Is Your Customer Information A Trade Secret?

By: Bob Goldberg, RSPA General Counsel

Hardly a week goes by that there is not an inquiry regarding a non-compete, non-solicitation, or confidentiality agreement. It may be said that employees lack the dedication to employers that once existed and will move to a new position for better terms. Often that new position includes a portion of compensation determined by performance. That is when a departing employee may feel a need to take with him or her customer information, contract information, and/support and maintenance  information. This information is highly valuable to a business, but does it constitute a trade secret worthy of protection?

Recently a federal judge in Chicago taught a painful lesson to an Illinois employer. Even if information is sufficiently sensitive and valuable that it could qualify as a trade secret, it will not unless the owner of that information takes adequate steps to protect its secrecy. There are two basic elements to the analysis of whether information qualifies as a trade secret: 1) the information must have been sufficiently secret to impart economic value because of its relative secrecy, and 2) the owner must have made reasonable efforts to maintain the secrecy of the information.

The situation in this case was all too familiar. A key employee left to join a competing business. He took with him a flash drive with information regarding customers, pricing, contracts, and suppliers. He later hired another individual from his former employer and she too brought information she believed might be helpful in her new position. The information taken was uploaded to their new computers, shared with other sales reps, and used to target customers of their previous employer.

There was no question that the information taken was valuable to the owner and had been misappropriated. An action was brought under the federal Defend Trade Secrets Act and the Illinois Trade Secrets Act. The Court refused to grant an injunction for it found that the owner had taken almost no measures to safeguard the information it now maintains as invaluable to its competitors. The Court found that the owner’s data security was so lacking that it was difficult to identify the most significant shortcoming.

Fortunately, there is a lesson for the Court shared the data security measures that could have been taken, but were not:

  • Entering into non-disclosure and confidentiality agreements with employees;
  • Enacting a policy regarding the confidentiality of business information “beyond a vague, generalized admonition about not discussing business outside of work”;
  • Training employees as to their obligations to keep certain categories of information confidential;
  • Asking departing employees whether they possessed any confidential company information , and if they do, instructing them to return or delete it;
  • Adequately training the company’s IT manager about data security practices;
  • Restricting access to sensitive information on a need-to-know basis;
  • As appropriate, labeling documents “Proprietary” or “Confidential”;
  • Keeping the premises, files, information secure and not easily accessed;
  • Periodically checking computer logs to determine if information is being improperly directed.

In this day of employee mobility, it is important to take the necessary steps to assure that your valuable company information is kept confidential. Clearly the courts will not protect your information if you fail to do so yourself. The RSPA web site has several legal templates to help you begin the necessary steps.