© 2013 Armstrong Teasdale LLP © 2013 Armstrong Teasdale LLP
© 2013 Armstrong Teasdale LLP
Trade Secrets and Computer Tampering: The Convergence of Two Ways to Protect Important Company Assets and Information Presented by: Michael B. Kass
© 2013 Armstrong Teasdale LLP
© 2013 Armstrong Teasdale LLP
The ways employees can steal from you . . .
INTRODUCTION
© 2013 Armstrong Teasdale LLP
What is computer tampering?
Sophisticated espionage not needed. • Ease of copying/transferring large amounts of data more
common among departing employees. − Email, thumb-drives, hand-held devices, laptops . . .
• Computer tampering statutes may make a lot that type of activity unlawful.
• You may be able to protect your information as trade secrets
• But . . . depends upon your policies and procedures. − These laws are important whether or not your company
restricts employees with non-compete agreements.
© 2013 Armstrong Teasdale LLP
Why is this important to me?
Encourages steps to prevent theft in the first place and adds to your “menu” of potential weapons to use in your fight against the bad-acting departing employee.
© 2013 Armstrong Teasdale LLP
Why is this important to me?
© 2013 Armstrong Teasdale LLP
The Laws
Computer Fraud and Abuse Act Missouri Computer Tampering Act
Uniform Trade Secrets Act
© 2013 Armstrong Teasdale LLP
Computer Fraud and Abuse Act (“CFAA”) 18 U.S.C. § 1030
Conduct prohibited by CFAA • Statute not “elegantly” drafted
• Most commonly relevant provision prohibits: Intentionally accessing a computer without authorization or by exceeding authorized access and thereby obtaining information from a protected computer.
• Knowingly causing the transmission of a program, information, code or command, and in doing so intentionally causing damages to a protected computer.
• Requirement for Civil Action: Economic damages > $5,000 − May include cost of forensic investigation (depending on jurisdiction)
• Key Issue: When does an employee “exceed authorized access”?
© 2013 Armstrong Teasdale LLP
Missouri Computer Tampering Act
Tampering with Computer Data (§ 569.095 RSMo.) Tampering with Computer Equipment (§ 569.097 RSMo.) Tampering with Computer Users (§ 569.099 RSMo.) It’s “tampering” if done either:
• Knowingly (i.e. knowing it is unauthorized); or
• Without reasonable grounds to believe one has authorization
• (Slightly broader than CFAA “authorization” requirement)
© 2013 Armstrong Teasdale LLP
Remedies
CFAA – Economic Loss, plus attorneys’ fees MCTA – Costs associated with uncovering the breach and
fixing any damage done to CPU systems, plus attorneys’ fees.
© 2013 Armstrong Teasdale LLP
Trade secrets defined*
Information, data, technique, etc. that: • Derives independent economic value, actual or potential,
from not being generally known to, and not being readily ascertainable by proper means by other persons who can obtain economic value from its disclosure or use
• Reasonable efforts under the circumstances are taken to maintain its secrecy
*Source: Missouri Statute (RSMo. § 417.453(4))
© 2013 Armstrong Teasdale LLP
Trade secrets defined*
Factors used to determine if information is a trade secret • Extent to which the information is known outside the business
• Extent to which it is known by employees and others involved in that business
• Extent of measures taken to guard the secrecy of the information
• Value of information to the one claiming the trade secret and its competitors
• Amount of effort and/or money expended in developing that information
• Ease or difficulty with which the information could be acquired or duplicated by others
*Source: Baxter International, Inc. v. Morris, 976 F.2d 1189, 1194 (8th Cir. 1992)
© 2013 Armstrong Teasdale LLP
Convergence of computer tampering and trade secret protection
Steps to prevent data theft before it happens Steps to help establish liability in the event of a breach
© 2013 Armstrong Teasdale LLP
Convergence of computer tampering and trade secret protection
Safeguard your computer systems and electronic files. Password access only
• Additional password access for most sensitive documents for those who need to know
Computer and email usage policies • Be clear about extent of “authorization”
− Employee access to files on system for authorized business purposes only
− Not for employee’s personal benefit
© 2013 Armstrong Teasdale LLP
Convergence of computer tampering and trade secret protection
Confidentiality policies and agreements • Policy
– Employee acknowledgement of receipt
– Periodic reminders.
• Policies and agreements – general language
– specific language referencing greatest concerns
Mark confidential documents “CONFIDENTIAL” Secure “confidential” documents (e.g., locked file cabinet)
© 2013 Armstrong Teasdale LLP
Side Bar: You should be “atwitter” about your confidential information losing its trade secret status on social media sites.
Use of Twitter and LinkedIn by your employees • Restrictions on information they can post?
− Visiting “ABC Customer about XYZ today . . .”?
Who does your employee “follow” and with whom is she “Linked”?
• Veritable customer list?
• De-Linking Consider addressing in policies and agreements.
© 2013 Armstrong Teasdale LLP
Closing comments
Simultaneously prevent theft while bolstering your ability to stop a bad-acting employee from harming you.
• Protect your electronic and confidential documents and
information with clear policies and agreements.
− Computer usage − Email usage − Confidential information
See departing employee checklist
Top Related