According to recent statistics, more than 80 percent of information theft facing businesses in the United States occurs internally. This means that a company's greatest threat to loss of sensitive information comes from within -- its own employees.
Lawyers inexperienced in this area often venture into trade secret litigation with visions of Ian Fleming characters and high adventure dancing in their heads. What inevitably awaits is the brutal, hard-fought battle of trade secrets litigation. Typically, the cases move at the lightning-fast pace of temporary restraining orders and preliminary injunctions. And, in many instances, by the time inexperienced attorneys understand the law, the case is already lost.
Trade Secrets Law in California
When most people think of a "trade secret" they envision the formula to Coca Cola or the design schematic from a bio-medical research lab. While the California Uniform Trade Secrets Act ("UTSA") certainly protects such information, the UTSA also affords protection to much more common pieces of information. Civil Code sections 3426.1-3426.11. If a company takes reasonable measures to protect its information, and if the information is valuable because it is kept secret, California courts will recognize that common, every-day pieces of data can be afforded protection as a trade secret. For example, customer lists, business plans, spreadsheets, corporate minutes and agendas, and bid specifications can be afforded protection as trade secrets.
Rather than "theft," the UTSA uses the term "misappropriation." Misappropriation has a specific legal definition which includes two distinct types of misuse: 1) the acquisition by improper means, and 2) the use or disclosure of trade secrets. Civil Code section 3426.1.
"Improper means" includes "theft, bribery, misrepresentation, breach or inducement of a breach of duty to maintain secrecy, or espionage through electronic or other means." Civil Code section 3426.1(a). Thus, if a former employee were to physically take or copy a trade secret, that information would be acquired by improper means.
The second definition of "misappropriation" under the UTSA refers to the prohibition of the use or disclosure of trade secret information. Civil Code section 3426.1(b)(2). Cases interpreting this provision of the UTSA have held that a former employee's use or disclosure of confidential customer information to solicit new accounts on behalf of a new employer constitutes the misappropriation of a trade secret. Morlife, Inc. v. Perry, 56 Cal.App.4th 1514, 1526 (1997); Merrill, Lynch, Pierce, Fenner & Smith, Inc. v. Garcia, 127 F.Supp.2d 1305, 1306 (C.D. Cal. 2000).
The UTSA and the Memories of Former Employees
When a company alleges that its trade secret has been used or disclosed, it is a common misconception that the wrongdoer must have physically absconded with a customer list or design schematic. Under the UTSA, however, a company is not required to show that a former employee physically took trade secret information. The UTSA actually affords protection to the contents of an employee's memory, if the information fits the definition of a trade secret. Morlife, Inc. v. Perry, 56 Cal.App.4th at 1523. Thus, an employer need only show that the employee used or disclosed the contents of his or her memories regarding a trade secret to demonstrate that a misappropriation occurred.
Prior to the UTSA's enactment, former employees argued that they could not be expected to "wipe clean" the contents of their memories, and thus were entitled to use the employer's trade secret information. This so-called "wipe clean" doctrine is no longer viable. Gable-Leigh, Inc. v. North American Miss, 2001 WL 521695, *18 (C.D. Cal. 2001); Morlife, Inc. v. Perry, 56 Cal.App.4th at 1527. This is a major shift in the law. As a result, many cases decided prior to the UTSA's enactment in 1984 are of little guidance in trade secrets disputes.
Courts have also placed limits on relying upon the contents of an employee's memory to form the basis of a misappropriation claim. Quite often, employees will depart and work for a direct competitor in the same type of field, and work in the same or similar type of project. Under those circumstances, it could be argued that the former employee will inevitably disclose the former employer's trade secrets. California, however, has flatly rejected the so-called inevitable disclosure doctrine and requires that some evidence of use or disclosure be presented. See Whyte v. Schlage Lock Co., 101 Cal. App. 4th 1443, 1459-60 (2002). Thus, the former employer must have actual evidence of the use or disclosure of trade secret information prior to bringing a lawsuit. For example, an employer satisfies its evidentiary burden by showing that the former employee used trade secret information to solicit its customers.
While an employee's memory of the specific identities of a company's best customers may be protected as a trade secret, courts are generally hesitant to consider broad categories of knowledge, such as "general business know-how," to be protected under the UTSA. In re Providian Credit Cards, 96 Cal.App.4th 292, 309 (2002). 
An Employer's Liability for Unauthorized Use of Trade Secrets
When facing a use or disclosure claim, the former employee's new company may assert that it did not know that its employee had used or disclosed trade secret information. Under the UTSA, the standard is not actual knowledge of wrongdoing, but merely constructive knowledge. (Civil Code section 3426.1(b)(2)(B)(ii)(iii).) If the facts show that a company's principals knew or should have known that the alleged wrongdoing was occurring, liability may attach to the company. It is extremely important to contain the use of such information because "[t]he potential damages encompassed by a continuing misappropriation may expand with each illicit use of disclosure of the trade secret." Cadence Design Systems, Inc. v. Avant!, 29 Cal. 4th 215, 226 (2002).
Tips for Employers
In this electronic age, most companies have taken reasonable measures to protect trade secret information. Reasonable electronic measures may include having secured networks, limited employee access to certain directories, firewalls, multi-character passwords, or other ways to limit access or to track employee network activity.
Many cases concerning the acquisition of trade secrets by improper means involve the saving or transferring of data to an electronic storage medium like a Zip disk, CD-rom or other storage device containing a USB port. As a result, forensic evidence can be crucial for proving such cases. When companies confront such a problem, they should never have their own information technology ("IT") professionals conduct any type of forensic work. While a company's in-house IT staff may be good at updating software and making sure that its network runs smoothly, they are generally ill-equipped to handle any meaningful forensic work. Further, a company's in-house IT professionals may complicate the chain of evidence. 
To further protect their investments, companies should make certain that they take the following measures to safeguard trade secret information:
- Make certain that contractual measures are in place to protect confidential data and trade secrets. Given several recent decisions, companies doing business in California should seriously consider updating their confidentiality agreements, non-solicitation provisions and intellectual property assignment contracts.
- Promulgate policies regarding the use of electronic storage devices, Internet use, and use of the company's e-mail system to help prevent misappropriation.
- Remind employees of their contractual obligations to protect confidential information and not to use or disclose trade secrets. This may be done during exit or new-hire interviews.
- Have a legal plan of action in place in the event you learn that trade secrets have been misappropriated, or that you have hired an employee who may have misappropriated trade secrets.
Whether the dispute involves the yet-to-be-patented designs for a left-ventricular assist device or a valued customer list, companies have likely invested substantial sums to protect the sanctity of such information. To protect these investments, companies should ensure they have solid legal and technical measures in place to safeguard the information that is the lifeblood of their success.
1. Similarly, a recent case commented upon the circumstances under which employers can rely upon contractual non-solicitation provisions to prevent employees from contacting their former accounts. Thompson v. Impaxx, Inc., 113 Cal.App.4th 427, 430 (2003). However, in that case, the employer admitted that the identities of its customers were not trade secrets and could easily be deduced by public means.
2. The theft of electronic data is a crime in California under Penal Code section 502, and most law enforcement agencies are generally reluctant to proceed with cases where a company's in-house IT staff handles the evidence. Lawyers who practice in this area work with forensic teams who can move at a rapid pace and are mindful of the evidentiary issues.