How can a business protect its critical information when an employee goes to work for a competitor? Many employers simply assume that if it deems information “confidential,” the law automatically protects it when an employee leaves and goes to work for a competitor. That’s not necessarily the case. In order to protect its confidential information, such as intellectual property, information, systems, customer lists, pricing information and the like, an employer must take affirmative steps long before the rogue employee leaves to ensure that its information is protected. Such information can be protected from disclosure both under Illinois common law and pursuant to the Illinois Trade Secrets Act (“ITSA”).
An employer’s trade secrets, such as its customer lists, are a protectable interest. An employer has a clear and ascertainable right in protecting its trade secrets. To show information is a trade secret under ITSA, an employer must meet two threshold requirements. First, it must show the information was sufficiently secret to provide the employer with a competitive advantage. Second, the employer must show that it took affirmative measures to stop others from acquiring or using the information. Examples of steps employers typically take to keep information confidential include keeping the information under lock and key, limiting computer access, requiring confidentiality agreements, and other employer efforts to advise employees that the information imparted to them must be kept secret. Establishing this second prong is where employers typically fall short.
Where employers have invested substantial time, money, and effort to obtain a secret advantage, the secret should be protected from an employee who obtains it through improper means. Although employees may take general knowledge or information with them that they developed during their employment, they may not take confidential information, including trade secrets. The taking does not have to be a physical taking by actually copying the names. A trade secret can be misappropriated by physical copying or by memorization. Using memorization to rebuild a trade secret does not transform the trade secret from confidential information into non-confidential information. A trade secret can also be obtained through reverse engineering
Whether and how an employer keeps information secret is one of the most important factors when determining whether information is a trade secret. When information is generally known or understood in an industry, even if it is unknown to the public at large, it does not constitute a trade secret. If a business fully discloses information throughout an industry through a catalog or other literature, it is not considered a trade secret. If the information can be readily duplicated without considerable time, effort, or expense, it is not considered a trade secret. If a customer list, for example, is generally available to all employees and the employees are not required to sign confidentiality agreements, the list is likely not considered a trade secret.
By far the most litigation in this area is over whether an employer’s customer list is a confidential trade secret. Whether customer lists constitute trade secrets largely depends on the facts of each case. Customer lists and other customer information can be considered a protectable trade secret if the information has been developed by the employer over a number of years at great expense and kept under tight security. However, the same type of information is not protectable where it has not been treated as confidential and secret by the employer, was generally available to other employees and known by persons in the trade, could be easily duplicated by reference to telephone directories or industry publications, and where the customers on such lists did business with more than one company or otherwise changed businesses frequently so that their identities were known to the employer’s competitors.
Illinois courts have found that customer lists do not constitute protectable trade secrets where, for example: a) the particular industry was competitive and customers often dealt with multiple companies; b) the employer had failed to produce sufficient evidence to demonstrate that the customer list was subject to reasonable efforts to protect its secrecy; and c) sufficient efforts had not been taken to maintain the list’s secrecy. To be a protectable trade secret, the employer must demonstrate the information it seeks to protect was sufficiently secret to provide it with a competitive advantage. However, for steps to be deemed sufficient to protect a trade secret, extensive steps must be taken to protect both the electronic and hard copies of the purported trade secret.
For more information regarding the protection of a company’s confidential information, please contact:
(312) 368-0100 or firstname.lastname@example.org
Over the last several years, communication via email and text has become commonplace in the workplace. Oftentimes, employees use one device for both personal and work-related communication regardless of whether that device is employee-owned or employer-provided. There is no doubt that employers may have legitimate business reasons for monitoring employee communications. For example, an employee may leave the company and the employer is concerned that she has taken confidential information or illegally solicited clients. Employers feel entitled to review data stored on employer-provided, particularly where employees are instructed that the company owns the devices and has the right to monitor the data. As a general rule, the law supports employers here. An employer’s zeal to snoop, however, may subject it to both civil and criminal penalties under both federal and state statutes.
The Electronic Communication Privacy Act (ECPA) and the Stored Communications Act (SCA) both govern an employer’s ability to review electronic communications. The ECPA prohibits the interception of electronic communications, and the term “interception” as used in the ECPA has been interpreted narrowly. The SCA makes it illegal to “access without authorization a facility through which electronic communication service is provided,” making it illegal to obtain access to certain communications in electronic storage. With regard to an employer’s review of employee emails sent through web-based email accounts like Gmail or Hotmail, the most frequent scenario is where the former employer is able to access the former employee’s web-based email account because the employee saved his username and password on a device provided by the employer. In these cases, courts have typically sided with the former employee and have been reluctant to punish the former employee for failing to take appropriate steps to secure their own personal information and allegedly private communications. The former employee’s own negligence in securing personal data is not a defense for the employer.
Bottom line – an employer should seek advice before accessing an employee’s personal email account without authorization even though it has the ability to do so.
For more information on this topic please contact:
Howard Teplinsky at:
312-368-0100 or email@example.com.
With “hacking” and identify thefts becoming all too common place, each service provider must place more and more emphasis on protecting itself from legal liability caused by not only its own actions, but the actions of the company(ies) to whom it outsources. This article provides an introduction to contracting for service providers with an eye toward gaining legal platform upon which to adequately defend itself, if necessary.
In addition to government compliance, which will vary depending upon the industry, any company that collects personal information during the course of providing its services must take steps to safeguard itself from legal liability arising due to unwanted disclosures. One way to provide a legal safety net is to consider the applicable issues in the service provider’s agreement. The following is an abbreviated checklist.
If you have any questions regarding your liability for disclosure of personal information, please contact:
Natalie Remien at:
firstname.lastname@example.org or (312) 368-0100.