When we think of the Wild West, we think of horse theft as a serious crime. Some people now refer to the Internet as the Wild West. In the Information Age, the new serious crime is information theft like stealing trade secrets. Until recently, protecting trade secrets meant relying mostly on a patchwork of often inconsistent state laws, which provided a civil remedy, but rarely criminalized their theft. That changed a bit in 1996 when the President signed the Economic Espionage Act of 1996 (EEA).
In today's world, information is often the most important asset a business owns. Yet, these assets are extremely difficult to preserve in a environment where gigabytes of secret data fit on a small disc, companies often rely on outside consultants, and where even employees come and go as part of a mobile workforce.
On another level, we also live in a post-Cold War world where some former military spies now find private employment and engage in economic espionage for foreign governments and companies.
The EEA started as a law designed to deal with foreign economic espionage. In its final incarnation, it grew to cover the theft of trade secrets domestically.
Defining "Trade Secret"
First, a definition is in order. Generally, a "trade secret" is any information that's valuable because it is not generally known to, or readily ascertainable by, other people who could profit from knowing it. To maintain its trade secret status, state laws generally require that you take reasonable efforts to maintain its secrecy. Once information is disclosed, you can't claim that it's a trade secret.
There are some variations on this basic definition depending on the state. Some definitions require that you use your trade secret continuously in your business or risk losing your legal protections. Some states require actual economic value, while some states protect trade secrets with only "potential" value.
In deciding whether information is a trade secret, courts have traditionally looked at many factors. For example, how widely known was the information outside of the business claiming the trade secret status? How many people knew the secret? What security measures were used to maintain secrecy? How valuable was the information to its owner and competitors? How much effort and money were used to develop the secret? How hard would it have been for a competitor to duplicate the information using proper methods?
The EEA requires reasonable measures to keep the information secret, but does protect potential, not just actual value. For a criminal statute, it's a surprisingly broad and in several ways broader than many state laws. It's also clearly well-designed for today's digital world. It specifically includes both "tangible and intangible" information "and whether or how stored, compiled, or memorialized physically [or] electronically..."
It even seems to cover information that's been memorized with the language "whether or how stored," and "intangible." This is a truly broad definition of a trade secret.
The EEA includes essentially two crimes. The first crime involves foreign economic espionage. The penalty is up to a $500,000 fine and 15 years in jail. An organization that commits the crime can be fined up to $10,000,000.
The domestic theft of trade secrets is also treated as a serious crime. Here, the maximum penalty is 10 years in jail and a fine governed by general Federal law. The maximum fine under Federal law is generally $250,000, but in cases of pecuniary gain or loss it can be set as high as the greater of twice the gain to the criminal or twice the loss to the victim. An organization can be fined up to $5 million and arguably more based on the twice the gain or loss method that can be used against an individual.
Staying Out of Trouble
For your organization, the flip side of losing your trade secrets is the damage that can be done by your employee using trade secrets from a previous employer to help them succeed in your company. You may not even realize that you're having corporate success because you're using stolen information. To avoid criminal and civil liability, you must develop and enforce a Compliance Plan. Its purpose - to prevent the use of stolen trade secrets by your company.
You're at particularly high-risk if you answer "yes" to two of the following three questions. Does your business focus on technology and information? Are you rapidly growing by hiring? Do you have a significant reliance on consultants, outsourcers or temporary workers?
If you answer "yes" to any one of the following, you are clearly at high-risk. Have you hired middle- and upper-level people from your competitors? Do you use consultants and temporary workers to assist with research and development? Do you have foreign subsidiaries, affiliates and other foreign operations?
A good Compliance Plan needs to be custom-designed for your business. There is no such thing as a "one size fits all" Plan. It must take into account things like your industry and competitive environment, the types of intellectual property at risk in your business, government standards for your industry and your corporate culture.
The Plan must clearly establish a standard of conduct. It must let your employees and others who work for you know what you expect of them when it comes to trade secrets in their possession. If there is a particular type of risk in your industry or company, then single it out for special mention and treatment.
Your Plan should also tell employees how to report violations of the Plan. It should create a procedure for investigation and state the consequences of violations.
Most importantly, this is not a cosmetic document designed to be pulled out of the drawer if you're prosecuted under the EEA or sued. It's an educational tool that needs to be mentioned frequently at department meetings and in company newsletters.
This type of treatment may even have the effect of protecting your own trade secrets because you've sensitized former employees to the risks inherent in stealing trade secrets. It's a winner for you no matter how you view it.
Mark Grossman's "TechLaw" column appears in numerous publications. Mark Grossman has extensive experience as a speaker as well. If you would like him to speak before your group or corporate meeting, please call (305) 443-8180 for information.
You can find a TechLaw archive at: www.DeWittGrossman.com.
If you have any comments, please send them to MGrossman@DeWittGrossman.com.
Disclaimer: The advice given in the TechLaw column should not be
considered legal advice. This newsletter only provides general educational information. You must never rely upon the advice given here. Your individual situation may not fit the generalizations discussed. Only your attorney can evaluate your individual situation and give you advice.
Except as provided below, you may feel free to forward, distribute and
copy the TechLaw column if you distribute and copy it without any changes and you include all headers and other identifying information. You may not copy it to a Web site.