The authors would like to thank Nicole Brenner for her contribution to this post.

Trade secrets offer companies an invaluable advantage over competitors, but only if the company maintains secrecy and responds promptly to threats. If a company’s success depends on its trade secrets, the protections in place to maintain those secrets will be scrutinized in the event of any breach. A previous article in this series discussed the legal and practical ways companies can protect themselves from industrial espionage, including the “reasonable measures” companies must take to protect trade secret information. 18 U.S.C. § 1836. But if there is already a perceived loss of trade secrets, then the company must be prepared to defend the systems in place to monitor any traces of unusual or dangerous behavior. Even if a company takes all reasonable measures to keep proprietary information secret, it is difficult to avoid all potential threats. Yet threats to company trade secrets are increasing, especially technology thefts. Frequently, such thefts are perpetuated by a company’s own employees.

Responding to a Potential Threat

Companies with trade secrets must prepare a response plan to limit future threats and minimize damage to the company’s value and reputation. Any response plan must be communicated to all employees, with clear procedures to ensure a quick response following the potential loss of trade secrets. The company must establish management protocols to identify, report and address breaches or inadvertent disclosures of confidential information. An effective response plan will help safeguard confidential information and put a company in a better litigation position, should there be an issue in the future.

Best Practices for a Response Plan

Companies should consider forming a threat management team led by a member of senior management to address any potential issues. Further, employees should be encouraged to report any suspicious activity or suspected threat to trade secrets. Because prompt responses to any perceived loss is imperative, the company must inform employees of reporting pathways and procedures.

Keeping this in mind, company response plans should:

Identify Team Members: Company management should form a team tasked with responding to threats to trade secrets. Each member should have clear roles, responsibilities, and decision-making authority. In forming a response team, company management should use employees with expertise in IT and cyber-security issues.

Reporting Channels: The response plan should articulate clear disclosure policies that explicitly detail how threats will be disclosed internally at the company. The policies should consider identifying confidential channels for employees to use to notify the company of suspicious behavior related to possible threats to company trade secrets. The plan should also emphasize the urgency employees should have in responding to such threats and the need to terminate access of the threat actors as soon as practicable. When a company discovers that there has been a potential trade secret theft, it must act quickly. If the trade secret has been compromised by an outgoing or former employee, the company must ensure that individual’s access to company resources has been terminated.

Investigation: If an individual attempts to steal a company’s trade secret, the company should be mindful of its reporting obligations and consider initiating an investigation to determine the extent of the unauthorized access. If the incident involves a current or former employee, the company may demand that the employee return any stolen materials and refrain from using or disclosing any trade secrets. Investigations may also involve hiring private investigators. For example, in United States v. Krumrei, when a company feared that an employee was providing company trade secrets to a competitor, the company began an investigation and hired a private investigator to approach the defendant, posing as a representative from the competitor. 258 F.3d 535, 537 (6th Cir. 2001). Based on the proprietary information the defendant conveyed in this meeting, his trade secret theft conviction was affirmed, and the evidence was sufficient to establish that he knew his actions were illegal. Id. at 538-539.

Law Enforcement: If unauthorized access could potentially impact national or economic security, the company should also consider contacting law enforcement. Local, state or federal law enforcement may help mitigate ongoing damage and reduce long-term consequences for the company.[1]

Litigation Options: In addition to determining whether law enforcement should be contacted, legal counsel can help determine whether the company has a strong litigation position. As detailed in a previous article, if trade secrets were stolen, a temporary restraining order or preliminary injunction may be warranted.

It should be noted, however, if counsel determines that a preliminary injunction is the best course of action, the company must act quickly or risk being precluded from bringing a claim. Charlesbank Equity Fund II, Ltd. P’ship v. Blinds To Go, Inc., 370 F.3d 151, 163 (1st Cir. 2004) (where the court held that the plaintiff’s “cries of urgency are sharply undercut by its own rather leisurely approach to the question of preliminary injunctive relief. It waited more than a year after the commencement of the action to seek an injunction.”); Alexander & Alexander, Inc. v. Danahy, 21 Mass. App. Ct. 488, 494-95 (1986) (“Unexplained delay in seeking relief for allegedly wrongful conduct may indicate an absence of irreparable harm and may make an injunction based upon that conduct inappropriate.”). Accordingly, should counsel determine that a preliminary injunction is warranted, they should act quickly in pursing the action.

Conclusion

Companies should understand that threat mitigation programs and response plans are essential to deter, detect, and prevent wrongdoers seeking to steal trade secrets and engage in acts of industrial espionage. An effective incident response plan can help address all incidents – both unintentional and intentional – and help safeguard a company’s competitive advantage over others.

[1] See Christopher Wray, Director, Fed. Bureau of Investigation, The FBI and Corporate Directors: Working Together to Keep Companies Safe from Cyber Crime, (Oct. 1, 2018).