Tag: proprietary

Relying on Noncompete Clauses May Not Be the Best Defense of Proprietary Data When Employees Depart

Much of the value of many companies often is wrapped up with and measured by their intellectual property (IP) portfolios. Some forms of IP, such as patents, are known by the public. Others derive their value from being hidden from the public. Many companies, for example, have gigabytes of data or “know-how” that may be worth millions, but only to the extent that they remain secret. This article discusses some ways to keep business information confidential when an employee who has had access to that information leaves the company.

Many companies traditionally turned to employment agreements, specifically noncompete clauses, to protect proprietary competitive information. The legality of noncompetes is in question following the Federal Trade Commission’s (FTC’s) ban on them, which is being challenged in court by the U.S. Chamber of Commerce, causing confusion and concerns about protecting information via noncompete agreements. As covered in Wilson Elser’s prior articles* on this subject, the timeline of the FTC rule in question was as follows:

  • The FTC promulgated new rules to take effect in September 2024 banning all noncompete agreements.
  • The U.S. Supreme Court overturned the 40-year-old method of reviewing agency rules (Chevron Deference), throwing all agency rules, including the FTC’s rule on noncompetes, into question.
  • The District Court for the Northern District of Texas preliminarily enjoined the FTC from enforcing its new rule banning noncompetes.

After this flurry of activity, noncompetes are, for now, not banned. But do they offer an effective solution for businesses seeking to protect their proprietary information?

Noncompete Clauses Are Not Always Effective
Vortexa, Inc. v. Cacioppo, a June 2024 case from the District Court for the Southern District of New York, illustrates the limitations of noncompete clauses in employment agreements. That case presents the familiar fact pattern of an employee leaving and going to work for a competitor. With some evidence of the employee’s access to proprietary competitive information in hand (but no evidence of actual misappropriation), the former employer sought a preliminary injunction to prevent the employee from working for the competitor for one year, the term stated in the noncompete clause in the employee’s contract with the former employer. The contract also included common non-disclosure and confidentiality clauses.

Absent evidence of actual misappropriation, the plaintiff employer relied on the “Inevitable Disclosure” doctrine, which assumes that a departing employee will inevitably disclose confidential information when they go work for a competitor. The court refused to apply this doctrine, explaining that inevitable disclosure may substitute for actual evidence of misappropriation only when the information is a trade secret. Here, none of the information about which the former employer was concerned was a trade secret.

The proprietary information that the former employee had was pricing data, marketing strategies and “intricacies of the business.” These types of information do not, in and of themselves, constitute trade secrets. In addition, the information was not afforded trade secret treatment because (1) some of it was ascertainable by the competitor without reference to the first employer’s information; (2) the companies sell different products; (3) some of the information was developed without the expenditure of a good deal of money and effort; (4) some of the information was provided to clients without a non-disclosure agreement; (5) some of the information was shared on company-wide collaboration channels; and (6) “google drive log records show that [the former employee] opened and viewed these documents, which underlines the lack of security protecting this purportedly confidential information.”

Most of these reasons for the information not being accorded trade secret status cannot be changed by any action of the employer. For example, if information can be generated by means independent of the first employer, that information cannot be protected by trade secret law and nothing the first employer can do will change that after the fact. However, any business seeking to protect its valuable competitive information can change the way that it secures, protects and manages access to its competitive information, and this may be enough to ensure that its information is protected by trade secret law.

What Businesses Should Do to Protect Their Proprietary Competitive Information
Generally, proprietary competitive information can be protected as a trade secret by operation of law or via contract. In many cases, the “boots and suspenders” approach is best – the information should be protected both by contract and by meeting the requirements for protection under trade secret law. As described, a contract alone is sometimes ineffective, so information that derives its value from not being generally known to the public should also be treated in such a manner that the courts would see it as being a trade secret.

Specifically, for something to qualify for trade secret protection under federal and state statues and common law, it must be securely kept and carefully protected from disclosure. Some easy ways to protect information are to (1) restrict access to folders on a company’s internal computer systems, (2) physically lock rooms that contain hard copies and (3) have computers lock automatically when not accessed for set time periods. Protecting information via noncompete, confidentiality and non-disclosure contractual obligations is another way to ensure that information remains secret, such that it is protected under trade secret law. Internal policies on how information may be shared with third parties, such as clients, also are helpful evidence of trade secret treatment. In addition, the business may consider maintaining records on the time, effort and monetary expenditures required to develop proprietary information, which should allow the business to demonstrate that making such information freely available to a competitor is fundamentally unfair.

In some cases, information protected as a trade secret may be the most valuable IP that a company owns. But the value can easily be lost if the company does not properly secure the information. Different scenarios call for different methods of security, and a good rule of thumb to protect information from disclosure by a departing employee is to protect this information both by contract and as a trade secret.

The first step for any business is to think through their overall data protection strategy and consult with experienced intellectual property counsel to put appropriate protections in place.

© 2024 Wilson Elser
For more news on Proprietary Business Data, visit the NLR Intellectual Property section.

The Imperatives of AI Governance

If your enterprise doesn’t yet have a policy, it needs one. We explain here why having a governance policy is a best practice and the key issues that policy should address.

Why adopt an AI governance policy?

AI has problems.

AI is good at some things, and bad at other things. What other technology is linked to having “hallucinations”? Or, as Sam Altman, CEO of OpenAI, recently commented, it’s possible to imagine “where we just have these systems out in society and through no particular ill intention, things just go horribly wrong.”

If that isn’t a red flag…

AI can collect and summarize myriad information sources at breathtaking speed. Its ability to reason from or evaluate that information, however, consistent with societal and governmental values and norms, is almost non-existent. It is a tool – not a substitute for human judgment and empathy.

Some critical concerns are:

  • Are AI’s outputs accurate? How precise are they?
  • Does it use PII, biometric, confidential, or proprietary data appropriately?
  • Does it comply with applicable data privacy laws and best practices?
  • Does it mitigate the risks of bias, whether societal or developer-driven?

AI is a frontier technology.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

In other words, there are relatively few rules governing AI—and those that have been adopted are probably out of date. You need to go above and beyond regulatory compliance and create your own rules and guidelines.

And the capabilities of AI tools are not always foreseeable.

Hundreds of companies are releasing AI tools without fully understanding the functionality, potential and reach of these tools. In fact, this is somewhat intentional: at some level, AI’s promise – and danger – is its ability to learn or “evolve” to varying degrees, without human intervention or supervision.

AI tools are readily available.

Your employees have access to AI tools, regardless of whether you’ve adopted those tools at an enterprise level. Ignoring AI’s omnipresence, and employees’ inherent curiosity and desire to be more efficient, creates an enterprise level risk.

Your customers and stakeholders demand transparency.

The policy is a critical part of building trust with your stakeholders.

Your customers likely have two categories of questions:

How are you mitigating the risks of using AI? And, in particular, what are you doing with my data?

And

Will AI benefit me – by lowering the price you charge me? By enhancing your service or product? Does it truly serve my needs?

Your board, investors and leadership team want similar clarity and direction.

True transparency includes explainability: At a minimum, commit to disclose what AI technology you are using, what data is being used, and how the deliverables or outputs are being generated.

What are the key elements of AI governance?

Any AI governance policy should be tailored to your institutional values and business goals. Crafting the policy requires asking some fundamental questions and then delineating clear standards and guidelines to your workforce and stakeholders.

1. The policy is a “living” document, not a one and done task.

Adopt a policy, and then re-evaluate it at least semi-annually, or even more often. AI governance will not be a static challenge: It requires continuing consideration as the technology evolves, as your business uses of AI evolve, and as legal compliance directives evolve.

2. Commit to transparency and explainability.

What is AI? Start there.

Then,

What AI are you using? Are you developing your own AI tools, or using tools created by others?

Why are you using it?

What data does it use? Are you using your own datasets, or the datasets of others?

What outputs and outcomes is your AI intended to deliver?

3. Check the legal compliance box.

At a minimum, use the policy to communicate to stakeholders what you are doing to comply with applicable laws and regulations.

Update the existing policies you have in place addressing data privacy and cyber risk issues to address AI risks.

The EU recently adopted its Artificial Intelligence Act, the world’s first comprehensive AI legislation. The White House has issued AI directives to dozens of federal agencies. Depending on the industry, you may already be subject to SEC, FTC, USPTO, or other regulatory oversight.

And keeping current will require frequent diligence: The technology is rapidly changing even while the regulatory landscape is evolving weekly.

4. Establish accountability. 

Who within your company is “in charge of” AI? Who will be accountable for the creation, use and end products of AI tools?

Who will manage AI vendor relationships? Is their clarity as to what risks will be borne by you, and what risks your AI vendors will own?

What is your process for approving, testing and auditing AI?

Who is authorized to use AI? What AI tools are different categories of employees authorized to use?

What systems are in place to monitor AI development and use? To track compliance with your AI policies?

What controls will ensure that the use of AI is effective, while avoiding cyber risks and vulnerabilities, or societal biases and discrimination?

5. Embrace human oversight as essential.

Again, building trust is key.

The adoption of a frontier, possibly hallucinatory technology is not a build it, get it running, and then step back process.

Accountability, verifiability, and compliance require hands on ownership and management.

If nothing else, ensure that your AI governance policy conveys this essential.

Copyright © 2024 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more on AI Governance, visit the NLR Communications, Media & Internet section.