When we think about trade secrets, we usually focus on keeping our own data safe. But an even bigger risk comes from hiring employees who can infect our systems with confidential information from a competitor. Companies often learn this the hard way. Boeing’s hiring several managers from Lockheed led to a $615 million fine and indictments of the individuals. Hilton poached two Starwood executives to create a competing hotel brand, but they came with thousands of documents and prompted a lawsuit that killed the project and cost $150 million to settle. Recently a similar situation at Zillow required a $130 million settlement.
Contamination also happens through lower level staff. In a survey by Symantec, over half of employees who left their jobs reported keeping data that belonged to their employers, and most of them planned to use it in their new positions. And perhaps most worrying, 68% of them said that their current employers take no action to protect against improper use of third party data.
Worrying but perhaps not surprising. As in other aspects of human behavior, denial plays a leading role here. Employees, anxious to please and “hit the ground running,” convince themselves that downloading a few files for “reference” isn’t wrong. And employers in competitive industries, happy to get access to experienced talent, often ignore the warning signs.
The bad news is that, left alone, third party data infection can gestate for many months or years while it worms through a company’s systems, projects and products, emerging to cause disruption and lawsuits, often long after the bad actors have moved on. The good news is that this is a risk that can be managed, and in the process you can also help prevent your own information from leaking outside the company.
In highly competitive industries with high labor mobility, recruiting poses a conundrum that many managers prefer not to dwell on. The best new employees come from the competition, because they’ve got “relevant experience.” But extending this logic increases the risk: the perfect hire is the one who comes with whatever it takes to solve our problems and leapfrog ahead: the one who has worked on an identical project or product and knows the competitor’s strong and weak points. Any company that projects ambivalence about these ethical risks is bound to attract individuals who are prepared to take risks too, increasing the chance of a trade secrets train wreck.
Proper management of the process begins with designing and advertising the recruitment. What will the announcement say about the job requirements? Ideally, the qualifications should be expressed in generic terms, avoiding anything that could be interpreted as trolling for a source of competitive data.
Of course, if the recruiting isn't entirely honest, and the company is interviewing the competitor's staff in order to find out what they're working on, that's a different kind of risk, layering fraudulent motives on an already tricky transaction. So establishing clear policies and providing appropriate training for the recruiters is critical.
Indeed, guidance and training are especially important for those who conduct the pre-employment interview. Guided by a checklist (see box for a sample), they should be motivated to learn only what is needed in order to assess the candidate's general knowledge and skill set, that part of their experience that they are entitled to take with them. This basic rule has to be communicated to the candidates as well, warning them that they are not to reveal sensitive information of any kind.
This should be confirmed with a brief acknowledgement like this one:
To: Widgets, Inc.I am applying for employment with Widgets, Inc. I assure you that:
Dated: ________________ Signed: _________________________
Occasionally you will want to bring on someone who has been a key performer for a competitor. Highly-placed managers in research and development or marketing are especially likely to cause serious concern when they change jobs. Even if they aren’t subject to a non-compete agreement or a post-employment invention assignment (both issues that require specialized advice), hiring them from a competitor can provoke a lawsuit based on the idea that the person knows so much, and the new job is so much like the previous one, that they can’t possibly do the new one without compromising the confidential information that they know. Whether or not a court might issue an injunction based on a threat of "inevitable disclosure" (a subject for another newsletter) is not the main point; merely provoking litigation is harmful enough.
So when you're dealing with one of these high-level hires, always get advice of experienced counsel in order to identify all the risks and potential mitigation strategies. In special cases you may also need to pay for an attorney for the candidate, to provide a buffer of independent advice on how to leave the current job "clean" and reduce the likelihood of a lawsuit.
You face a similar kind of heightened risk when trying to hire a group of employees from a competitor. The competitor’s speculation is easy to understand: with so many qualified individuals out there, the only reason for going after most or all of a team can be to cause damage, and perhaps also get access to an array of special knowledge that will allow your company to move into a new area or product line, implying an intent to steal trade secrets. This, the competitor will allege, is a “raid." Litigation is likely.
Here, we have to confront the same paradox represented by the “perfectly informed” individual hire who knows everything about what the competition is doing: the potential value is high but so are the risks. And those risks can be much higher with a group, not only because there are more people to make mistakes, but also because the competitor is more likely to feel injured and take aggressive action.
The most common source of a group hire is a current or former manager of the team. Consider someone you already employ who used to be a manager for one of your competitors. One day he or she announces a “great opportunity” to capture some extraordinary talent, a group of people who have let it be known that they are ready to consider leaving. The manager knows them all personally, can tell you who are the stars, what special projects they worked on, and even how much you might have to offer in order to get them to move.
This may in fact be an excellent opportunity, but it is filled with risk that has to be managed. The manager likely has special obligations not to use information about the candidates that was learned while leading them. Your first step normally should be to separate your current employee from the recruiting process. Then bring in legal counsel to make sure that you have protocols in place that reduce the worst risks and that cloak your discussions with a privilege against disclosure, in case there is a lawsuit.
Once these precautions have been taken, you can proceed with interviews, ensuring that the same sort of warnings are given and documents signed as would be required for a single individual. Throughout the process, you should communicate to all involved that the company has a strong policy of respecting the rights of others, that your interest is only in the candidates’ general skills, and that you insist that none of the competitor’s confidential information find its way into your organization.
The company’s culture of respect for others’ information rights should be reinforced during the orientation process. As with the pre-employment interview, your goal is to impress on new employees the importance of coming to the new position “clean.” They have to understand that there is no advantage – and there is considerable risk to them personally – in trying to prove themselves by bringing with them the work they did before.
The “on-boarding” process can be a real opportunity to reinforce the importance of the company’s policies and the confidence you have in the new employee’s ability to get the job done only with the skill and general knowledge that they have accumulated during their career. Be sure to go carefully through the various forms and contracts that have to be signed, and make sure that the new hire knows where to go to get answers or address any concerns about information security.
Hiring consultants and contractors poses more risk than regular employees. Because the relationship is short there is less loyalty built into it, and management needs to be tighter. Also, contractors have often been working recently for competitors, and consultants typically are doing that simultaneously. They bristle with current and potentially dangerous information. Required to do the best they can for you, they engage in mental gymnastics to keep all of their known data properly categorized and walled off.
As with other areas of information security, this is a problem of risk assessment and management. You need to protect yourself first with contracts that make it clear that you don’t want importation of anyone else’s confidential data, putting responsibility on the consultant to prevent that. But before entering into the arrangement at all, you should confront any potential conflicts of interest, forcing the consultant to consider and articulate exactly how your concerns will be met.
Recently I shared the podium with an FBI agent who was asked what frustrated him the most when trying to help businesses with trade secret theft. His answer was a surprise: they fire the guy too fast! He explained that when you discover someone might be mishandling information, your most important objective is to know what’s going on, and you could learn a lot more by keeping them around and watching what they do.
That observation stayed with me as I pondered what many have accepted as standard operating procedure: when you are told that someone is leaving for the competition, walk him (or her) out the door immediately. The idea is to avoid having a provocateur in your midst, someone whose lost loyalty might rub off on others. But while that’s understandable, it may not always be smart, especially in the age of electronic communications.
I have seen too many cases where the company has reflexively marched the employee out, only to learn later that they spent their time that day at home, wiping data off their laptop. Whether they think they’re doing you a favor or covering their tracks is not the point; you may have lost the best proof of what they’ve been doing that puts your confidential information at risk.
When you first learn of a departure, you are engaged in triage with two parallel priorities: find out what’s going on, and lock down the evidence. In most circumstances that may give you time for an initial meeting to get some details and perhaps try to turn the situation around. But you also have to be ready immediately to take actions that guarantee you get control over your data.
The initial investigation is low key, brief and uses internal resources. Talk to the supervisor, find out what the departing employee knows and the apparent level of risk presented by the departure. Identify relevant contracts, especially noncompete, nonsolicitation and invention assignments. Get a quick read on any unusual recent behavior, including attempts to access information outside normal areas of responsibility, emailing documents to a personal website or uploading to a cloud storage site.
At this point you may be ready for an initial meeting to confront the employee with any disturbing facts or inferences and make a further assessment of the risk. Where are they planning to go and what will be their responsibilities? How long have they been looking at this? What are the attractions of this new opportunity, and what are the negatives with their current position? If you don’t want to lose them, ask about their willingness to change their mind and stay. If not, make sure that no one else is involved in the move, and assess whether there is any project that would be seriously hurt if they left immediately. (If so, then you might want to arrange a carefully controlled and swift transition process.)
Now you need to find out where all of your data are located. Where are the company laptop and other mobile devices, including USB drives and security keys? Is anything on a home computer system, in personal email accounts or stored in a cloud account such as Dropbox? All of these assets, as well as physical files, need to be located and secure in company premises. Be sure to emphasize clearly – and confirm this in writing – that nothing is to be deleted, even personal files, until the exit interview that will be scheduled to debrief and to separate personal from company data.
If the employee has given notice of willingness to stay on for a period of time, you can take them up on that without necessarily having them be present in the facilities. Beyond tasking them with gathering and producing all company devices and data, and remaining available to answer questions, you may want to just send them home. Preserve evidence by duplicating (preferably through a forensic service) all of the drives and accounts to which the employee had access. And avoid any new damage by terminating the employee’s access to electronic systems.
The initial phase is often completed in the same day that notice is received, and in the process you will have made a basic assessment of the significance of the departure and the level of risk it poses. If that assessment is moderate to serious, then the next step will often involve bringing in outside counsel to perform a deeper investigation. This carries several advantages. First, the entire process will be protected against disclosure by attorney communication and work product privileges. Second, you will have the benefit of specialists who know what questions to ask and how far they can properly and usefully dig for the story. Third, you will get sober, independent advice that is not affected by the emotional reaction of some managers when troublesome departures happen on their watch.
Outside counsel can assist with tying down the forensic record and reviewing it for evidence of improper behavior. They will help you prepare for the exit interview, and in some circumstances they may participate in that process. More typically you will conduct the exit interview internally, with two primary goals: first, learn as much as you can about where the person is going and what they are going to do; and second, deliver a clear and firm message about the importance of respecting their legal obligations, and the consequences if they don’t.
Here is a common exit interview checklist:
I certify that I do not have in my possession, nor have I failed to return, any files, data, notebooks, drawings, notes, reports, proposals, or other documents or materials (or copies or extracts thereof) or devices, equipment, or other property belonging to XYZ Corporation.
I also certify that I have complied with and will continue to comply with all of the provisions of the Proprietary Information and Employee Inventions Agreement which I have previously signed, including my obligation to preserve as confidential all secret technical and business information pertaining to XYZ Corporation.
Following the exit interview, review the results with counsel and formulate a strategy. In most cases, the only followup will be a “warning letter” addressed either to the employee alone or also to the new employer, noting the company’s concerns, citing any relevant restrictive agreements, and offering the assumption that everyone will comply with their obligations. A variation on this approach might include a request for a meeting to discuss assurances required to provide comfort that the employee will not be placed in a position that will imperil the integrity of your data.
Of course if you believe that there’s evidence not just of risk but of actual misappropriation of your trade secrets, you need to take prompt action. You should have outside counsel involved immediately, to help you balance the need for a basic understanding of the facts with the imperative of prompt legal action. But where you can afford the time to prepare before you act, your decisions will be better informed and less likely to cause collateral damage.
Whistleblowers – The first court opinion addressing DTSA whistleblower immunity (18 U.S.C. §1833(2)) was issued on December 6 in Unum Group v. Loftus, 2016 WL 7115967 (D. Mass.). The plaintiff alleged improper taking of company documents by an employee and requested an injunction prohibiting their copying and compelling their return. Although evidence suggested that Loftus had only provided the documents to his attorney for investigation of wrongdoing, the court determined that it could not resolve that fact question and ordered the documents surrendered to the court. The decision has provoked criticism. See link.
China – During the annual meeting of the Joint Commission on Commerce and Trade in DC in November, China announced various improvements to its law and practices on trade secrets, including evidence preservation and calculation of damages. See link.
On January 9 the USTR issued its report to Congress on China in the WTO, noting that China was strengthening its trade secret legal framework, but that the “protection and enforcement of trade secrets in China is a serious problem”. See link at page 9.
On the same day the U.S. Supreme Court declined to hear an appeal by Sino Legend Chemical Co. from a decision of the ITC barring certain imports into the U.S. The appeal sought to challenge the Federal Circuit’s ruling in TianRui Group v. ITC, 661 F.3d 1322 (Fed. Cir. 2011), approving ITC jurisdiction over trade secret misappropriation occurring entirely outside the U.S.
APEC – In November, the Asia-Pacific Economic Cooperation (APEC) group of countries issued a statement approving a set of eight “best practices” for trade secret enforcement at the national level, including providing for both criminal remedies and civil remedies that include damages, injunctions, seizure of goods and cost awards, as well as procedures to obtain and preserve evidence. See link.
Published in the George Mason Law Review, Volume 23, Number 4, Pages 1045-1078
The trade secret laws of most countries – including the recent U.S. federal Defend Trade Secrets Act – contain the same requirement: in order to enforce its rights, a trade secret owner has to show that it has made “reasonable efforts” to protect its information from loss. In other words, before judges get involved in your dispute, they want to know what you’ve done to help yourself.
But what’s “reasonable?” The laws don’t tell us. Like the “reasonable person” standard in negligence, courts are supposed to decide each case in the context of its unique facts. That said, looking back at several decades of decisions, we can get a good sense of the principles at work, and also how they may be shifting as the business environment becomes more digital and more global.
The good news is that the standard is flexible, taking into account the value of the information, the risk of loss or contamination, and the cost (in money and effort) of measures to reduce those risks. For most businesses, this means simply taking a close look at what drives your competitive advantage, and then applying ordinary risk management analysis to define the broad outlines of a protection plan. In practical terms, this can lead to a variety of specific actions, including the basic ones you find on a lot of checklists with items like confidentiality agreements, IT system access controls, staff rules and training, and facilities security.
So if you’re following one of those checklists, you should be fine, right? Not necessarily. Although judges historically have been forgiving of less-than-robust security measures, they now seem to be paying much closer attention to this issue, and have even thrown out claims without trial where the trade secret owner has been sloppy in its practices.
The best known of the early cases was decided in 1970. DuPont had been building a new chemical processing plant when the construction manager noticed a low-flying plane making several passes over the site. It turned out that a competitor had hired the plane to take aerial photographs of the layout of the facility, which would reveal information about the secret process that DuPont intended to use. Forced to defend its actions in court, the competitor argued that it was just taking a look at what was in plain view. The judge thought that was preposterous, calling the surveillance a “schoolboy’s trick,” explaining that DuPont didn’t have to pitch a tent over the construction site in order to protect its secrets, and that the competitor was guilty of misappropriation by “unfair means.”
So the DuPont case taught that judges will not be too demanding when it comes to the amount of self-help that they expect from trade secret owners. However, in a 1999 case a federal judge granted summary judgment to a defendant in part because the confidentiality legend on the plaintiff’s secret document was deemed not large enough. This result aligns with my personal experience, indicating that today’s courts – and federal courts in particular – are more skeptical and less forgiving than they used to be on this subject.
Context is everything, and circumstances change with time. The expectation of privacy from the skies is less settled today, with Google Earth and other satellite imagery readily available, not to mention the thousands of privately owned drones. The same point applies with even greater force when it comes to computer system security. With the proliferation and increasing sophistication of hacker networks, the risk profile for most businesses has changed dramatically in the last several years. Just ask Target, Sony, Anthem, and J.P. Morgan.
Naturally, as the risks increase, the market responds with tools and systems to prevent cyber attacks, or at least discover them early and frame an appropriate response. And government agencies, most notably the National Institute of Standards and Technology, have suggested frameworks for managing cybersecurity risks. It’s not hard to imagine that these voluntary processes may over time be interpreted by courts as best practices, and even as minimum standards of conduct.
Bottom line: what constitutes “reasonable” efforts is dynamic, and expectations may be increasing, so pay attention. Of course, there’s more to self-help than just preparing for litigation. Don’t confuse the minimum requirement to get into court with the practical goal to prevent loss and contamination of your most valuable assets. To keep your information secure and clean, you should think beyond “reasonable” efforts.
I was giving a talk recently when a senior executive asked me, “If we have the time and resources to focus on just one thing to improve our information security, what would you suggest?” I didn’t hesitate: “Train your workforce.”
As we know from multiple studies, the biggest threat to information assets comes from “insiders,” which means (mostly) your employees. It’s not that you have a team packed with spies; but employees notoriously misunderstand their confidentiality obligations. In a recent survey of software engineers, 55% reported that they thought it was acceptable for them to take their work product with them when leaving the company – and that they intended to do it!
But not understanding the rules is only a fraction of the problem. The main challenge lies in a negligent attitude, a mental fog of inattention that can lead to mistakes.
What kind of mistakes am I talking about? The kind that make you slap your forehead in disbelief. The sales manager at a trade show who, excited about closing the deal at hand, lets slip the existence of an unannounced product. The engineer who brags to his friends on Facebook about a patent application he’s just filed. The R&D director who hires someone from his former employer in order to get an “update” on what they’ve been doing since he left. The business development executive who examines potential licenses of technology without walling off company employees who are working in the same area. These are the kind of mistakes that provoke litigation, and they are all preventable.
Good training is the single most cost-effective step you can take to reduce the risk of information loss or contamination. What makes for an effective training program?
Whatever IT systems or management processes you deploy to mitigate the risks to your trade secrets, those systems and processes are operated by people. So the way that they engage is critical to success. Training reinforces their focus and attention.
This is especially important with today’s workforce, a population that has never been more distracted. Think about it: for years now, social media have been silently encouraging people to use their laptops and smartphones to share every last detail of their personal lives. Sharing information is a good thing, and the more the better. When these same people come to work the next morning and connect their mobile devices to the company network, can we really expect them to shift their mindset and suddenly become models of discretion? Remember, a great deal can be revealed in 140 characters.
Here are some principles for designing an effective training program.
First, make the process inclusive. Not just people who you think are most likely to be exposed to confidential information, but everyone in the company should understand the importance of the issue. Even contractors, consultants and interns should be part of the effort. In fact, they may be even more important because they have inherently less loyalty and are more likely soon to be working somewhere else.
Second, make the training interesting. To keep it fresh and positive, consider using specialized vendors or products that can present serious material in a lighthearted but memorable way, rather than relying only on internal managers to conduct classes.
Third, don’t focus exclusively on protecting information from loss or leakage, but also from contamination. This happens most frequently from new employees who think they’re being helpful by passing on what they learned at their last job. So focus on the on-boarding process and train employees to recognize off-limits information.
Finally – and this is the most important principle – be sure that training is not an event but a continuous process. A single orientation video is not enough. Follow up with email tips, stories, and refreshers. And if business conditions worsen and you start to lose employees, this is a time to increase your training effort, not cut back, because the people who remain represent the source of your intellectual capital.
Let me emphasize that last point. Training is not about ticking a box. You are conditioning the attitude of those who are the primary handlers and protectors of your most important and vulnerable assets. Pay attention to that attitude and they will pay attention to your assets.
“The greatest victory is that which requires no battle.”
— Sun Tzu
Recently I got a call from a client who had just received a letter from a competitor, complaining about an executive the client had hired, and threatening to sue. My client was a young company that had never experienced this sort of threat. But they were less worried than they were angry, and viewed the competitor with more scorn than respect. They wanted to know if we could strike first with our own lawsuit and how long it would take to prevail, as they were sure they would.
Indeed, emotions were running very high on both sides, mostly due to assumptions fueled by an absence of information. The former employer suspected that the executive, who had been evasive about his plans during his exit interview, was working on similar projects. The client believed that the threat was made in bad faith to slow them down, and that an aggressive response would force the other company to relent.
Unlike patent cases, trade secret disputes hinge on issues of fault. Emotional themes frequently dominate the background: breach of trust, treachery, revenge, resentment. But emotions shouldn’t drive decision-making. This is particularly important for a defendant, for whom there is usually no upside, since even “winning” is an expensive distraction. So maintaining objectivity and detachment is critical to the defendant’s primary strategic goal: get out and get on.
Happily in this circumstance, we were able to get the parties in front of a skilled mediator, who helped each understand the other’s perspective, correct some mistaken assumptions, and find a way forward that even left the door open for future collaboration. How different things would have been if the sword had been unsheathed . . . .
For more on this topic, please read my white paper, titled "How to Respond to a Claim of Trade Secret Misappropriation".
It’s a fact of business life that employees leave to join a competitor or start a competing business, armed with confidential information that is suddenly put at risk. While you want to protect those assets, pulling the trigger on litigation may be premature. Unless you have evidence that you’ve been ripped off, a concise warning letter is a typical and prudent first step.
In its classical form, the warning letter serves as a reminder of the employee’s obligations and as a notice that you are prepared to act. The goal is compliance, and it often works. When you get the usual response with soothing reassurance that your concerns will be respected, the risk of loss is not eliminated, but it is mitigated. The exchange is polite, with each side reserving its options.
But the Defend Trade Secrets Act creating original jurisdiction for trade secret claims, the assumptions behind this common minuet may no longer be valid. If there is going to be litigation, you may want to avoid federal court, and for the same reason your opponent may want to go there. (For more information, check out the article “Be Careful What You Ask For”) So your warning letter needs to be crafted to prevent triggering a preemptive federal declaratory judgment action.
The key is to inquire, not accuse. This helps you stay in control of the process while you become better informed. You can find a sample warning letter below:
To Departing Employee
Dear Mr. Smith,
Since you have recently terminated your employment, we wish to remind you of your obligations to the company that continue after your employment ends. As you know the company possesses a great deal of highly sensitive and confidential business information. This includes customer lists, marketing plans, engineering data, product plans, and the like. During your employment you have been provided, or had access to, such information.
Both the law and the contract you signed when you came to work for the company prohibit any use or disclosure of such information after you leave. For your convenience, we enclose a copy of the agreement you signed. Because you have taken employment with a competitor of the company, it is especially important that you take care not to violate your obligations to keep this information confidential. While we have no reason at this time to believe that you have violated your obligations, it would be helpful to understand from you the steps that you intend to take in your new position to ensure that the confidentiality of our information is respected.
We look forward to your early response to this request.
Very truly yours,
To New Employer
Dear Mr. Jones:
We understand that Mr. John Smith, who until recently was employed by us, has decided to join your company. We draw your attention to the fact that Mr. Smith worked in our Advanced Widgets Department as a Senior Research Engineer. In that capacity, he became quite familiar with all aspects of our de-flanging process, which we consider and treat as confidential.
While he was with us, Mr. Smith signed an Employee Confidentiality and Invention Assignment Agreement, a copy of which we enclose for your reference. As things now stand, we have no reason to believe that any of our trade secrets in this area have been misused, and we expect that Mr. Smith will continue to comply with his obligations. We also trust that your company will not assign Mr. Smith to a position that might risk disclosure or use of this sensitive information.
If you have any questions regarding any of these matters, we will be happy to discuss them with you. For the moment, we ask that you describe what steps you are taking to protect against inadvertent misuse of our trade secrets.
We look forward to your early reply.
Very truly yours,
The new Defend Trade Secrets Act for the first time lets you file your case in federal court. but just because you can do it doesn't necessarily mean you should. Federal court provides a lot of advantages for certain kinds of disputes. But there can be a downside.
The easy decision is in a case that the DTSA was designed for, where some of the actors are in other states or countries. Federal courts give you nationwide service of process and uniform rules of procedure that can streamline litigation. Federal judges, with their experience handling crossborder cases, are better suited to resolving complex issues of personal jurisdiction. And if you find out about a threatened theft of valuable data before it happens, the new ex parte seizure provision of the DTSA can give you a powerful remedy.
But federal court is not for everyone. Its judges are "single-assignment," meaning that they have a case from beginning to end, and therefore also have a motive to end it early if it lacks substance. As a result, federal judges (who by the way are not getting any additional resources from Congress along with their new trade secret jurisdiction) often demand more specificity in pleadings and in trade secret definitions, which can end up looking like patent claims. State courts, in contrast, usually run on a "departmental" system, where early issues are handled by specialist judges, giving close cases a better chance to squeak through to trial, and giving plaintiffs more leeway in describing the subject matter of their claims.
Federal judges may be more inclined to transfer venue. And when it comes to substantive issues, the trade secret plaintiff's requirement to demonstrate its "reasonable efforts" to protect its data may get a more skeptical eye. Once a federal judge granted a defense summary judgment because the "confidential" legend on plaintiff's documents was not in a big enough font! So even after the DTSA, trade secret owners need to have an open mind about their strategy in deciding whether, and where, to litigate.
Well, not quite. But $940 million is a lot of money, and that's how much a federal court jury awarded on April 15, 2016 to Epic Systems, a Wisconsin healthcare software company, against the U.S. subsidiary of Tata Consultancy, part of the Tata Group headquartered in India. There may be a lot of lessons to come out of this case - and we don't know if the jury's award will be reduced - but what I want to talk about today is inspired by that verdict: how is it that trade secret damages can be so large?
Of course, every case rests on a unique set of facts, and trade secret disputes typically involve allegations of treachery and deceit that can turn a jury's head. But at a time when proving damages in patent cases feels restricted by issues like extraterritoriality and the entire market value rule, it seems that trade secret verdicts keep going up. In a quick search of awards in the past five years, I've found eight (including the Epic case) of more than $25 million, and three of those were in the hundreds of millions.
What is it about trade secret damage law that allows such seemingly generous results? Mainly it's because trade secrets are grounded in tort principles, where the primary objective is to make the plaintiff whole, and where doubts are resolved against the wrongdoer.
Setting aside willfulness for the moment (while we await the Supreme Court's rulings in Halo and Stryker), patent law tries to calculate the rent due for no-fault infringement. Trade secret law, in contrast, tries to return the plaintiff to where it should have been but for the defendant's wrongful behavior. The difference makes trade secret damages harder to predict.