Media Room

dedicated, diverse counsel helping you reach your goals

 

HP v. Cisco: Cisco's General Counsel Criticizes HP for Lawsuits against Former Employees Who Have Joined Cisco

 
by John Marsh 24. November 2011 11:00

Cisco's General Counsel, Mark Chandler, has taken the unconventional step of writing a blog post criticizing Hewlett-Packard for repeatedly suing former employees who have joined Cisco over the past two years.  This post follows, and apparently details, the recent lawsuit filed by HP filed against its former Chief Technologist, Paul Perez, who joined Cisco on November 14 (for more on the litigation, see my recent post).  HP had sought to enforce a non-compete in Texas after Perez had filed an action in California challenging the enforceability of that same non-compete.

According to Chandler's post, Perez has prevailed -- emphatically -- in the two lawsuits thus far.  Chandler reports that Perez's Texas attorney was able to derail an effort at an ex parte temporary restraining order that was hurriedly scheduled in advance of a pending hearing in the California action on the very same issue.  Cisco's legal department had reached out to HP to resolve the dispute before the California hearing, advising HP's legal staff that Cisco had put safeguards in place to protect HP's trade secrets (as HP had done earlier this year to insulate itself in a dispute with IBM, about which I also recently posted).

Instead of responding to that olive branch, HP apparently sought an "emergency" TRO conference without notice to Perez or Cisco even though the California hearing was scheduled to begin in two hours.  When Perez's Texas attorney saw HP's filing online, he appeared before the Texas court unexpectedly to report that "the matter was already in front of a California court, with HP fully represented."  Chandler noted that "the judge in Texas was not impressed by HP’s effort to get her to act without a hearing," that "she refused to proceed" on HP's TRO request, and later that day "the California judge issued an order allowing [Perez] to begin his new career at Cisco."

This resounding win and resulting post are both getting a fair amount of coverage.  The Wall Street Journal's Law Blog, the San Francisco Chronicle, the San Jose Business Journal, and technology blogs like All Things Digital have all reported on Chandler's post.  I have not been able to access either court's ruling but, given the attention this case is receiving, I will do a post later once I have the opportunity to review them. 

The lesson here is ex parte requests are rarely granted and even more rarely appreciated by courts.  This is especially true when the court learns that the other side has counsel and has expressed an interest in trying to work things out.  In these high profile disputes, this aggressive approach can backfire and result in not only a legal but public relations coup for the other side.

 

Protecting Trade Secrets in the "Cloud"

 
by John Marsh 16. November 2011 10:45

More and more companies are using “cloud computing” for the offsite storage and use of their proprietary data and information. To date, no court has yet addressed whether a company’s storage of trade secrets in the cloud compromises those trade secrets’ status. However, as the argument will inevitably be made in litigation, there are a number of steps a business can take to defuse any argument that its information is not adequately protected within the cloud.

Cloud computing presents a different paradigm for the storage, use and delivery of computer resources. Unlike traditional desktop computing, data is not stored or used with purchased software products installed on a local computer, but rather through a service kept in the cloud that is accessed and billed as needed. The data is stored remotely on third party servers accessed via the Internet, as opposed to a private computer or network. The cloud may be reached through traditional computers and mobile devices, such as cell phones and tablets.

Storage costs tend to be lower within the cloud, as large upfront capital expenditures for computing infrastructure and software are reduced to routine operating costs as the specific services are used. In addition, data in the cloud may be accessed regardless of the user’s location or device. Cloud computing solutions are also readily scalable as a company's needs change.

As a result, everyone seems to be embracing the cloud. The research firm Forester has estimated that the global market for cloud computing will grow from $41 billion in 2010 to $240 billion in 2020. Apple has introduced iCloud which will sync remotely-stored data between devices. Amazon’s Cloud Player allows music to be stored online and then played on different devices. And Microsoft is adding more and more cloud-based services to its products like Windows and Office. 

Trade secrets are frequently stored within the cloud. They may be passively stored as data or actively used with a service hosted in the cloud. A trade secret may even be stored locally on its owner’s private network, transmitted to the cloud to be manipulated by a service, and then brought back to the owner’s network where the results are saved. A trade secret owner may not fully appreciate every time a trade secret makes its way into the cloud. Online backup services place data, including trade secrets, on servers in the cloud. And a trade secret sent as an attachment to web-based e-mail is passing through the services’ servers. 

What can a business do to protect its trade secrets in the cloud? While there is no court decision to serve as a guide, there are some common sense steps that can followed. The first step is obviously to ensure that the cloud computing service provider’s security policies, practices and infrastructure adequately safeguard the confidentiality of the information. The service provider’s encryption arrangements should be examined and verified. It is important to remember that because your senstive data is being pooled with the sensitive data of others, your cloud provider is a "target-rich" environment for hackers and cybercriminals. Make sure that your IT staff has completely satisified itself that the cloud provider is capable of protecting your trade secrets.

Second, a company should consider adding a second layer of encryption to data containing a trade secret. Two layers of encryption are more difficult to infiltrate than just one, especially since the client’s encryption would be independent of the service provider’s encryption.

Third, terms of service for any cloud computing service should be reviewed thoroughly. Terms outlining ownership, the right to conduct audits, and continued confidentiality and deletion of data once the relationship ends should be included. The service provider should be liable for its subcontractors or other parties it uses and should be required to maintain data-protection or cyber-liability insurance coverage that adequately protects the trade secrets that it may store or use. Additional ideas for contractual terms are included in a fine recent post on the TechNewsWorld Blog.

Cloud computing will continue to grow in popularity because of its cost and access advantages. As trade secret owners may face challenges to their use of the cloud to store their trade secrets, adopting some of the practices suggested above will hopefully reduce arguments that they have failed to protect those secrets in the cloud and provide an added level of security.  (I'd like to thank my colleague John Molnar for his help with this post).

 

Highlights from the July 13 PLI "Trade Secret Theft" Seminar

 
by John Marsh 28. July 2011 11:30

For those of you who were able to join the recent PLI presentation on "Trade Secret Theft: Effective Tools for High Stake Disputes," I hope you enjoyed it as much as Victoria Cundiff and I did. For those that were not, here are some of the highlights:
 
Hiring Employees with Non-Competes:  This remains a real source of concern for employers who do not want to get ensnared in litigation over a hire.  Victoria discussed the recent holding in IBM v. Visentin, 2011 WL 672025 (S.D.N.Y. 2011), where the Southern District of New York modified a non-compete to permit a former IBM employee to work for Hewlett-Packard because of steps the employee and Hewlett-Packard took to protect IBM's proprietary interests.  Visentin is similar factually to the recent Aspect Software case about which I wrote last month.  In Aspect Software, the District Court of Massachusetts arrived at a different result despite similar efforts by the former employee and Avaya.  Although the holding in Aspect Software may be the exception, it reinforces the importance of selecting the right forum. 
 
"Procedural" Safeguards:  One question highlighted concern about the effectiveness of written agreements and other safeguards that are, at the end of the day, dependent upon the good faith of the employee or business partner receiving the confidential information.  Although there are measures to protect trade secrets that minimize or counteract this human element (encryption, monitoring data usage and access, etc.), those safeguards cannot completely eliminate the human component. 

I had the privilege of speaking on a panel in May with Malcolm Harkins, Intel's Chief Information Security Officer, on the challenges of protecting sensitive data in the age of WikiLeaks.  While Malcolm addressed a number of procedures and techniques available to an employer, I was struck by how much he stressed the creation of a vigilant and proactive culture to protect that data.   At the end of the day, that culture, along with the reinforcment and training necessary for instilling that culture, remains the best defense.

This dovetails into another issue that arose as a result of a question, the importance of annual training and certifications/acknowledgements for the protection of confidential information.  As Victoria noted, it's a good idea to have execution of the certifications coincide with other annual events, such as open enrollment for health insurance and annual reviews.  
 
Challenges for Multi-Jurisdictional Clients:  "One-state-fits-all" agreements may be difficult to enforce because of the differences in non-compete and trade secret law from state to state.  A forum selection clause may not solve that problem, as out-of-state courts may disregard the forum selection clause under choice of law principles and apply their own law if they see fit.  Victoria noted that when selecting choice of law for an agreement, it may be worthwhile to factor in where your competitors are located (for example, California) in anticipation that any dispute with a former employee make take place there.
 
WikiLeaks, the Internet and Trade Secrets:  Not surprisingly, this remains an issue of real concern, particularly the question of whether a trade secret claim is lost once the trade secret makes its way to the Internet.  As some may recall, I addressed this issue in a post in May; there is some authority allowing for a claim for a trade secret that has made its way to the Internet, provided one can demonstrate, among other things, that steps were taken to remove it from the Internet, that it was posted only briefly, etc.  I am going to dig deeper to see what other courts have said and put together a future post on this topic.

 

The Importance of Trade Secret Audits

 
by John Marsh 17. May 2011 15:30

Read almost any article or post about protecting trade secrets in a large organization and it will emphasize the importance of securing written agreements, having thorough policies on confidentiality and ownership, limiting access to sensitive information through passwords, encryption and other means, and numerous other safeguards to secure a company's trade secrets. However, one important element that is sometimes mentioned but rarely emphasized for the protection of trade secrets for a large company is the need for annual or, better yet, semi-annual audits of those agreements and policies.
 
A trade secret audit is nothing more than thoroughly double-checking your files in an organized fashion to make sure that your paperwork, agreements and policies are in order. Audits are important in three respects for a large company. First, they ensure that management, legal and human resources administrators detect any problems with agreements that may have slipped through the cracks. There are too many cases that have arisen in which a company has failed to get a signed agreement, or found an agreement that is with an affiliate or subsidiary rather than the parent company as the actual employer, or uncovered some other deficiency or enforceability issue that leads to added cost, unnecessary defenses or, in the worst case, the inability to enforce the agreement. For example, a recent case in New York, IBM v. Johnson, 629 F. Supp. 2d 321 (S.D.N.Y. 2009), reinforces the importance of following through and ensuring that agreements are signed appropriately by an employee. In that case, the failure to get an executive to sign the non-compete on the correct line (he deliberately signed on the wrong signature line to avoid committing to the non-compete) led to the district court's refusal to enforce that agreement. Likewise, if a vendor, supplier or contractor has not returned a signed copy of a non-disclosure agreement, the audit should identify that mistake. In short, an audit allows a large organization to preempt or reduce problems.
 
Secondly, the process of auditing not only leads to the detection or preemption of problems or mistakes in a large company but it should lead to improved internal procedures or methods for securing sensitive information and better coordination between departments. In the best cases, it leads to a new dialogue internally between a company's departments or divisions, or with outside counsel, about additional measures that can be done to streamline or better those processes. It may lead to new procedures in "exit interviews" to ensure that all confidential information is retrieved at the close of the relationship. It may cause the client to forward its agreement to their outside counsel to see if it can be improved or upgraded. It may lead to policies or procedures to better monitor "troubled" employees who most frequently turn up in trade secret disputes. As David Almeling's groundbreaking article has noted, 93% of all trade secret disputes arise out of relationships in which the parties know one another. Audits enable you to identify and minimize the peril that arise out of those relationships. 
 
Finally, should litigation ultimately result, audits enable a client to "build a case" about the reasonableness of the safeguards that it has undertaken. Courts have taken an increasingly tougher and skeptical view of trade secret claims and a challenge to the reasonableness of the plaintiff's safeguards remains the easiest and cleanest mode of attack.  In CMBB LLC v. Lockwood Manufacturing, 628 F. Supp.2d 881 (N.D. Ill. 2009), the district court dismissed a trade secrets case because of what it perceived to be the company's lackadaisical approach to managing its trade secrets -- i.e., no written agreements, policies that failed to safeguard information, failure to retrieve laptops or confidential upon termination, etc.  In contrast, an audit shows that the client is proactive and vigilant and better enables that client to defect any criticisms of the actions or safeguards that it has taken. 
 
Sun Tzu cautioned, "if you are ignorant both of your enemy and yourself, you are certain to be in peril."  If you are part of a large company with multiple departments or divisions, audits allow you to better understand your organization and identify your problem employees and partners, and therefore reduce and hopefully eliminate that peril.

About John Marsh

John Marsh Hahn Law AttorneyI’m a Columbus, Ohio-based attorney with a national legal practice in trade secret, non-compete, and emergency litigation. Thanks for visiting my blog. I invite you to join in the conversations here by leaving a comment or sending me an email at jmarsh@hahnlaw.com.

Disclaimer

The information in this blog is designed to make you aware of issues you might not have previously considered, but it should not be construed as legal advice, nor solely relied upon in making legal decisions. Statements made on this blog are solely those of the author and do not necessarily reflect the views of Hahn Loeser & Parks LLP. This blog material may be considered attorney advertising under certain rules of professional attorney conduct. Regardless, the hiring of a lawyer is an important decision that should not be based solely upon advertisements.

BlogRoll

Download OPML file OPML