Is the cat out of the bag? You need to know – right now – whether there’s any way to restore a trade secret legally after it’s been published on the Internet for all the world to see.
Or consider the same example from a different perspective: you innocently receive an e-mail that directs you to a web posting of a competitor’s trade secret. Can you freely use the information you find there? Or, in doing so, do you risk liability for misappropriating trade secrets?
For both companies, the answers depend on the facts of the case and specifically on how the information was disclosed or obtained. Let’s look at this hypothetical situation in more detail.
A community watchdog group posts an internal memorandum from Company A on its web site, along with a news release claiming that the memo has been “leaked” to them. The memorandum, which is labeled “Confidential,” outlines Company A’s strategy for a controversial development proposal in a publicly-owned, environmentally sensitive area.
Within hours of the posting, news of the memo begins to circulate in the real estate industry. An executive at a local trade association, for example, downloads the document from the web site and forwards it to a number of colleagues within the organization. Among the recipients is an employee who used to work for Company B, which is Company A’s arch-rival in competing for the development contract discussed in the confidential memo. The employee promptly forwards the information by e-mail to a friend at Company B, who shares it with colleagues in her department. Meanwhile, the document remains on the Internet and is cited in several press accounts.
Finding itself with sensitive – but useful – information related to a competitor, Company B takes the sensible step of contacting its legal counsel before acting on the document. Its question: based on the chain of events that put the document in its possession, could Company B be held liable for misappropriating the trade secrets of Company A?
What’s a Secret?
Most state laws governing trade secrets derive from the Uniform Trade Secrets Act (UTSA). Under the UTSA, a defendant may be found liable for trade secret misappropriation if it has used or disclosed the trade secret of another person or company under one of three distinct scenarios:
1. The defendant used improper means itself to obtain the trade secret;
2. The defendant knew, or had reason to know, that the intermediary who provided it with the trade secret used improper means to obtain the trade secret in the first place; or
3. The defendant knew, or had reason to know, that the information was in fact a trade secret and that the information had been acquired by accident or mistake.
In each case, however, the information obtained must qualify as a trade secret. In other words, the information must derive “independent economic value” from the fact that it is not generally known to people in the relevant industry, and the owner must take “reasonable efforts” to maintain the secrecy of the information.
Given this legal framework, Company B can probably breathe easily.
While the confidential memorandum from Company A may have started out as a trade secret, it may well have lost that status by the time it fell into the hands of Company B. Following publication on the Internet, the information became generally available to people in the industry and indeed made the rounds at a third-party organization before ever reaching Company B. In addition, Company A took no steps to maintain the secrecy of the information by trying to have the document removed from the Internet, preventing further distribution or publication, or notifying recipients that the information they obtained was confidential.
Contrast this scenario with a situation where Company B received the information by discovering a document from Company A that had inadvertently been left behind on an airplane. Assuming the document is labeled “Confidential” and is otherwise not publicly available, then Company B would likely face much tougher scrutiny in court if it acted on the information, even though it had acquired the material accidentally. Company A could more readily argue that the information was still secret when it was left on the airplane, and that Company B had reason to know that the material was confidential.
All of this assumes, too, that Company B was an innocent acquirer of the information published on the Internet. If, for example, Company B encouraged or assisted the community group in obtaining secret information from Company A for its web site, then Company B would likely be liable for misappropriation of trade secrets. In our scenario, however, since Company B played no role in acquiring or posting the information – and the material was no longer secret by the time it reached them – Company B is likely free to use the information as it wishes.
Putting the Genie Back?
That’s fine if you’re at Company B. But what about Company A?
The issue Company A faces is simple: does Internet publication of a trade secret automatically and immediately compromise its status as a trade secret? Although the answer depends on the specific facts of each case, the likely answer is yes.
While case law specifically related to trade secrets posted on the Internet is limited, two cases involving attempts by the Church of Scientology to maintain the secrecy of sacred texts anonymously posted on the web support the principle that publication seriously compromises secrecy. In Religious Tech. Ctr. v. Lerma, the judge found that “[O]nce a trade secret is posted on the Internet, it is effectively part of the public domain, impossible to retrieve….[T]he party who merely downloads Internet information cannot be liable for misappropriation because there is no misconduct involved in interacting with the Internet.” In Religious Tech. Ctr. v. Netcom, the judge similarly concluded that “posting works on the Internet makes them ‘generally known’ to the relevant people….[O]nce posted, the works lost their secrecy.”
Company A might wish to argue that a window of opportunity existed, after the information was posted but before it was widely downloaded, when the material could still be considered secret. But the company failed to act promptly to preserve the secrecy of the document. It could have immediately sought a court order to have the document removed from the community group’s web site (as the Church of Scientology did upon learning of the publication of its sacred texts), and it could have taken steps to notify persons who might have obtained the document from the web site (including its competitor, Company B) that the information was proprietary. By doing nothing, Company A implicitly acceded to the disclosure of the material.
Had Company A acted promptly upon learning of the web site posting, could it have successfully preserved its trade secrets? The lesson of the Scientology cases suggests not – that once material is on the web, the genie is probably effectively out of the bottle. On the other hand, such cases are highly fact-dependent and thus, depending on the specific facts of this case, Company A may have been able to protect the secrecy of its information by acting promptly. Moreover, swift action might well have minimized the damage to Company A by removing the document from the web and minimizing the universe of people who had access to the information.
For example, in a somewhat similar situation, in Hoechst Diafoil Co. v. Nan Ya Plastics Corp., the court said that highly sensitive trade secret information belonging to Hoechst that had been publicly available in a court file and that had been accessed by members of the public could still be protected as a trade secret. The court said the secrecy of the information had not been compromised because the amount of public access to the court file was actually quite small and Hoechst had acted nearly instantaneously upon discovering the public availability of the information. This case suggest that Company A might have some hope if it can show that the amount of actual access to its document is small. This kind of information would be available from the Internet web site hosting service, which would be able to determine how many people have accessed the web site with the confidential material.
As for Company B, the law is more likely on its side. When information is in the public domain, and the company engaged in no improper behavior to acquire it, then the company is unlikely to be held liable for misappropriating trade secrets.
The lesson for all companies, of course, is to develop a comprehensive trade secret protection plan from the outset, by identifying sensitive business resources and implementing reasonable security measures to maintain their confidentiality. And if there appears to be a leak, move quickly to fix it. Once a drip turns into a flood, it may be too late.