ph: (312) 368-0100 | fx: (312) 368-0111
180 North LaSalle Street, Suite 3200 | Chicago, Illinois 60601

Employee Owes Fiduciary Duty to Employer and Cannot Misappropriate a Corporate Opportunity

The Illinois Appellate Court has reiterated what the Illinois Supreme Court said a few years ago: Employees of a corporation owe a duty of loyalty to the company by which they are employed.  And that it is a breach of their fiduciary obligation to appropriate for their own gain an opportunity that rightfully belongs to the company.  Advantage Marketing Group, Inc. v. Keane, 2019 IL App (1st) 181126.

In this instance it was clear that the employee was far more than an ordinary employee and that it was not clear whether the company had considered the opportunity but had decided to take a pass on it.

Keane was one of the founders of Advantage Marketing Group (AMG) and, even at the time of his purported misconduct, owned 35% of AMG’s stock.  He had served AMG as an officer and director, but was simply an employee when he seized a potential corporate opportunity and made good use of it through another corporation, Keane, Inc. d/b/a The Mail House.

In addition to owning 35% of AMG, Keane performed or had performed the following for AMG:

  • Hired and fired employees
  • Had access to all of AMG’s books and records including client lists, employee records, tax documents, vendor information and billing data
  • Had a bonus equal to AMG’s majority stockholder
  • Had developed and maintained AMG’s financial records
  • Had explored potential strategic acquisitions in the letter-shop business

In the summer of 2013 Keane and AMG’s majority stockholder, Patty Herman, discussed the potential acquisition of The Mail House, a competitor of AMG.

Keane resigned from AMG on September 4, 2015.  Prior to his resignation he began making preparations for the acquisition of The Mail House.  He organized a new corporation named Keane, Inc. d/b/a The Mail House.   He told AMG’s clients and vendors AMG was in financial distress, and solicited his son, an AMG employee, to join him at the new corporation.  He also obtained samples of confidential client information and delayed in returning them after being demanded to do so by AMG’s counsel.  He registered an internet domain name “mailhousedm.com”.  After Keane left AMG, The Mail House was in direct competition with AMG.

AMG sued Keane charging breach of fiduciary duty and improperly appropriating a potential business opportunity (the acquisition of The Mail House) for himself.

Keane defended saying that as an employee he had no fiduciary duty to AMG and, furthermore, that he had discussed the potential acquisition with AMG’s majority stockholder but AMG had not moved forward with it.  The court ruled against Keane on both points.

The court said that it was settled Illinois law that an employee owes a duty of loyalty to his employer and prohibits an employee from taking advantage of a business opportunity that belongs to his employer, while still employed.

The court did say that an employee may plan, form and outfit a competing company while still working for his employer.  But that was as far as he can go.  He cannot commence competing with his employer.

What’s the point?  This was an easy decision for the court especially in view of the fact that Keane remained a 35% stockholder in AMG.  But the critical point was that an employee must be loyal to his employer while employed and not seize opportunities that would normally flow to his employer.  He can make preparations to leave, but cannot actively compete before doing so.

For more information and to raise any questions, please contact any of our business attorneys.

Michael Weissman

mweissman@lgattorneys.com

Please follow and like us:

Keeping your Trade Secrets Safe: The Runaway Employee

How can a business protect its critical information when an employee goes to work for a competitor? Many employers simply assume that if it deems information “confidential,” the law automatically protects it when an employee leaves and goes to work for a competitor.  That’s not necessarily the case.  In order to protect its confidential information, such as intellectual property, information, systems, customer lists, pricing information and the like, an employer must take affirmative steps long before the rogue employee leaves to ensure that its information is protected.  Such information can be protected from disclosure both under Illinois common law and pursuant to the Illinois Trade Secrets Act (“ITSA”).

An employer’s trade secrets, such as its customer lists, are a protectable interest. An employer has a clear and ascertainable right in protecting its trade secrets. To show information is a trade secret under ITSA, an employer must meet two threshold requirements. First, it must show the information was sufficiently secret to provide the employer with a competitive advantage. Second, the employer must show that it took affirmative measures to stop others from acquiring or using the information. Examples of steps employers typically take to keep information confidential include keeping the information under lock and key, limiting computer access, requiring confidentiality agreements, and other employer efforts to advise employees that the information imparted to them must be kept secret. Establishing this second prong is where employers typically fall short.

Where employers have invested substantial time, money, and effort to obtain a secret advantage, the secret should be protected from an employee who obtains it through improper means. Although employees may take general knowledge or information with them that they developed during their employment, they may not take confidential information, including trade secrets. The taking does not have to be a physical taking by actually copying the names. A trade secret can be misappropriated by physical copying or by memorization. Using memorization to rebuild a trade secret does not transform the trade secret from confidential information into non-confidential information. A trade secret can also be obtained through reverse engineering

Whether and how an employer keeps information secret is one of the most important factors when determining whether information is a trade secret. When information is generally known or understood in an industry, even if it is unknown to the public at large, it does not constitute a trade secret. If a business fully discloses information throughout an industry through a catalog or other literature, it is not considered a trade secret. If the information can be readily duplicated without considerable time, effort, or expense, it is not considered a trade secret. If a customer list, for example, is generally available to all employees and the employees are not required to sign confidentiality agreements, the list is likely not considered a trade secret.

By far the most litigation in this area is over whether an employer’s customer list is a confidential trade secret.  Whether customer lists constitute trade secrets largely depends on the facts of each case.  Customer lists and other customer information can be considered a protectable trade secret if the information has been developed by the employer over a number of years at great expense and kept under tight security. However, the same type of information is not protectable where it has not been treated as confidential and secret by the employer, was generally available to other employees and known by persons in the trade, could be easily duplicated by reference to telephone directories or industry publications, and where the customers on such lists did business with more than one company or otherwise changed businesses frequently so that their identities were known to the employer’s competitors.

Illinois courts have found that customer lists do not constitute protectable trade secrets where, for example: a) the particular industry was competitive and customers often dealt with multiple companies; b) the employer had failed to produce sufficient evidence to demonstrate that the customer list was subject to reasonable efforts to protect its secrecy; and c) sufficient efforts had not been taken to maintain the list’s secrecy. To be a protectable trade secret, the employer must demonstrate the information it seeks to protect was sufficiently secret to provide it with a competitive advantage. However, for steps to be deemed sufficient to protect a trade secret, extensive steps must be taken to protect both the electronic and hard copies of the purported trade secret.

For more information regarding the protection of a company’s confidential information, please contact:

Howard L. Teplinsky at:

(312) 368-0100 or hteplinsky@lgattorneys.com

Please follow and like us:

An Employer Can Be Liable for Accessing an Employee’s Personal Email Even if the Employee Engaged in Misconduct

Over the last several years, communication via email and text has become commonplace in the workplace. Oftentimes, employees use one device for both personal and work-related communication regardless of whether that device is employee-owned or employer-provided. There is no doubt that employers may have legitimate business reasons for monitoring employee communications. For example, an employee may leave the company and the employer is concerned that she has taken confidential information or illegally solicited clients. Employers feel entitled to review data stored on employer-provided, particularly where employees are instructed that the company owns the devices and has the right to monitor the data.  As a general rule, the law supports employers here.  An employer’s zeal to snoop, however, may subject it to both civil and criminal penalties under both federal and state statutes.

The Electronic Communication Privacy Act (ECPA) and the Stored Communications Act (SCA) both govern an employer’s ability to review electronic communications. The ECPA prohibits the interception of electronic communications, and the term “interception” as used in the ECPA has been interpreted narrowly. The SCA makes it illegal to “access without authorization a facility through which electronic communication service is provided,” making it illegal to obtain access to certain communications in electronic storage. With regard to an employer’s review of employee emails sent through web-based email accounts like Gmail or Hotmail, the most frequent scenario is where the former employer is able to access the former employee’s web-based email account because the employee saved his username and password on a device provided by the employer. In these cases, courts have typically sided with the former employee and have been reluctant to punish the former employee for failing to take appropriate steps to secure their own personal information and allegedly private communications.  The former employee’s own negligence in securing personal data is not a defense for the employer.

Bottom line – an employer should seek advice before accessing an employee’s personal email account without authorization even though it has the ability to do so.

For more information on this topic please contact:

Howard Teplinsky at:

312-368-0100 or hteplinsky@lgattorneys.com.

Please follow and like us:

Unexpected Liability for Service Providers

With “hacking” and identify thefts becoming all too common place, each service provider must place more and more emphasis on protecting itself from legal liability caused by not only its own actions, but the actions of the company(ies) to whom it outsources. This article provides an introduction to contracting for service providers with an eye toward gaining legal platform upon which to adequately defend itself, if necessary.

In addition to government compliance, which will vary depending upon the industry, any company that collects personal information during the course of providing its services must take steps to safeguard itself from legal liability arising due to unwanted disclosures.  One way to provide a legal safety net is to consider the applicable issues in the service provider’s agreement.  The following is an abbreviated checklist.

  1. Whether personally identifiable information will be provided to service provider’s employees, and if so, what measures are taken to narrowly tailor the need to expose such information to only those employees or third parties who need to know in order to provide the service.  In considering this, a service provider may want to consider identifying types of employees or third parties that may be exposed to such information, or even listing such persons and having them sign a confidentiality agreement with respect to such information.
  2. When does a service provider have to notify a customer of a security breach?   Is there an obligation to notify customers of a potential privacy-related compliance issue?  Or, only when a security breach has occurred?  If a security breach is defined, service providers will be required to undertake all tasks from notification to remediation and payment for such remediation upon receipt of a complaint.
  3. While necessary, service providers will want to limit their contractual obligations to comply with compliance with IT management standards such as the International Organization for Standardization certification.
  4. If the service provider receives credit card information of customers, then at the very least, the following issues must be considered:
    1. Limitation of access of personal information to authorized employees or parties
    2. Securing business facilities, data centers, paper files, servicers, backup systems and computing equipment (mobile and other equip with info storage capability;
    3. Implementing network/ device application, database and platform security
    4. Securing info transmission storage and disposal
    5. Implementing authorization and access controls with media, apps, operating systems and equipment
    6. Encrypting highly sensitive personal information stored on any mobile media
    7. Encrypting highly sensitive transmitted over public or wireless networks
    8. Strictly segregating personal information from and info of service provider or its other customers so that personal information is not commingled;
    9. Implementing appropriate personnel security and integrity procedures and practices (conducting background checks, and providing appropriate privacy and info security training to service providers’ employees.

If you have any questions regarding your liability for disclosure of personal information, please contact:

Natalie Remien at:

nremien@lgattorneys.com or (312) 368-0100.

Please follow and like us: