Defending The Digital Workplace

An ebusinesscounsel.com publication

Archive for the ‘Trade Secret’ Category

Willie Sutton & Misappropriation of Business Assets – “That’s Where the Money Is”

corporate-theft-masked-thiefWillie Sutton, the infamous bank robber, when asked why he robbed banks is credited with responding “Because that’s where the money is.” In today’s market place, the money is in a company’s information, e.g., customer lists, pricing, methodology, know-how, research, development, and related proprietary and confidential information. And like the banks in Mr. Sutton’s day, companies are increasingly finding they are being robbed of their information by unscrupulous departing employees and competitors. For example, in a recent BusinessWeek article (BW, Feb. 16, 2009), To Catch a Corporate Thief, an employee resigned, but reported his company issued laptop stolen. It turned out this employee had been poached by the former employer’s competitor and the stolen laptop was actually the get-away-car for business methodologies, system designs, customer lists, and related proprietary information.

While there are a number of measures companies can take to prevent or otherwise minimize business theft/unfair competition (For a great summary of  non-compete considerations click here, Eight Ways to Lose a Non-compete Case), companies that fail to take such steps are left with the unsatisfactory choice of litigation or waiting for a “thank you” card from the benefactor of the competitive advantages you’ve bankrolled over the years. In regard to litigation, companies have in recent years relied upon the Computer Fraud and Abuse Act  (CFAA) to combat the theft of business information. See Adding to the Playbook.

The CFAA creates civil liability under specified conditions. For employers bringing suit against wrongful conduct by former employees, the relevant conditions are generally where someone:

(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains-


(C) information from any protected computer if the conduct involved an interstate or foreign communication; [or]

(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value …; [or]

(5)(A)(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage FN2;
or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.

18 U.S.C. § 1030(a)(2), (4), (5)(A)(ii) and (iii); see also § 1030(g) (providing for civil liability for violations involving certain conduct, including conduct causing a loss of at least $5,000 in value). Thus, paragraphs (a)(2) and (a)(4) apply only if the defendant accesses the computer “without authorization” or “exceeds authorized access,” while paragraph (a)(5)(A)(ii) or (iii) applies only if the defendant accesses the computer “without authorization.”

There are two schools of judicial thought as to what “without authorization” or “exceeds authorized access” means.

The first approach focuses on the defendant’s intent or use of the information in finding liability under the CFAA. See, e.g., International Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418, 420-21 (7th Cir.2006); Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc., 119 F.Supp.2d 1121, 1124 (W.D.Wash.2000). In Shurgard, the court, in concluding that the plaintiff had stated a claim under paragraph (a)(2)(C) of the CFAA, held that the plaintiff’s former employees had acted without authorization when they obtained information from the plaintiff’s computers because, under agency law,  the  employee’s authorization terminated when he allegedly became an agent of the defendant competitor during the act. See Shurgard, 119 F.Supp.2d at 1124. In Citrin, the court similarly held that the defendant’s authorization to access the plaintiff’s computer files had terminated when he violated his duty of loyalty to his employer imposed by agency law. See Citrin, 440 F.3d at 420-21.

In contrast, a number of courts have rejected the Shurgard and Citrin courts’ reliance on agency law in applying the authorization provisions of the CFAA. These courts generally find that a “without authorization” violation under the CFAA only occurs when initial access is not permitted and an “exceeding authorized access” violation occurs only when the defendant has permission to access the computer in the first place, but then accesses certain information to which he is not entitled. See Condux Int’l, Inc. v. Haugum, (D. Minn. Dec.15, 2008); Black & Decker (US), Inc. v. Smith, 568 F. Supp.2d 929, 933-36 (W.D.Tenn.2008); Shamock Foods Co. v. Gast, 535 F.Supp.2d 962, 963-68 (D.Ariz.2008); Diamond Power Int’l, Inc. v. Davidson, 540 F.Supp.2d 1322, 1341-43 (N.D.Ga.2007); Brett Senior & Assocs., P.C. v. Fitzgerald, 2007 WL 2043377, at *3-4 (E.D.Pa. July 13, 2007); Lockheed Martin Corp. v. Speed, 2006 WL 2683058, at *4-7 (M.D.Fla. Aug.1, 2006); International Ass’n of Machinists & Aerospace Workers v. Werner-Masuda, 390 F.Supp.2d 479, 498-99 (D.Md.2005).

So what is the take-away for employers?

Returning to Mr. Sutton, he packed a gun — either a pistol or a Thompson sub-machine gun — when he robbed financial institutions, noting, “You can’t rob a bank on charm and personality.” Mr. Sutton, however, reportedly never carried a loaded gun because somebody might get hurt. In contrast (and metaphorically speaking) companies cannot afford to shoot blanks when it comes to protecting business critical information. At the outset, proper and reasonable measures should be implemented for protecting such information. For examples and considerations, click here. However, if when these measures are not sufficient to prevent the theft of business assets, the CFAA is a great resource to have as backup. And even where courts have taken a narrower view of its applicability, proper planning in advance of litigation can provide a solid factual basis for a CFAA claim – just don’t plan on relying on charm and personality: It didn’t work for Willie Sutton (he spent half his life in prison) and it probably won’t work for your company and (certainly not) your attorney.

Telecommuting & The Digital Workplace

In martial arts, everything starts with position. You can’t execute or defend against a technique without it. And maintaining position is one of the most important keys to success in sparring, competitions, and street fights (who better to know about street fights than a white-collar suburban lawyer who is extremely averse to getting hit?). But maintaining position is not about using force to statically holding an opponent in place. Instead, especially in certain  styles, e.g., jiu jitsu and aikido, a martial artist wants to be able to gain a strategic position, adjust to the situation, and steadily advance for better position while holding onto prior gains (this almost sounds like good business advice). Obtaining positional control or defending against it starts with the fundamentals.

For employers, the Digital Workplace has extended the physical “position” of the work site. A recent survey found that the number of Americans whose employer allows them to work remotely at least one day per month increased 63 %, from 7.6 million in 2004 to 12.4 million in 2006. The total number of teleworkers (both employed and self-employed) working remotely at least one day per month has risen from 26.1 million in 2005 to 28.7 million in 2006. And it is estimated that this number will increase to 100 million U.S. workers by 2010.

Technology has changed the position of the traditional workplace.
Technology has changed the position of the traditional workplace.

Telecommuting may or may not make business sense. But telecommuting does not change the fundamentals of the employee-employer relationship, or basic risk assessment. And before making a commitment and a corresponding investment in transitioning to a telecommuting plan, employers should consider the following points:

  1. Meeting business and regulatory requirements: Telecommuting places a significant amount of responsibility on the employee to maintain productivity. And how this will be measured should be made clear. Also, employers still must comply with state and federal record keeping requirements for remote employees. For example, under the Fair Labor Standards Act (FLSA) employers must record hours worked by a non-exempt employee. The other side of this compensation coin is the possibility for a remote employee to pad his or her time records. These issues, to some degree, may be easily addressed through technology e.g., employee logs in and out of the company network (I would recommend against Web cameras: When I work at home, it isn’t a pretty sight seeing me work in my boxers). Employers also need to address fulfilling record retention requirements for off-site documents. This is especially important in the context of litigation and preservation obligations. See Using Ancient Chinese Martial Arts to Control Litigation Costs and Risks.
  2. Suitable Work Environment: Obviously employers must apply an even-handed telecommuting program to its employees to avoid discrimination charges. But even without a telecommuting program, telecommuting may be a reasonable accommodation under the Americans with Disabilities Act (ADA). See Equal Employment Opportunity Commission (EEOC): “May permitting an employee to work at home be a reasonable accommodation, even if the employer has no telework program? Yes”). Additionally, if a telecommuting program is implemented and if essential job functions can be performed remotely, does the employer now have to make modifications to an employee’s remote office to perform these essential job functions? The EEOC has taken the position that it will apply the same hardship analysis for on-site accommodations. See the October 17, 2002 revision to EEOC Notice No. 915.0021. It is also worth noting that the Occupational Safety and Health Administration originally issued an advisory opinion that asserted, “The OSH Act applies to work performed by an employee in any workplace within the United States, including a workplace located in the employee’s home.” After severe criticism, this opinion was later retracted and eventually reversed (with respect to home offices but not home work sites). See OSHA’s Policies and Procedures for Employee Worksites. But, worker’s compensation laws may still apply to remote offices.
  3. Insuring the Remote Office: Employers should also ensure that worker’s compensation insurance coverage includes remote employees. The same holds true for other insurance coverages, including personal injury, property loss, or professional liability coverage.
  4. Protecting Business Assets – External Risks: There are a number of risks to company assets maintained in remote work sites. These include outside threats such as viruses, physical disasters, and data breaches (either through technological means or physically stealing the storage container holding the data). These risks can significantly reduced by setting up remote access to the employer’s network so that information is only maintained on the employer’s network and not the remote office and by automatically syncing laptops with the network.
  5. Protecting Business Assets – Internal Risks: Telecommuting also opens up employers to internal threats because it may be more difficult to manage business information and other proprietary information that is created and stored remotely. For example, remote employees may maintain separate files for clients,  customer lists, pricing, sales data, profit-margin data, engineering drawings, etc. And retrieving this information from a remote office is likely to be more difficult than from an on-site office. For these reasons, it is highly recommended that all remote work either be done on an employer owned laptop or through a direct connection to the network. Please take my word: It is a technological head ache ripe with legitimate privacy concerns for both the employer and employee when (not if) the retrieval and search of information from an employee’s home PC or laptop becomes an issue.

Assuming there was a business justification for considering a telecommuting policy in the first place, the preceding legal and business concerns should not put an end to the discussion. Instead, employers — knowing the legal issues — can position themselves to reduce these concerns. And the starting point for this position is a written telecommuting policy, which should be made part of the employee handbook. The points that should be addressed in  the telecommuting policy include:

  • Job classifications eligible to telecommute (remember – neutral, non-discriminatory determinations);
  • Employer expectations and requirements, e.g., job duties, hours employee is expected to work, recording hours (for non-exempt FLSA employees, don’t forget to address tracking cel/Blackberry usage), virus software updates, backing up company information stored/created remotely, protecting employer’s confidential information, especially information relating to customers and consumers,  the physical location of where work will be performed,
  • Under what circumstances, if any, the employer may visit the remote office;
  • The duration of the telecommuting assignment or provisions for cancelling it;
  • What equipment and reimbursement, if any, the employer will provide (as noted above, keep business info on business equipment). This should also include those relics called paper, pens, envelopes, etc.;
  • Provisions concerning the employee’s agreement to keep all employer provided equipment in good working order and returning it to the same condition;
  • A provision providing that the employee agrees that access to the employer’s network and all information owned by the employer will not be misappropriated by the employee and will not be used for the employee’s own personal benefit. Also, if a telecommuting employee’s employment status  changes, don’t forget to change the locks to the network (you may laugh, but it happens); and
  • Specifying the applicable jurisdiction, which is especially important in the context of telecommuting and an ever flattening global economy.

There are a number of reasons why expanding the “position” of your workplace in today’s global economy may or may not make sense. If it does fit into your business strategy, then the starting point for reducing risks and maximizing returns is implementing a written policy addressing the fundamental aspects of the telecommuting relationship. This policy, of course, should be done in consultation with competent legal counsel (sorry: my legal malpractice carrier makes me provide these reminders).

I’m interested in your experience with telecommuting and suggestions you may have. Thanks.

The Silver Bullet for Business Success in the New Year: Respond Well

Historically, martial arts practices were a means to defend oneself from a physical threat. With this in mind, a legitimate question is whether martial arts remain relevant in today’s “advanced” society. After all, I find myself in a good ol’ fashion fisticuffs – like most suburbanites – somewhere in the range of never in any given week. And assuming a physical threat presented, it is far more likely to come from a firearm, natural disaster, explosives, or worse, e.g., chemical or biological weapons. While I love to delude myself into believing I’ve got “mad martial arts skills,” it is much more likely that I would end up knocking someone down trying to run away  from danger (get out of my way men, women, and children) than taking out a gunman with a flying arm bar.

Preparation is the Silver Bullet for Responding Well to Business Challenges in 2009.

Preparation is the Silver Bullet for Responding Well to Business Challenges in 2009.

But I have come to realize that martial arts practice is not simply an instructional cookbook, i.e., if you face attack “A” then respond with “B.” Instead, in the words of my instructor, Sifu Brown, a fundamental purpose of practicing martial arts is to learn how to “respond well” to any situation (I encourage anyone interested in this concept to go to the source). Responding well is essentially shorthand for the Zen expression “mushin no shin,” which means mind of no mind. Mushin is a state martial artists sought to achieve where the mind and body operate in unison. This state can also be analogized to how athletes explain a phenomenal performance as a result of being in the “zone.”  Regardless of the label, a required precursor for achieving mushin/responding well/the zone is physical and mental preparation.

The same mindset should be applied to business challenges. And the rationale — whether facing business challenges or physical threats — is straightforward: Simple problems tend to become monumental challenges in times of crisis. Further, in a time of crisis people freeze when action is needed or react instead of responding, i.e., assessing the situation and choosing the appropriate response.  And Business Leaders simply can’t afford inaction or taking the wrong action where budgets are already anemic.  (For a great concurrence, see InHouse Blog’s Corporate New Year’s Resolutions in a Tight Economy. While being able to sit in a full lotus position is optional, achieving “business mushin” or “responding well” must be a top Resolution for Business Leaders in the New Year. In this regard, the following areas pose significant risks to a business organization’s overall bottom line:

  1. E-mail/E-discovery Budget Busters: For any company dragged into litigation in 2009, e-mail and digital information (e-discovery) will likely be the KO punch companies don’t see until it is too late. See The Big Data Dump (Noting that “A deluge of electronic information may overwhelm American civil justice.”). For both the business organizations and their insurance carriers on the hook for insuring claims, e-discovery done wrong will destroy a litigation budget. And there are any number of ways e-discovery can go wrong. For example, in Goodbys Creek, LLC v Arch Ins Co, 2008 WL 4279693 (MD Fla Sept 15, 2008), the court ordered the defendant to re-produce – at its costs – documents previously produced as TIFF images. The basis of this “judicial re-do” was that defense counsel failed to comply with the e-discovery rules regarding the production of digital information. In another “judicial e-discovery production redo,” the estimated cost was $206,000. See PSEG Power New York, Inc v Alberici Constructors, Inc, 2007 U.S. Dist. LEXIS 66767 (NDNY Sept. 7, 2007). These cases raise an expensive question: Who pays for the re-do?” In the PSEG Power case, counsel for the producing party blamed the mistake on a software issue or malfunction on the part of the e-discovery vendor. And even if technological incompetence does not rise to the level of a “mistake,” it is still costly. For example, in defending an employment claim, the prior attorney either failed to effectively communicate the e-discovery search and retrieval obligations to the client’s IT professional or the IT professional misunderstood. In any event (and setting aside questions as to this delegation of e-discovery) the end result was that the corporate IT professional essentially wasted approximately two weeks  focusing on reproducing back up tapes and related information where there was arguably no legal relevance and obligation to do so given the facts and claims of the case. The bottom line is that litigation takes place against the backdrop of technology. And if attorneys and business organizations aren’t able to address the technological side of litigation, it could be a long, expensive year when it comes to litigation.
  2. Business Organizations in the Crosshairs: Thanks to high profile cases like Qualcomm Inc. v. Broadcom Corp., No. 05-cv-1958-B, slip op. (S.D. Cal. Jan. 7, 2008), Business Leaders and their companies face increasing willingness by courts to impose extraordinary and costly sanctions for e-discovery violations. In the Qualcomm case, the court imposed $8,568,633.24 in sanctions against Qualcomm and referred its counsel to the State Bar of California for further investigation and possible imposition of sanctions.  The Qualcomm debacle underscores that both the client and its attorneys will be on the hook to ensure that a reasonable inquiry is performed to identify and produce relevant e-discovery. Additionally, it was reported that 25% of the approximately 138 reported electronic discovery opinions issued from Jan. 1, 2008 to Oct. 31, 2008, concerned sanctions. See Kroll Ontrack’s Report.
  3. Data Breaches – A Patchwork of Liability: There were 646 data breach incidents reported in 2008, a 47% increase over 2007′s total of 446 breaches. There is also an increasing amount of statutory and regulatory compliance that companies must address with respect to protecting private and confidential information. For example, in 2007 Michigan joined approximately 44 states that have enacted some type of data breach notification law.  Click here for a listing of these state laws. Under Michigan’s statute a company must be able to assess its obligations and risks regarding a security breach of any database or data that includes personal information. A breach may require the company to provide a notice of the security breach to each individual whose information was accessed or acquired and subject the company to a to a fine of $250 for each failure to provide notice with the cumulative liability for multiple violations arising out of the same security breach limited to $750,000. The problem for business organizations, however, is that triggers for notification, obligations  for responding to a breach, and the content of disclosure letters vary from state to state.  Thus, if a company finds a data breach compromising someone from Michigan and also someone from California, they have different obligations. For a list of breaches, click here. For a great summary of security risks see Top 5 Security Issues for 2009.
  4. Unfair Competition/Misappropriation Litigation. Misappropriation of business critical information (e.g., trade secrets and confidential and proprietary information) claims are likely to increase as a significant risk due to the (im)perfect storm of a down economy adding to an already cut-throat competitive market, an increasingly mobile, technically savvy work-force, and technologies to facilitate the easy downloading/transfer of significant amounts of information. From my own experience, I’m seeing more claims by companies seeking to restrict their competitors from hiring away key employees or restricting former employees from starting up a competing business. It will, therefore, be important to assess and, where necessary, update your company’s plan for protecting against misappropriation claims and assess your defensive measures to guard against a claim brought by a competitor for doing the same. In this regard, the Computer Fraud and Abuse Act is likely to be increasingly relied upon by companies to obtain injunctive and monetary relief against a departing employee and the departing employee’s new employer. See Adding to the Playbook.
  5. Employment Litigation: E-discovery in employment litigation always poses serious risks for business organizations because e-discovery is not evenly distributed between the parties. And employers will likely have plenty of opportunity to test this hypothesis because employment related litigation continues to increase across the board. See EEOC Charge Statistics. This trend will likely continue due to the number of job losses and this past year saw the U.S. Supreme Court issue a series of pro-employee decisions. One of the more significant opinions, CBOCS West Inc. v Humphries, opened up a new avenue for filing retaliation claims, which provide plaintiff’s attorneys with a longer statute of limitations, no EEOC review requirement, no restrictions for filing against small companies exempted  from Title VII, and no cap on damages.  It is also worth noting that in 1992, retaliation claims comprised only 15.3%  of the EEOC’s discrimination charges. This number, however, has steadily increased and in 2005 retaliation charges approximately doubled to 29.5 percent. Another significant employment opinion, Sprint v Mendelsohn, ruled that trial courts have significant discretion to admit “me too evidence” of discrimination from employees who were under supervisors different from those a plaintiff worked under. The impact on employers was previously addressed in my prior post: Employers Will Need More than a White Belt to Survive “Me Too Evidence” Avalanche.

Winston Churchill observed, “In war, there is no guarantee of success. But we can make sure we deserve it.”  Mr. Churchill’s words are especially appropriate for business leaders preparing to “respond well” to increasing regulatory and statutory obligations pertaining to a digital workplace. I wish you well in this New Year and it is my resolution to continue to be a resource for business leaders  in working for success in the digital workplace.

Remember Mr. Murphy When it Comes to Protecting Intellectual Property

One of my favorite instructors, Barry Boardman of The Fighting Fit, invariably gave this instruction following the introduction and explanation of a self-defense technique, “Remember Mr. Murphy!”

Barry’s maxim was shorthand for Murphy’s law, i.e., if anything can go wrong, it will. The point of remembering Mr. Murphy was that in a physical confrontation, you must be prepared for a “worst case scenario” regardless of how perfectly a technique is executed.

Barry’s next favorite maxim was that you have to have a “Plan B” which must be simpler than “Plan A.” In self-defense terms, Plan B probably involved an eye-gouge, a knee strike to the groin, or an introduction of your elbow to someone’s nose. Ahhh … if only things were so straightforward for the Business Leader.  But alas, they aren’t.

But what the Business Leader can take away – without fear of being charged with a battery – from Barry’s maxims, is that Mr. Murphy should be factored into business critical operations.

In this regard, there is no serious dispute that innovation, “business know-how,” or intellectual property (“IP”) qualifies as a business critical operation. In fact, this past presidential election saw both candidates pinning economic growth to innovation: John McCain proposed a $300 million prize for the creator of a better car battery. Barack Obama called for spending $150 billion over the next 10 years on clean energy technologies. Following these campaign promises and in the context of an economy in free fall, BusinessWeek asked in a piece by Michael Mandel, Can America Invent Its Way Back? Regardless of the answer or your politics, the bottom line is IP will be a cornerstone of a successful company’s bottom line and provides a significant competitive and financial edge over competitors in a key market (one may recall Amazon.com’s suit against rival Barnes and Noble over Amazon’s patented 1-Click online checkout shopping patent, which prevented Barnes and Noble from using its comparable checkout feature for two Christmas seasons. Talk about the legal equivalent of a knee strike to the groin!).

So returning to Mr. Murphy, if anything can go wrong with your intellectual property, it will and probably already has. In this regard, the FBI estimates that billions of U.S. dollars are lost to theft by foreign competitors on a yearly basis. Domestically, there has been an increase in trade secret and noncompetition litigation as Business Leaders are trying to protect their companies during the economic downturn.

Securing innovation is critical to business success.

Securing innovation is critical to business success.

What is a Business Leader to do? There are number of legal strategies for protecting IP, generally falling into the category of patents, trademarks, copyright, and trade secrets. And selecting the strategy or strategies that makes the most sense for your situation should be done in consultation with a competent attorney. But regardless of the particular innovation or idea that will be protected and the strategy that is ultimately chosen for this protection, the first goal of an IP protection strategy is taking steps to protect the seeds of innovation until the conditions are suitable for exploiting that innovation. Or in  a less long winded  explanation, until you are prepared to take your idea or innovation to market, keep it a secret. Accordingly,  the fundamental element of all IP protection strategies is that the information to be protected should start out as a business secret so it does not become known in the market place before you can exploit it.  So with this in mind, the following points are taken from repeat story lines in IP/trade secret theft claims and, therefore, are definitely worth considering:

Remember Mr. Murphy: The Business Leader needs to plan for the worst, while hoping for the best when it comes to protecting IP. In this regard, assume that the equivalent of your Coca-Cola formula will be stolen or inadvertently end up in the public domain.

  • Prior to this worst case scenario happening, do you know — and, more importantly, do your employees know — what IP should be protected?
  • Have you documented and followed an IP protection plan with respect to that information?
  • Are employees (especially new hires) educated about the importance of protecting the company’s IP?
  • Are new hires confirming in writing that they have not brought any such information from their former employer (nothing like hiring a blue-chip employee that lands you in federal court)?
  • Are there enforceable agreements in place providing a level of IP protection, e.g., non-compete agreements, non-disclosure agreements, licensing agreements, agreements for the assignment of inventions to the company?
  • Are exit interviews being conducted to remind departing employees of their obligations as to protecting the confidentiality of IP they may have accessed to?
  • Are Business Leaders safeguarding their organization’s information by securing physical files or computer files with passwords?
  • Is access to IP limited or does anyone in the business organization have access to it (and does everyone need access)?

These are just some of the more important points that a Business Leader should consider in protecting the business organization’s IP.

Moving From Plan A to B: It is my experience that most companies could significantly improve upon the protection of their IP. Don’t feel bad, it happens to the best of companies. For example, it was recently reported that secret information belonging to NASA, Boeing, and Lockheed Martin had been compromised for years. See The Taking of Nasa’s Secrets, BusinessWeek. Dec. 2008 (noting in one instance, the equivalent of 30 million pages were routed from Houston’s Johnson Space Center, a/k/a Mission Control, to Taiwan. Apparently in this instance no one at Houston realized they had a problem).So the moral of that story is that even if you have an IP protection plan, it doesn’t take a rocket scientist to tell you that need to enforce it and have a Plan B if it is compromised.

The cornerstone of Plan B should be “preserving the crime scene.” In today’s technology dependent business world, this means maintaining the digital status quo. So instead of putting a departing/discharged employee’s laptop or PC back into circulation (either before or after wiping it), first confirm that business sensitive information was not downloaded, the hard drive was not already forensically wiped (a tell-tale sign that someone was trying to hide their digital tracks), or that no external storage devices were used by the departing employee to remove digital information. The same goes for confirming nothing was sent outside of the company through e-mail. Such digital evidence may tip you off that the equivalent of your Coca-Cola formula has not walked out the door into the hands of your competitor. See Lessons from Intel’s Trade-Secret Case (A low-level engineer at Intel, recently made off with information, valued by Intel at more than $1 billion, on his way to Intel’s competitor, AMD).

Failing to preserve this evidence may also undercut your company’s misappropriation claim against a competitor. For example, in a misappropriation claim filed against a former client and its newly hired manager, we argued in a summary judgment motion that the plaintiff’s lack of digital evidence spoke volumes as to the merits of Plaintiff’s claims. That is to say, if my client and its new employee had improperly accessed, downloaded, or e-mailed the plaintiff’s trade secrets, direct evidence of such acts would likely exist. No such evidence was provided and shortly after filing the summary judgment motion on this issue, the case settled on very favorable terms. Also, certain claims that may be available to employers – the federal Computer Fraud and Abuse Act – will almost always rely upon preserving digital information and computer hardware. See Adding to the Playbook.

There is much more that the Business Leader should consider in implementing a plan for protecting the business organization’s IP. But the points discussed in this post offer a good conversation starter for guiding the business organization in navigating the laws (Mr. Murphy’s or otherwise) that converge on protecting its intellectual assets.

Written by Jason Shinn

December 1, 2008 at 1:50 am

Warren Buffett’s Fighting Stance

In martial arts the starting point for success is a good fighting stance. This is because such a stance is the foundation for every technique that is learned.  Further, the stance provides the versatility to go on the offensive, to defend when necessary, and the ability to move quickly between the two.  And in a fight, the stance also accomplishes the ultimate goal, which is to obtain a position to strike your opponent  while depriving your opponent of the same opportunity.

So what does this have to do with the Business Leader? The quintessential Business Leader answers this question: Warren Buffett has made billions of dollars investing in companies. His strategy, however, is relatively simple and can be analogized to determining which company has the best “fighting stance.” That is to say, Mr. Buffett’s investment strategy is to (i) identify a company that is in a position to leverage some competitive advantage that allows for more of its product to be sold or for higher fees to be charged for its services, i.e., a company in a good offensive position; and (ii) Mr. Buffett looks for companies that are able to defend this position through a “durable” competitive advantage, i.e., a company that is in a good defensive position against competitors.

How has Mr. Buffett’s strategy for identifying a good commercial “fighting stance” worked out? Not too bad: For example, in 1973, Mr. Buffett invested $11 million in the Washington Post Co., a company he identified as having a durable competitive advantage. After 35 years, Mr. Buffett still includes this company in his portfolio. This investment, however, is now worth over $1.4 billion. See Warren Buffett and the Interpretation of Financial Statements.

Not every company will become “Buffett Worthy,” but there are worse things a Business Leader can strive to achieve. But to even compete for that title requires a position or “fighting stance” that provides the means to leverage a competitive advantage and the ability to protect this advantage. Business Leaders routinely identify or develop the “competitive advantage” that is the cornerstone of a Buffet investment. But a common mistake is to overlook the implementation of the strategies that will protect that advantage.

Stealing Secrets

Stealing Secrets

Protecting such business advantages take various forms, including patents, trade secrets, copyright, exclusive contracts, and locking up key industrial talent, i.e., putting in place non-compete agreements for key employees so this talent doesn’t wander off to work for competitors. What specific strategy or (more likely) strategies chosen should be done with the assistance of competent legal counsel.

Further, the importance of protecting a competitive advantage is underscored by the fact that U.S. companies lost between $59 and $300 billion due to misappropriation of their intellectual property (IP) over a three year period. And — from experience and literature — stolen competitive advantages routinely end up in the hands of competitors.

The bottom line for the Business Leader is you don’t want to be funding your competitor’s R&D (research and development). But to avoid this situation requires implementing an offensive strategy to protect your company’s competitive advantage. This requires the Business Leader to know what the company’s advantages are and what steps must be taken to protect them. It is also equally important to have a defensive business stance that protects against being accused of wrongfully acquiring your competitor’s competitive advantages through new hires.

There a number of points that the Business Leader should consider in developing a “fighting stance” to protect its competitive advantage and to defend against theft claims made by competitors. Feel free to e-mail me at jshinn@lipsonneilson.com to discuss points to consider in protecting a company’s competitive advantages and points to consider to minimize having to defend against a theft claim. I would also welcome the opportunity to exchange thoughts and analysis on what an optimal fighting stance should look like. I’ve got the bruises to confirm what it should not look like.

Written by Jason Shinn

November 8, 2008 at 10:00 pm

Follow

Get every new post delivered to your Inbox.