On May 11, 2016, President Obama signed the Defend Trade Secrets Act (“DTSA”) into law, which gives United States companies new legal weapons to use in the fight against foreign and domestic entities that steal trade secrets. Among other things, the DTSA:

• Provides federal civil remedies for the misappropriation of trade secrets;

• Establishes a body of federal trade secret law that applies throughout the United States and to actions in foreign countries that are in furtherance of an offense committed in the United States;

• Offers a variety of civil remedies, including seizure of property and damages based on actual losses, unjust enrichment, and/or reasonable royalties. Exemplary damages of twice actual damages, plus attorney’s fees, may be awarded for willful misappropriation of trade secrets;

• Requires notice of whistle-blower immunities in non-disclosure agreements with employees, contractors, and consultants, as a condition of the availability of exemplary damages and attorney’s fees;

• Allows plaintiffs to proceed in federal court or state court;

• Increases criminal penalties for cyber theft.

The DTSA and its implications suggest that United States companies should consider taking the following actions:

Action Item One: Evaluate and Strengthen Cyber Security

The DTSA and other recent legal developments beyond the scope of this article suggest at least three reasons why companies should take a comprehensive look at the way they protect their trade secrets and confidential customer information from cyber attacks.

First, the circumstances that led to the adoption of the DTSA remind us that inadequate cyber security can result in huge economic losses to businesses with trade secrets. According to the House Judiciary Committee:

The United States Department of Defense has found that every year, ‘an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies.’ General Keith Alexander, former head of the National Security Agency and U.S. Cyber Command, estimated that U.S. companies lose $250 billion per year due to the theft of their intellectual property. More recently, the Center for Responsible Enterprise and Trade, along with PwC, issued a report estimating that trade secret theft exacts a cost on U.S. companies of between one and 3 percent of GDP annually, roughly a cost of between $160 and $480 million each year.

It is much easier and less expenses to invest in appropriate protection of intellectual property assets than it is to try to recover losses resulting from cyber theft under the DTSA.

Second, the DTSA—and state trade secret laws—will not protect trade secrets unless, “[T]he owner thereof has taken reasonable measures to keep such information secret.” 18 U.S.C. § 1839(3)(A). State courts have assessed computer security to determine whether reasonable measures were taken to protect trade secrets and have sometimes held that trade secret status was lost as a result of inadequate protections. In the context of the protection of confidential and sensitive customer information, there is a growing body of statutes, regulations, and enforcement actions that make it unlawful, and therefore unreasonable, to have inadequate cyber security. Companies may risk losing their trade secret protection if they fail to take reasonable measures to prevent cyber theft.

Third, companies that gather sensitive customer information are already legally obligated under both general and industry-specific federal laws to take reasonable measures to protect the information from improper use or disclosure. Inadequate cyber security exposes such companies to various forms of legal liability.

Therefore, companies should invest time and money in analyzing and strengthening their cyber security and data protection procedures. From a technical perspective, a good starting point is to perform the cyber security analysis outlined in Framework for Improving Critical Infrastructure Cybersecurity,[1] which was issued by the National Institute of Standards and Technology (“NIST”) in 2014. From a legal perspective, companies should also evaluate the specific legal requirements that apply to their protection of confidential information.

Action Item Two: Revise Non-Disclosure Agreements

In the future, as required by the DTSA, companies should include notices in their non-disclosure agreements with their employees, contractors, and consultants that certain limited disclosures of trade secret information are immune from civil or criminal liability. If proper notice is given, then companies will be entitled to seek exemplary damages of up to twice the amount of their actual damages, plus attorney’s fees. This notice should be included in any contract with non-disclosure provisions in which the other party is performing services for or providing goods to the company.

In addition, companies should consider revising the following provisions of all of their non-disclosure agreements:

Choice of Laws; Choice of Forum. The DTSA is modeled in part on the Uniform Trade Secrets Act (“UTSA”) that has been adopted in various forms by 48 states. For example, the definitions of “trade secret” and “misappropriation” are closely modeled on the UTSA. Other provisions, however, such as the DTSA statute of limitations (three years under the DTSA), may differ from applicable state law provisions. But the DTSA does not preempt state law remedies, nor does it require companies to choose between federal and state remedies in advance. Therefore, companies should preserve their options by specifying that both federal and state law governs the agreement. The same holds true for specifying the courts in which an action can be brought, although a case initially brought in state court under the DTSA may be removed to federal court if the defendant so chooses.

Cumulative Remedies Clause. The rights and remedies under the non-disclosure agreement can be in addition to the rights and remedies specified under federal and state law. The non-disclosure agreement should make clear that the parties intend the rights and remedies under the agreement to be cumulative and in addition to rights and remedies otherwise available under law.

Attorney’s Fees. The DTSA allows the grant of attorney’s fees in the event of willful and malicious misappropriation, but a non-disclosure agreement can entitle the prevailing party in a dispute under the agreement to attorney’s fees as a matter of contract, without requiring a showing of willfulness or maliciousness.

Conclusion

The DTSA signals the growing dangers of cyber theft and provides valuable federal remedies. Companies should consider taking two actions in response to its adoption: evaluating and improving their cyber security from a technical and legal standpoint, and revising their non-disclosure agreements. Offit Kurman would be glad to assist in this process.
Available at: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf

ABOUT DAVID GREBER

Mr. Greber is a Principal in Offit Kurman’s Business Law and Transactions Practice Group. His extensive business law experience includes representation of companies and corporations in all stages of their business life-cycle, from initial founding, through growth and expansion, to sale. His intellectual property law practice includes the protection of copyrights, trademarks, and trade secrets. He has also represented clients in state and federal court in a variety of civil litigation matters, including disputes among business owners and cases involving infringement of intellectual property rights.

ABOUT OFFIT KURMAN

Offit Kurman is one of the fastest-growing, full-service law firms in the Mid-Atlantic region. With over 120 attorneys offering a comprehensive range of services in virtually every legal category, the firm is well positioned to meet the needs of dynamic businesses and the people who own and operate them. Our eight offices serve individual and corporate clients in the Maryland, Delaware, New Jersey, and Northern Virginia markets, as well as the Washington DC, Baltimore, Philadelphia, and New York City metropolitan areas. At Offit Kurman, we are our clients’ most trusted legal advisors, professionals who help maximize and protect business value and personal wealth. In every interaction, we consistently maintain our clients’ confidence by remaining focused on furthering their objectives and achieving their goals in an efficient manner. Trust, knowledge, confidence—in a partner, that’s perfect.

You can connect with Offit Kurman via our Blog, Facebook, Twitter, Google+, YouTube, and LinkedIn pages. You can also sign up to receive Law Matters, Offit Kurman’s monthly newsletter covering a diverse selection of legal and corporate thought leadership content.

MARYLAND | PENNSYLVANIA | VIRGINIA| NEW JERSEY | NEW YORK | DELAWARE | WASHINGTON, DC