICO) claim. Originally enacted to prevent organized criminals from infiltrating legitimate businesses, RICO has been used to litigate trade secret claims where there is a pattern of “racketeering activity,” which can include anything from mail fraud, wire fraud, to transporting stolen property over $5,000 in value.

Similarly, the Computer Fraud and Abuse Act (CFAA), which prohibits the unauthorized access to information on a computer, also provides a private right of action. In the first trial of its kind in California, a former employee was recently sentenced to one year in jail after being found guilty of three counts of computer fraud in violation of the CFAA, two counts of unauthorized downloading, copying, and duplicating of trade secrets without authorization, in violation of the Economic Espionage Act (EEA), and one count of conspiring to violate the EEA. United States v. Nosal , 2014 U.S. Dist. LEXIS 4021 at 1-2 (N.D. Cal. Jan. 13, 2014). Because most modern trade secret cases involve a computer database, the CFAA provides another weapon for employers seeking to protect their trade secrets.

Potential Defendants

Another important consideration is whether third parties should be joined in the lawsuit. In many cases, an employee leaves one company to join a competitor. If there is evidence that the new employer engaged in wrongdoing, this raises potential claims for tortious interference with contract and civil conspiracy. Naming agents such as former employees, vendors or business parties as co-conspirators can help ensure adequate injunctive relief and monetary recovery.

Liability may also attach to parties who know of the misappropriation and approve or ignore it for their own benefit, for example, individuals who have invested in the future employer. Ajaxo, Inc. v E*Trade Group, Inc. , 135 Cal App. 4th 21, 66 (2005). In one California case, a company brought suit against its former employees, the corporation in which the stolen knowledge was allegedly used, and its directors, officers and principal shareholders. The court found that if the investors knew or should have known of the misappropriation, they too could be held liable. Part of the court's rationale was that those investors may have invested at a bargain price, knowing that the sole business assets consisted of stolen information and processes. PMC, Inc. v Kadisha , 78 Cal App. 4th 1368, 1385 (2000).

Be Aware of Counterclaims

Improperly pursuing a former employee or naming a competitor as a defendant without sufficient proof of wrongdoing is a risky business and it should be expected that a counterclaim will follow. These counterclaims can range from the pursuit of attorneys' fees, to legitimate contentions that the employer's actions are anticompetitive, to an entirely concocted story asserting that the former employee owns the trade secrets. For example, in one trade secret theft case, an employee filed a counterclaim asserting that the trade secrets had been given to her as consideration for settling sexual harassment allegations some two years earlier.

Conclusion

Most employers are aware of the need to take precautionary measures to protect and limit access to trade secrets and institute appropriate contractual safeguards. However, many employers believe that a breach will never happen to them. Recent cases show that breaches are more common than employers believe, and usually come from an employee inside the company or business partner. As technology continues to develop, employees are being presented with the means to access and abscond with the company's most valuable information. When the unexpected breach occurs, employers need to be prepared to act quickly to protect the evidence, limit damage, and ensure the fullest possible recovery.

Paul Cowie is a partner with Sheppard Mullin in Palo Alto, CA. Reach him at [email protected] 'or 650-815-2648. Dorna Moini is an associate in the firm's San Francisco office, and can be contacted at [email protected] or 415-774-2974.