The fourth webinar of the 2012 series will focus on trade secret and client relationship considerations in the banking and finance industry, with a particular focus on a firm’s relationship with its FINRA members.

Topics will include:

• What practical steps can financial services institutions implement to protect trade secrets and client relationships

• What should you do if your trade secrets are improperly removed or disclosed, or if your former employee is violating his/her agreements

• How do you prosecute a case against a former employee who is a FINRA member

• The impact of the Protocol for Broker Recruiting on trade secrets and client relationships

Our panel consists of attorneys with experience advising clients on restrictive covenant and trade secret issues and is recommended for in-house counsel and business leaders who handle trade secret or business litigation matters. CLE credit will be available for participants. You can register here.

The New Jersey General Assembly voted today on a new version of an employee social media privacy bill which incorporates revisions suggested by Governor Chris Christie when he conditionally vetoed the bill on May 6, 2013. The Assembly passed the revised version with an overwhelming vote of 74-0. The bill is expected to receive similar support in the Senate, where the earlier version passed 28-0, and from Governor Christie.

Like its predecessor, the revised bill prohibits employers from requiring employees and candidates to disclose user names, passwords, or other login information for accessing their social media accounts like Facebook or Twitter. The revised bill, however, attempts to balance employee privacy concerns against the needs of employers to hire appropriate personnel, manage their operations, and protect their proprietary information. Governor Christie signed a similar law in December 2012, prohibiting colleges and universities from requiring applicants and students to disclose their social media accounts and passwords.

The Requirements of the Bill

Under the proposed law, employers are prohibited from requiring or requesting employees or job candidates to disclose login information for their personal social media accounts. Any agreement between an employer and an employee or candidate to waive the privacy protections of the bill would be void and unenforceable.

The revised bill also prohibits employers from retaliating or discriminating against any employee or candidate who:

•Refuses to provide login information for his or her social media accounts;

•Reports an alleged violation of the law to the Commissioner of Labor and Workforce Development;

•Testifies, assists, or participates in an investigation concerning a violation of the law; or

•Otherwise opposes a violation of the law.

The revised bill eliminates a controversial provision that would have prohibited employers even from asking an employee or candidate if he or she has any social media accounts. In his conditional veto statement, Governor Christie recommended that this provision be removed because it “paint[ed] with too broad a brush.” For example, the Governor worried that, as written, the bill would have prohibited an employer interviewing a candidate for a marketing job from inquiring as to the candidate’s use of social networking so as to gauge his or her technology skills and media savvy.

Enforcement

Perhaps the most significant revision in the new bill is the elimination of a provision that would have allowed employees or candidates to bring civil suits seeking money damages, injunctive relief and attorneys’ fees against employers for alleged violations. This provision raised the specter of frivolous lawsuits by employees or candidates that would nevertheless prove costly for employers to defend against.

The revised bill limits enforcement to a civil penalty of up to $1,000 for the first violation and up to $2,500 for each subsequent violation.

Employer Protections

In addition to scaling back some of the prior bill’s more onerous aspects, the revised bill contains provisions that affirmatively protect employers’ ability to continue to use social media and comply with other laws and regulations:

•The previous version of the bill prohibited employers from requiring access to employee or candidate “personal account[s]” but did not define the term. That was problematic because many employers have company social media accounts that are managed or curated by particular employees. Without statutory guidance, the ambiguity between what is a “business account” and what is a “personal account” created the potential for employers to be held liable for requesting login information to accounts that they viewed as their own. The revised bill addresses this problem by defining a “personal account” as one that is used by an employee or candidate exclusively for personal communications unrelated to any business purposes of the employer. An account is not personal, and therefore not subject to the privacy protections of the bill, if it is used by an employee for the business purposes of his or her employer.

•Employers may continue to implement policies pertaining to the use of company-issued electronic devices or social media accounts used by employees for business purposes.

•Employers may continue to conduct investigations to ensure compliance with applicable laws or regulations, or prohibitions against workplace misconduct on the basis of specific information about activity on a personal account by an employee.

•Employers may continue to investigate specific allegations that an employee is transferring proprietary information or financial data to a personal account.

•Employers may continue to view and act on information pertaining to an employee that is available in the public domain.

An Illinois federal court recently found in the favor of the defendant on a plaintiff’s Computer Fraud and Abuse Act claim because the plaintiff allegedly failed to satisfy the statute’s $5,000 damages threshold.

The plaintiff, a computer consulting servicing company which spent time restoring its client’s computer network (a Chicago law firm) after it was allegedly hacked by the plaintiff’s former employee,  sued the former employee for violation of CFAA, among other claims.

CFAA’s damages requirement.  The CFAA requires that a plaintiff prove the damage or loss resulted in losses to one or more persons during any one year period aggregating at least $5,000 in value. 18 U.S.C. § 1030(c)(4)(A)(i).  Summary judgment was entered against the plaintiff in the case for failure to show sufficient damages.  Technology Sourcing, Inc. v. Griffin, Case No. 10 C 4959 (N.D. Ill., 4/30/13).

Lawsuit filed against an alleged hacker.  TSI filed the lawsuit seeking to recover the value of the time it claimed it spent in restoring service to its client’s computer network which crashed after being hacked. TSI’s client was not a party to the lawsuit and apparently incurred no significant expense as a result of the hacking.  

Responsibility for the computer network crashing.  On June 10, 2010, TSI fired Griffin, its primary technician.  Seven weeks later, one of TSI’s clients reported that its server and network were inoperative. In the course of investigating the disruption and restoring the client’s computer service at no cost to the client, TSI learned that the shutdown likely was caused by an unauthorized user twice attempting to log into the client’s server. The unauthorized user’s printer name belonged to Griffin. Suspecting that he was the hacker, the plaintiff sued him in federal court in Chicago. 

Summary judgment denied to the plaintiff and granted to the defendant.  After discovery was completed, both parties moved for summary judgment.  The court held that partial summary judgment for the defendant was appropriate with respect to the plaintiff’s CFAA count because TSI presented no “evidence that data was destroyed, erased, manipulated, [or] sent to a third party.”  Further, the plaintiff’s president’s deposition testimony, and his belated affidavit which was inconsistent in part with his testimony, did not satisfy the court that the $5,000 damages threshold was met.  The remaining claims — state law pendent jurisdiction causes of action — were dismissed without prejudice, as a matter of the court’s discretion, to be pursued in state court if TSI chose to do so. 

Takeaways from this decision.  Unlike TSI’s lawsuit, in the typical CFAA case, the plaintiff’s computer, not a third party computer, is alleged unlawfully accessed.  Also unlike TSI’s lawsuit, the usual contention is either that data from the plaintiff’s computer was used without permission by the person(s) who wrongfully accessed the computer or that the data was provided to someone else who used it without permission.  The Technology Sourcing, Inc. opinion further indicates how difficult it is to state a justiciable CFAA claim when the only alleged damages are unbilled time incurred by a service technician spent in restoring a computer network which crashed due to alleged hacking.

California partners Robert Milligan and Jim McNairy will be presenting at a day long Bridgeport Trade Secret and Cybersecurity Program in Los Angeles on May 17th.

Trade secret litigation and employee mobility cases are the hottest areas of intellectual property and employment litigation. More and more senior level executives and employees are leaving one company to start or join a direct competitor. This program will provide participants with advice on how to protect company trade secrets, guard against employee raids, recruit from competitors without getting sued, and deal with the important issues that arise when employees leave to compete with their former employers. The program will also have cybersecurity as a component discussing the latest risks and best protections for businesses.

Robert will serve as a program moderator as well as lead one presentation on cybersecurity risks and protection strategies and a second presentation on trade secret case decision-making and solutions. Jim will lead a presentation on trade secret basics. They will be joined by notable attorneys from the MGA/Mattel and Gundlach/TCW cases and a US Attorney who specializes in handling cyberattacks and trade secret cases. Bridgeport is offering Seyfarth clients a discount if they register online. Please contact your Seyfarth attorney for additional details.

We have previously

Although the federal case against Aleynikov has long since ended, Aleynikov is now facing a second prosecution in the New York state courts.  In January 2013, Aleynikov and his attorney argued that these charges were similar to the original federal charges, and were being brought “only because federal prosecutors couldn’t get him.”  Aleynikov’s lawyer, Kevin Marino, argued that the state prosecution amounted to double jeopardy, and violated his client’s Fifth Amendment rights.  However, in a ruling last month, Judge Ronald Zweibel rejected this argument, finding successive prosecutions in federal and state court were not prohibited. Furthermore, the successive prosecutions were not barred because the federal and state cases had been filed under separate statutes: the federal charges were filed under the National Stolen Property Act and the Economic Espionage Act, while the state cases were filed under the New York Code.  As a result, Judge Zweibel found that this was not a case of double jeopardy. 

Additionally, Judge Zweibel rejected Aleynikov’s argument that the prosecution was “inhuman,” stating, “unfortunately for the defendant, his character does not warrant a dismissal in the furtherance of justice.   Judge Zweibel also rejected Aleynikov’s claims that the state charges against him were barred by collateral estoppel.  Aleynikov’s attorney, Kevin Marino, expressed disappointment in the ruling, but “remain[ed] confident Mr. Aleynikov is not guilty and will again be exonerated.”  

We will continue to keep you apprised of future developments as the case continues.

A designer and marketer of stereophonic technology for presenting 3-D imaging on a computer screen recently sued some ex-employees in a California federal court for allegedly violating the federal Computer Fraud and Abuse Act (CFAA), among other claims. At some point, the ex-employees allegedly downloaded their former employer’s confidential computer code and provided it to their new employer, a competitor.  The defendants moved to dismiss on the grounds that there was no allegation as to exactly how or when the ex-employees obtained the code.  In response to the motion, the plaintiff said it would need discovery in order to ascertain that information.   

The court granted the motion and dismissed the complaint for failure to plead “facts giving rise to a valid claim under the CFAA.”  The plaintiff was allowed 30 days “to amend, keeping in mind Rule 11 [the federal civil procedure sanctions rule], if Plaintiff is able to plead facts giving rise to a valid CFAA claim.”  Metabyte, Inc. v. Nvidia Corp., Case No. 12-0044 SC (N.D. Cal., Apr. 22, 2013).    

The CFAA prohibits “access[ing] a computer without authorization or exceed[ing] authorized access.”  Some federal courts, such as the Ninth Circuit Court of Appeals, interpret that phrase narrowly and typically only find a violation if the “access” occurs by someone who was not authorized to use that computer or in excess of that authorization.  See, e.g., U.S. v. Nosal, 676 F.3d 854 (2012) (en banc) and LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (2009).   

Some other federal courts, including the Seventh Circuit Court of Appeals, disagree.  They hold that, under the CFAA, use of a computer to misappropriate is unlawful even though the user was authorized to access the computer for lawful purposes.  See, e.g., International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2008). 

In addition to charging the individual defendants with violation of the CFAA, Metabyte accused Nvidia of violating the California Unfair Competition Law (UCL).  Nvidia moved to dismiss the claim on the ground that it was pre-empted by the U.S. Copyright Act because Metabyte simply accused Nvidia of selling copies of products for which Metabyte had a copyright.  The court agreed and dismissed that claim with prejudice.

Metabyte pled some causes of action besides those based on the CFAA and the UCL.  For example, Metabyte claimed copyright infringement, breach of contract, and misappropriation of trade secrets.  With respect to the CFAA claim, however, there is little likelihood that within a period as short as 30 days Metabyte will be able to learn sufficient relevant facts to adequately support an allegation of hacking or other actionable conduct.  In the future, plaintiffs averring CFAA violations for misappropriation of confidential information by use of a computer, but uncertain exactly how or when the defendant obtained the information and/or access to the computer, would be well advised to carefully consider whether the federal circuit in which they plan to sue permit such claims. 

Does using a labeled truck identifying your company to deliver products to your clients make your client list publicly available? Will doing so undermine protecting your client list as a trade secret?  Last month, the defendant in a case before a federal district judge in California tried to make that argument, and while the case was decided on other grounds, it does pose some interesting questions for trade secret litigants attempting to protect customer lists. While many businesses do not necessarily consider the identity of their clients trade secrets in the Internet and social media age, some still closely guard the identity of their customers and believe that at a minimum such information is confidential or proprietary, if not a trade secret.

On April 8, 2013, the court in Magic Laundry Services, Inc. v. Workers United Service Employees International Union granted the defendant’s special motion to strike four claims, including misappropriation of trade secrets, interference with contract, defamation, and trespass. The case poses an interesting question, namely, whether the use of labeled delivery trucks for deliveries to clients prevents a company from gaining trade secret protection for their client list.  Magic Laundry Services, Inc.’s (“Magic Laundry”) lawsuit stemmed from the defendant Workers United Service Employees International Union’s (“WUSEIU”) alleged attempts to unionize its employees.  According to Magic Laundry, Defendant allegedly created flyers describing the poor working conditions at the company, spoke to its customers and sent them letters regarding these conditions.  Defendant also allegedly organized a secondary boycott of Magic Laundry’s customers, and petitioned both local and national political entities regarding working conditions.

In deciding the motion to strike, the court addressed the following causes of action:

Interference with Contract

Magic Laundry alleged that WUSEIU’s actions were designed to disrupt Magic Laundry’s contracts with third parties, which made the performance of contracts challenging.  Defendant’s however, alleged that Section 7 and 8 of the National Labor Relations Act (NLRA) permitted their actions, as it provided the right to unionize. The court agreed, finding that the defendant’ actions were “squarely within the purview of the NLRA.”  Furthermore, there were no allegations of violence which would remove the claim from the purview of the NLRB.

Defamation

Magic Laundry alleged that WUSEIU’s actions were defamatory in nature.  However, the court found otherwise, holding that Magic Laundry had not made any showing of malice.  According to the court, “Magic Laundry apparently concedes that it does not have evidence” to show that some of the statements were false.

Trespass

Magic Laundry alleged that defendant’s members entered their private property.  However, Defendant denied the allegations of trespassing, and argued that even if they did enter the property, their actions are exempt under the California law which exempts those engaging in lawful union activity from its trespass statutes.  The court agreed, finding Defendant’s conduct was exempt, and dismissing the claim.

Misappropriation of Trade Secrets

Magic Laundry alleged that its customer list, which WUSEIU used to send letters regarding working conditions, was a trade secret, and had been improperly acquired by WUSEIU.  The Defendant argued that the information was not a trade secret, since Magic Laundry’s market trucks publicly delivered to their clients’ locations, and therefore, the clients’ locations were public knowledge. The court found no evidence that the list had been acquired via improper means, or that Plaintiff’s had properly proved damages.  Furthermore, there was no evidence that the disclosure of the client’s locations harmed Magic Laundry in any manner.  Magic Laundry narrowed the claim to encompass only prospective employees, however, the court still found that there was insufficient evidence to support Magic Laundry’s contention that the Defendant was aware of the potential client list was improperly disclosed.  Accordingly, the court found that Plaintiff had failed to make a prima facie showing of trade secret misappropriation.

RICO Claims

Magic Laundry also asserted a number of Racketeer Influenced and Corrupt Organizations (“RICO”) claims against the Defendant.  The court appeared skeptical of these claims, stating in the order that it “is dubious that Magic Laundry can allege a proper RICO claim.”  Nonetheless, the court permitted Magic Laundry to amend its claims, but warned that there would be no subsequent amendment of the complaint. The case was subsequently dismissed without prejudice.

Takeaway

From a trade secret litigation perspective, Defendant’s argument that Plaintiff’s well-labeled delivery trucks appear in public at the location of their clients was sufficient to render Plaintiff’s customer list public knowledge is interesting, particularly since businesses often like to advertise some of their significant customers on their websites or otherwise. The court never specifically adopted this argument, yet it did not reject it either in deciding to strike the claim.  Instead, the court found that Plaintiff failed to show damages or improper disclosure.  As one expert points out, the argument “seems like a stretch” and “could place any company that delivers its products to or services its customers using marked vehicles in jeopardy of losing trade secret protection for its client list.”  Whether courts will adopt this reasoning in future trade secret cases involving customer lists remains to be seen. It serves as a reminder that companies should be careful about their public disclosures to or regarding customers particularly if they consider their customers identity trade secret or confidential information.

The new law adopts a version of the Uniform Trade Secrets Act.

The law will take effect on September 1, 2013 and will apply to a misappropriation of trade secrets that takes place on or after that date.

I summarized some of the major changes brought about by the new law in my prior blog post.

The full text of the new law can be found here.

Big Data involves the management and analysis of increasingly large and complex amounts of data. The rapidly accumulating and torrential amount of data produced every second from social media, mobile devices, and everyday transactions have fueled the rise of this revolution. The ability to analyze this wealth of information has allowed companies in a wide range of industries to make better real-time decisions and more accurate predictions in their daily business dealings.

Robert will discuss how this exciting new phenomenon has already shifted certain traditional ways of thinking in many industries, including retail, government, education, finance, insurance, and healthcare. For example, some companies are using Big Data to identify and address issues within their organization to lower their insurance premiums. In particular, companies may analyze their internal complaints to discover whether the frequency or nature of certain complaints is correlated with a certain department, geographic region, employee position, or major event. The companies then focus their resources and efforts to address these areas and reduce the likelihood of future issues. Accordingly, the companies cite these proactive activities to support their requests for lower insurance premiums or other cost savings.

For example, through its Big Data analytics, Google demonstrated through its Flu Trends website that it can effectively monitor and track in real-time the outbreak of the flu by analyzing its billions of Internet search queries (not just a sample) for flu related keywords. Google has shown to predict flu outbreaks faster, more accurately, and with more location details than the Center for Disease Control.

Robert will further discuss that with the well-recognized benefits and the increased collection of personal and consumer information, there are incumbent risks to privacy. The data minimization and the current notice and consent privacy framework, however, is ill-suited to capture the benefits of Big Data, which derives the most value from the secondary use of data that was initially unimaginable. Further, anonymization and other methods of removing identifiable information may not effectively protect privacy in Big Data. Companies that embrace this new phenomena and venture into the Big Data realm must be careful and thoughtful to navigate the current privacy framework.

Please see Robert and Joshua Salinas’ paper entitled “The Big Data Revolution: Should The Internet Learn To Forget?”

Additionally, Seyfarth attorneys Yandie Fashu-Kanu and Joshua Salinas will be presenting at the IP Committee meeting on Hot Topics in US IP Law on May 1st.

The ITechLaw 2013 World Technology Law Conference & Annual Meeting features sessions led by speakers from around the world, which will focus on bringing attendees up to speed on the newest technology law developments and their application to business.

You can find more information about the conference here. If you are attending the conference, please visit our Seyfarth booth. Look forward to seeing you there.

By Jessica Mendelson and Grace Chuchla

Litigants ought to think twice before deleting their Facebook profiles.  Just this month, a New Jersey federal judge issued sanctions against a litigant in a personal injury case for deleting his Facebook profile after agreeing to grant defense counsel access to the profile.

In Gatto v. United Air Lines, the plaintiff, Gatto was a former ground operations supervisor at John F. Kennedy International Airport in New York.  Gatto sued as a result of injuries he allegedly incurred on the job.  Gatto claimed a set of  fueler stairs had crashed into him allegedly resulting in permanent disabilities which left him unable to work.

During the discovery phase of the case, the defendants sought discovery of Gatto’s social networking sites.  The parties agreed Gatto would provide his password to defense counsel after he had changed it.  Defense counsel subsequently logged into Gatto’s Facebook account and printed out portions of his Facebook page.  Defendants also sent a signed authorization to Facebook so that they could access the account, but Facebook objected, suggesting that defendants ask Gatto to download his own account information.

Following the defendants’ access of  his Facebook account, Gatto allegedly received notice that his account had been accessed from an unfamiliar IP address.  Gatto deactivated the account allegedly for fear it had been hacked.  This led to the deletion of the contents of the account, and defendants brought a motion for spoliation sanctions.

The court held that to issue sanctions, it needed to find four factors: “(1) the evidence was within Gatto’s control; (2) the evidence was actually suppressed or withheld by Gatto; (3) the destroyed evidence was relevant to claims or defenses in the case; and (4) Gatto should have reasonably foreseen that the evidence would be discoverable.

The court found that the first, third, and fourth factors were present.  Gatto argued that he did not intend to destroy anything, but rather, deactivated the account because he had previously been hacked, and feared it was happening a second time.  The court, however, noted that the adverse inference instruction was designed to level the playing field if one party has been prejudiced by destruction, and therefore, whether Gatto actually had intent was “largely irrelevant.” No matter his excuse, Gatto “effectively caused the account to be permanently deleted,” which rendered a spoliation inference appropriate. As such, the court permitted an instruction to be given to the jury that they may draw adverse consequences from the deletion of Gatto’s profile.

Gatto is just the most recent case on the discovery of social media and the consequences for the spoilation of such of evidence, and there will likely continue to be more in the future.  Recently, in Lester v. Allied Concrete Co., a Virginia court sanctioned a party and his lawyers in a wrongful death suit for intentionally destroying a Facebook page.  In that case, the opposing party requested discovery of the contents of the plaintiff’s Facebook page after it obtained a photo of the plaintiff wearing an  “I ♥ hot moms” T-shirt.  After the plaintiff had been questioned about the shirt at deposition, his attorney instructed him to “clean up” the account to prevent “blowups of this stuff at trial.”  The account was removed, and defense counsel was told that the plaintiff had no Facebook page.  The account was later reactivated and the contents were produced, with the exception of a number of objectionable photos.  Although the jury found in favor of the plaintiff, the court sanctioned plaintiff and his attorney for spoliation as a result of the deletion of the page.

Gatto and Lester are important as both cases suggest the changing face of discovery as a result of the prevalence of social media in today’s world.  A social media profile is by no means safe from discovery, and as a result, parties should be careful about what is being revealed online.  Parties to ongoing litigation should be careful not to delete or deactivate their accounts, as they may be fair game for discovery. Social media profiles have become the source of highly relevant and discoverable evidence and should be treated with the same preservation care that any other hard copy documents and traditional forms of electronically stored information are given during litigation.