In the past decade, the prevalence of videoconferencing, social media, and other technological platforms have flooded college dorm rooms and boardroom meetings alike. The ubiquity of these technologies is unavoidable, and employees, sometimes with the encouragement of businesses, use them increasingly often as they choose to operate in a more causal and oftentimes remote fashion. Although the COVID-19 pandemic has created a particular spike in videoconferencing, the elevated use of remote work technologies and social media is not going anywhere once the pandemic subsides. At the same time, businesses recognize that their success increasingly is dependent upon technological and other advancements that they seek to protect through nondisclosure agreements or trade secret law. Unfortunately, with the benefit of seeing your friends’, families’ and co-workers’ faces with the click of a button comes a significant risk to protecting your most prized trade secrets.
The use of videoconferencing to discuss trade secrets, as well as an employee’s unauthorized discussion or posting about confidential information on social media, makes it more difficult to prove the confidentiality prong of a trade secrets misappropriation claim. While this remains a developing issue, as the law tries to keep up with technology and cultural phenomena, at least one court has declined to extend trade secret protection to information discussed during videoconferencing calls because the business did not take reasonable steps to protect its alleged proprietary information. Thus, businesses should promptly implement security measures targeted to address specific shortcomings posed by increased use of remote work technology and social media. We offer below best practices for ensuring your business has taken reasonable steps to protect its trade secrets in the context of videoconferencing and social media.
Trade Secrets Refresher
Although planning and implementation of additional security measures may feel like an unnecessary hassle and drain on business resources, it is crucial to remember the impact of failing to properly protect your business’s trade secrets. Consequences can include substantial lost revenue for your business, diminished regard by investors, or those who have purchased a license related to the trade secret.i Further, misappropriation of trade secrets undermines the process and incentives for authors to develop products, systems, or services. Over time, this will lead to slower development of new inventions that could otherwise benefit our global economy. The Commission on Theft of American Intellectual Property reported in 2017 that the annual “estimated low-end cost of [international] trade secret theft to U.S. firms was $180 billion, or 1% of U.S. GDP. The high-end estimate was $540 billion, amounting to 3% of GDP.”ii This percentage is even larger when taking into account domestic trade secret theft. Innovation is your business’s greatest competitive advantage, which is undermined by theft of trade secrets.
The law has evolved to provide more protection for trade secrets. For example, in 2016, the federal Defend Trade Secrets Act was enacted to provide both a federal cause of action as well as enhanced remedies.iii On the other hand, state laws, including those in Massachusetts, Illinois, Maine, Maryland, New Hampshire, Washington and Rhode Island, have limited the other method used by employers---noncompete agreements---to protect their competitive advantage, and the Biden administration has promised to ban or limit them.iv
While trade secret law provides an effective sword, it has long required companies to adequately shield the information from disclosure. Federal and state laws require similar elements to prove misappropriation of trade secrets. A plaintiff must establish the existence of a protectable trade secret and misappropriation of that trade secret.v Most importantly, to be protectable as a trade secret, a plaintiff must show that the trade secret is information that derives economic value, whether actual or potential, because it is not generally known, and that the business took reasonable efforts to maintain its secrecy (the “confidentiality prong”).vi In order to secure protection of costly and time-intensive research and development, courts across the U.S. have placed an emphasis on business efforts to keep trade secret information confidential. While it may seem straightforward, companies often struggle to prove they took reasonable steps to protect the information from disclosure. There is tension between the desire to efficiently use the information to promote competitive business interests and the need to maintain its confidentiality. The speed of information transmittal and the culture of disclosure exacerbate this tension.
State courts consider a variety of factors when evaluating whether a business has taken reasonable steps to protect its confidential and proprietary information. For example, the Georgia Court of Appeals found that a tax return preparation firm made reasonable efforts to maintain the secrecy of its customers’ list because it: (i) did not publish the list; (ii) established companywide policies to protect the information from disclosure to third parties; (iii) counseled its employees regarding the policies; (iv) limited access to its customer database to certain employees and the information was password protected; and (v) employees permitted access were not permitted to print the information to take home.vii Similarly, federal courts have concluded that the reasonable steps requirement can be satisfied through various methods.viii The flexibility that courts have given businesses to adopt security measures tailored to their business needs has also resulted in an inconsistent message of what is required to meet the reasonable steps requirement in any given case.
To Complicate Matters Further …
The difficulty of taking reasonable confidentiality precautions is further complicated by the recent and continuing shift to a more casual and remote work culture. Even prior to the COVID-19 pandemic, businesses across the country were embracing flextime, remote work (partial or full-time), and the use of virtual meetings to conduct routine business meetings, collaborate on projects, and pitch new deals to customers.
In 2018, 3.6% of the U.S. workforce worked remotely for half or more of their weekly hours.ix That percentage has grown 173% since 2005. Moreover, a 2019 survey demonstrated that 80% of employees want to work from home at least some of the time.x The percentage of remote work increased exponentially during the COVID-19 pandemic, with approximately 40% of U.S. employees working remotely during the early pandemic.xi Most importantly, the remote work trend is not going away anytime soon. Global Workplace Analytics, a research and consulting firm that helps employers understand and prepare for the future of work, predicts that even after the COVID-19 pandemic dissipates, 25-30% of the workforce will continue working remotely for multiple days a week beyond the end of 2021.xii Further, more businesses are willing to permit remote work on a regular basis, for at least a portion of the week, after seeing that employee productivity did not fall during remote work caused by the COVID-19 pandemic. Not to mention that a typical employer can save about $11,000 annually for every person who works remotely half of the time.xiii
In order to support a rapidly increasing remote work culture, businesses have turned to various methods of virtual communication to exchange information, including confidential and proprietary information. Virtual communication technologies may include, but are not limited to, videoconferencing platforms such as Zoom, Skype and Microsoft Teams, internal chat functions and, in some cases, external chat functions through social media platforms such as LinkedIn. The use of external virtual communication may also occur as businesses look for ways to connect with their clients when in-person networking is not feasible.
Unfortunately, some businesses transitioned to using remote work technologies faster than they were able to evaluate and implement strategies for providing employees with access to necessary information while still protecting trade secrets with suitable security measures. For many businesses, this transition came unexpectedly as a result of COVID-19-related stay-at-home orders. Businesses may not even realize how serious these new security threats can be. For example, 53% of remote workers are using personal computers or devices with minimal to no security protection in place, and one in 10 employees report having their videoconference calls hacked while working remotely.xiv The failure to implement additional security measures targeted at the issues presented by remote work could lead to an inability to successfully recover for trade secret misappropriation.
Remote Work Requires Increased Security Measures to Satisfy “Reasonable Steps” for Maintaining Confidentiality
Traditional means of protecting trade secrets, as discussed above, will not by themselves address the increased security risks presented by the technology required in today’s work culture. Use of videoconferencing to discuss trade secret protected information during remote work will make it more difficult to prove the confidentiality prong for misappropriation of trade secret claims. Although this remains a developing area of the law, at least one court has indicated that videoconferencing and other similar technologies will require businesses to take distinct “reasonable steps” to ensure their trade secret protected information remains confidential.
The Delaware Court of Chancery focused on the use of Zoom in concluding that Smash, a mobile trash compactor business, did not take reasonable steps to keep secret sales information targeted at attracting entrepreneurs to purchase a franchise.xv Defendant Perri expressed interest in a Smash franchise, but ultimately only feigned interest in order to gather information about Smash’s sales pitches in order to create his own mobile trash compactor business.xvi When Smash discovered that Perri had started his own business marketing a similar product with similar economic returns, Smash filed a lawsuit alleging misappropriation of trade secrets, among other claims, and sought a preliminary injunction.
The court first noted that Smash’s routes and pricing, specific customers, pricing models specific to certain geographic areas, and future models for the business, did not qualify for trade secret protection because the information was not kept secret – it was made publicly available in its disclosure documents and pitch deck, and Smash shared the information to differentiate itself in order to sell franchises.xvii Moreover, even assuming Smash had protectable trade secrets, Smash did not take reasonable steps to protect them because it:
freely gave out the Zoom information for the Franchisee Forum Calls and the Founder Calls to anyone who had expressed interest in the franchise and completed the introductory call. Smash used the same Zoom meeting code for all of its meetings. Smash did not require that participants to enter a password and did not use the waiting room feature to screen participants. Anyone who had expressed interest and received the code could join the calls, and participants could readily share the code with othersxviii
Thus, because Smash did not take reasonable steps to protect its trade secrets, Smash could not establish the confidentiality prong for a misappropriation of trade secrets claim.
The takeaway from this case is that new forms of technology present new security risks that will require innovative solutions specifically targeted at minimizing these risks. While some traditional forms of protecting trade secrets, such as requiring employees to sign nondisclosure agreements, remain applicable, other methods are outdated and inapplicable to the videoconferencing context. Businesses that fail to evaluate whether their security measures are sufficient and ameliorate the unique problems raised by use of videoconferencing in the workplace will likely be unable to prove the confidentiality prong. This is fatal to any misappropriation of trade secret claim.
For example, businesses may have difficulty meeting the confidentiality prong where: (1) they use video calls to reach many employees, some of whom do not have a business reason to know about the trade secrets discussed on the call; (2) routinely record all video calls without a significant justification for doing so; and (3) permit employees to discuss the trade secrets over the chat feature offered by many videoconferencing platforms.
Courts in other jurisdictions will likely look to Smash for guidance when evaluating whether a business took reasonable steps to protect its trade secrets that were discussed via videoconferencing platforms, or through other remote work technologies that courts have not previously had to assess. Your business can benefit by promptly implementing policies and procedures that address the issues raised by the Smash court. These include:
- Restrict participants to those with a “need to know”;
- Require the participants of each videoconference to enter a password;
- Vary the meeting passwords for each videoconference, so that individuals are only allowed to enter the videoconference they are authorized to join;
- Use the “waiting room” feature, so that the meeting organizer can verify the identity of the participants before permitting them to enter;
- Take attendance of all individuals before beginning the meeting;
- Videoconferencing should occur in private rooms, including away from family;
- Remove those who are not authorized to be present;
- Disable the recording feature;
- Remind participants of the confidential nature of the material; and
- Require all individuals to return a signed NDA before any videoconference in which confidential information will be disclosed.
The good news is videoconferencing and other remote work technologies are not incompatible with the ability to protect your trade secrets. But they will require businesses to promptly implement security measurers targeted to address specific security shortcomings posed by the use of more advanced remote work technologies. The “reasonable steps” standard is not unduly high; it simply requires forethought and creativity.
Consider Strategies to Address Risks Posed By Social Media
Videoconferencing is not the only technology that presents a potential roadblock to proving the confidentiality prong. Security policies should also be revamped to address social media. Courts have also raised concerns regarding meeting the confidentiality prong where alleged trade secrets have been posted or shared on social media.xix
In addition to some employees using platforms such as LinkedIn’s chat function or similar platform wall post features to connect with other employees or customers, consider the following concerning scenario.
An employee who has been working on a highly confidential research and development product for Company A receives a raise based on his excellent contributions to the project. The employee is so proud of his work that he posts a picture of himself at work on his Instagram account with the caption “hard work pays off, can’t wait to see our new product launch next year.” The employee failed to notice that behind him on the table are schematics and a pricing list for the new product. The employee is friends with many of his former colleagues who work for a competitor. A former colleague sees the post, and his employer rushes to develop a similar product that is released a few weeks prior to Company A’s release. What factors might the court consider when evaluating whether Company A took reasonable steps to protect the product schematics and pricing list?
- Does Company A have a policy preventing employees from entering research and development areas of its facility with personal phones?
- Does Company A have a policy in place that specifically prohibits employees from posting, sharing, or discussing confidential and proprietary information on their social media accounts?xx
- Has Company A conducted a training regarding employees’ responsibilities in regards to trade secrets that instructs employees to be cognizant about what they are posting on social media?
- Has Company A required employees to sign nondisclosure agreements that include a provision prohibiting employees from sharing or discussing confidential business information on their social media accounts?
While businesses certainly cannot anticipate or prevent every way in which an employee might disclose trade secret information, they should consider implementing policies that focus on risks presented by the prevalent use of specific technologies and a cultural shift in the U.S. to share every detail of our lives on social media.
In sum, as remote work and more casual work settings continue to become the norm, businesses must revise security precautions and other measures to successfully prosecute trade secrets claims. These adjustments must address technologies such as videoconferencing and social media platforms, as well as the more relaxed approach of employees, particularly younger workers. There is a need for urgency as remote work increasingly becomes the norm even after the COVID-19 pandemic, and the business and personal use of social media is not going anywhere.
i The IP Commission, The Report of the Commission on the Theft of American Intellectual Property: Reassessments of the Challenge and United States Policy (Feb. 2017), available at https://www.nbr.org/wp-content/uploads/pdfs/publications/IP_Commission_Report_Update.pdf.
iii 18 U.S.C. § 1836 et seq.
iv Biden Harris, The Biden Plan for Strengthening Worker Organizing, Collective Bargaining, and Unions, (last accessed January 2021), available at https://joebiden.com/empowerworkers/.
v MPAY Inc., v. Eric Custom Computer Applications, Inc., 970 F.3d 1010, FN1, 1016 (8th Cir. 2020).
vi Repat, Inc., v. IndieWhip, LLC, 281 F. Supp.3d 221, (D.C. Mass. 2017); Strategic Directions Group, Inc. v. Bristol-Myers Squibb Co., 293 F.3d 1062, 1064 (8th Cir. 2002).
vii Paramount Tax & Accounting, LLC v. H&R Block Eastern Enterprises, Inc., 299 Ga. App. 596, 603(2009).
viii See, Wyeth v. Natural Biologics, Inc., 395 F.3d 897, 899-900, (8th Cir. 2005); U.S. v. Howley, 707 F.3d 575, 579 (6th Cir. 2013); U.S. v. Zhang, 590 Fed. App. 663, 665 (9th Cir. 2014); U.S. v. Suibin Zhang, No. CR-05-00812RMW, 2012 WL 1932843, at *1-2 (N.D. Cal. 2012) (extensively noting all reasonable steps taken by company to protect its trade secrets).
ix Global Workplace Analytics, Latest Work-At-Home/Telecommuting/Mobile Work/Remote Statistics, (March 2020) available at https://globalworkplaceanalytics.com/telecommuting-statistics.
xi SHRM, Despite Reopenings, Many Employees Will Work Remotely into 2021 and Beyond, (August 2020) available at https://www.shrm.org/resourcesandtools/hr-topics/benefits/pages/despite-reopenings-many-employees-will-keep-working-remotely.aspx.
xii Global Workplace Analytics, Work-At-Home After Covid-19- Our Forecast, (last accessed November 2020) available at https://globalworkplaceanalytics.com/work-at-home-after-covid-19-our-forecast.
xiv Wandera, 74 Statistics on Remote Working During COVID-19 Lockdown, (July 2020) available at https://www.wandera.com/statistics-on-remote-working-during-covid-19-lockdown/.
xv Smash Franchise Partners, LLC v. Khanda Holdings, Inc., No. 2020-0302-JTL, 2020 WL 4692287, at * (Del. Ch. 2020).
xvi Id. at 1.
xvii Id. at 14.
xviii Id. at 15.
xix See Veronica Foods Co. v. Ecklin, No. 16-cv-07223-JCS, 2017 WL 2806706, at * 14-15 (N.D. Cal. June 29, 2017) (granting competitor’s motion to dismiss noting that plaintiff’s allegation it took reasonable steps to protect its Supplier List “carried little weight” where it publically disclosed some of its suppliers on its blog and Facebook page).
xx Foley & Lardner LLP recommends having any written policies regarding use of social media reviewed by legal counsel, since broad confidentiality restrictions can violate labor laws, which protects employees’ rights to discuss their working conditions.