Today’s Employee, Tomorrow’s Defendant?
Well, maybe that's an exaggeration, but virtually every employer doing business in America today faces the threat of its employees walking out the door and taking the company's confidential information, business leads, clients and other core business assets with them. Some may take this information and use it to start a competing company. Some may seek to exploit it by going to work for an established competitor. A few may want to take, or delete, your company's important information for nothing more than spite or revenge.
Your company may be employing thieves. Crooks. Turncoats. Benedict Arnolds.
Well, maybe that’s an exaggeration, but virtually every employer doing business in America today faces the threat of its employees walking out the door and taking the company’s confidential information, business leads, clients and other core business assets with them. Some may take this information and use it to start a competing company. Some may seek to exploit it by going to work for an established competitor. A few may want to take, or delete, your company’s important information for nothing more than spite or revenge.
Regardless of motivation, these threats are very real and ever-increasing. But employers have rights and remedies against current and former employees who divert an employer’s valuable resources for their own use, funnel business away to competitors, or take the company’s assets to set up a competing business.
When the Employment Relationship Goes Sour
On the day of a wedding, rarely do the bride and groom stand at the altar, exchanging their vows, while simultaneously contemplating the statistical likelihood that someday they could go through a messy divorce.
In a similar manner, when a company hires a new employee, there are usually feelings of optimism and excitement on both sides of the employer-employee aisle. However, in today’s economy, rare is the day when an employee will work his or her whole career and retire with one employer, and often the employment relationship ends in a less-than-friendly manner. While the employment “divorce” usually involves only hurt feelings, many times it can also result in a departing employee causing real harm to the employer and its business. A departing employee may secretly copy or delete customer information and contacts, confidential business plans or marketing strategies. He or she might solicit customers and other employees for a new venture. The departing employee might even remove tangible items and confidential information from the company.
“But we don’t have that kind of person working for us …”
Are you sure? Your company is currently employing people who could walk out the door with important company assets and severely hinder your business. These days, all it takes is an employee with an axe to grind, a lunch hour behind a closed office door, and an external disk drive or external e-mail account and you have the potential for the highly undesirable: an employee who copies company trade secrets, confidential information, business leads, product descriptions, supplier contracts or customer contacts, and who at the end of the day walks out the door with it, entirely undetected.
In reality, the concept of employees leaving to set up a competing shop is nothing new. It has, after all, been going on for decades. So is anything really different now?
A recent television news program looked at the modern-day relationship between teenagers and their parents. The premise was that, in the view of many teenagers today, their parents “just don’t understand” their generation. Yet, that is the same refrain that has been heard generation after generation. In the end, this television program surmised that the core issues dividing teenagers and their parents — cars, school, friends, curfews, parties — remain essentially the same as they have been for the past 50 years. But while the causes of strife seem to have remained constant for decades, there was one key factor that indeed distinguishes the modern-day relationship between teens and their parents: technology.
In a similar sense, most of the factors that might motivate a departing employee to divert or exploit surreptitiously an employer’s business or resources are nothing new — greed, opportunity, money, spite, and the like. However, one important difference today is the presence of technology in the workplace and the ease with which employees can use that technology to access and exploit an employer’s valuable resources.
Virtually every employer doing business in America faces the threat of its own employees walking out the door and taking the company’s confidential information, business leads, clients and other core business assets with them.
Unlike 10 or 15 years ago, most employers today have computer networks and most employees have access to some, or all, of the material on that network. Additionally, many unsuspecting corporate executives who rose through the ranks over the past 20-plus years got their first exposure to copying files and data off of a computer system using small, square, removable 3.5-inch floppy disk drives. Those diskettes could typically hold up to 1.44 megabytes of memory, so an employee wishing to copy significant amounts of his employer’s data would need a lot of time and a lot of diskettes. Today, anyone can go to a local electronics retailer and, for under $100, buy a portable 200-gigabyte external hard drive with a USB connection that can plug into a computer system and quickly copy the equivalent of 140,000 diskettes worth of data. Likewise, with the advent of online e-mail access and online storage capabilities, employees can readily upload important company data and documents onto the Internet for later access — either from their home computers or the computer of a competitor.
“Hogwash. I trust the people working for me.”
And almost certainly so did numerous senior executives working for The Coca-Cola Company, until it was recently discovered that an administrative assistant may have been conspiring in an effort to steal and sell to the company’s foremost competitor — Pepsi — some of Coca-Cola’s most valuable and secret intellectual property.
A federal grand jury in Atlanta recently indicted a former Coca-Cola employee, and two other conspirators, on charges that they allegedly tried to sell Coca-Cola’s trade secrets to Pepsi in exchange for a hefty payment. In the indictment, the defendants were alleged to have stolen product samples and confidential company documents with the intention of trying to sell these trade secrets to “the highest bidder.” One of the defendants, an administrative assistant for a senior Coke manager, was ultimately caught when video surveillance cameras showed her going through multiple files looking for documents and stuffing them into bags. She was also seen holding a container filled with a sample of a new product that was under development and placing it into her personal bag. Officials within Coca-Cola were fortunate that officials at Pepsi came forward to disclose the plot, and the companies worked together with federal law enforcement officers to nab the alleged wrongdoers.
“So, how can our company protect our trade secrets and confidential information?”
An employer’s legal rights relative to a former employee who has acted improperly can be contractual in nature or may arise by operation of law. For example, federal and state trade secret protection laws provide certain fundamental protections of an employer’s legitimate “trade secrets” regardless of whether the employer entered into a written confidentiality agreement with its employees. Some information that an employer might view as being “confidential” might not, however, meet the legal criteria to constitute a legally protected trade secret. To protect non-trade secret information, the employer must enter into a written confidentiality agreement with its employees, thereby giving the employer a contractual right against its employees.
The definition of a “trade secret” under the Uniform Trade Secrets Act, which many states (including Georgia) have adopted in some form, is broad and includes a wide variety of business and technical information, such as formulas, compilations of information, methods, patterns, programs, devices, techniques and processes. For an employer to obtain relief from a court under the Uniform Trade Secrets Act, it must show that it took “reasonable efforts” to maintain the confidentiality of the information at issue. To that end, there are a number of things an employer can do to exert reasonable efforts at maintaining the secrecy of its proprietary and confidential information:
- Label documents that contain trade secrets or sensitive information as “confidential” and treat them confidentially. Provide such information to employees on a need-to-know basis only. Use passwords and restrict access to the material.
- Draft, update and enforce personnel policies to inform employees about information the company considers to be confidential.
- Specifically identify information the company wants to protect as a trade secret so that employees and outside entities are on notice of the confidential and proprietary nature of the information.
- For those employees who have access to confidential information, require that they sign confidentiality and nondisclosure agreements.
- Include a confidentiality provision in contracts with vendors, consultants, independent contractors, temporary employees and, where applicable, customers. Otherwise, if a company discloses its “confidential” information to third parties, this can be viewed as evidence that the information was not actually treated or viewed as a trade secret or proprietary company property.
Oftentimes, proprietary information that an employer considers confidential might not rise to the level of a trade secret. For example, many courts view information such as customer contact information, product pricing and contractual terms with vendors and customers as something less than a trade secret. A typical scenario involving confidentiality concerns occurs when an employee takes and utilizes his former employer’s customer list. Courts differ in their treatment of the issue and the result may depend upon how the employer treated its customer list. For example, in one case,1 where employees accessed and took a customer list off the company computer — but the computer was not password protected and anyone could have accessed it — the court found that the company had not taken reasonable steps to maintain the confidentiality of its information and thus had no claim. However, in another case,2 where employees accessed and took a customer list off the company computer — but the computer was password protected and had limited access and the company took measures to monitor and protect the confidentiality of its documents — the court held that the company had taken reasonable steps to maintain the confidentiality of its information and thus did have a claim. Thus, the outcome of these types of cases often depends upon what measures the employer took to maintain the secrecy of its proprietary information.
“Help! Our former employee stole documents from our computer system!”
It is an all-too-familiar scenario. An employee gives his two-week notice. He is quitting and going to work somewhere else. So be it. The problem, however, is that during this period he is secretly copying documents, e-mails and files from your computer system to send to his new employer, and he is deleting other files from your computer to cover his tracks and cause you harm. This situation happens — a lot.
Employers are not without protection in this situation. The Computer Fraud and Abuse Act (CFAA)3 is a federal law with criminal penalties that also provides meaningful civil remedies for employers against former employees, especially in circumstances where an employee accepts a job at another company, and during his or her notice period accesses his or her current employer’s computer system for improper purposes. As initially passed in 1994, the CFAA was aimed at preventing unauthorized access to computer systems and primarily covered classified information on government computers. However, the CFAA has been amended over time and protections under the Act now extend to any “protected computer” (i.e., any computer used in interstate or foreign commerce) and applies to company insiders in addition to outside hackers. Many states likewise have their own statutes that provide employers with protections against unauthorized access to their computer systems. Under the CFAA, both the former employee and the new employer can be sued if, either separately or together, they seek to gain a competitive advantage through unauthorized and improper use of, theft of or deletion of information from the former employer’s computer system.
The United States Court of Appeals for the Seventh Circuit recently clarified the scope of the CFAA. In International Airport Centers, L.L.C. v. Citrin,4 a departing employee decided to go into business for himself. Before leaving his employment, he “savagely attacked” his employer’s computer system by deleting all the data off his laptop, deleting all data that would have traced his improper conduct, and installing a software program designed to cover his tracks and eat up data. (The company hired forensic technicians to recover the deleted materials and trace the wrongful conduct back to the vengeful employee.)
The federal district court ruled in the employee’s favor and found that the CFAA did not apply because “simply erasing files was not a ‘transmission’ under the Act.” However, in March 2006, the Seventh Circuit reversed and ruled in favor of the employer. The court held that the CFAA prohibits “attacks by disgruntled programmers who decide to trash the employer’s data system on the way out (or threaten to do so in order to extort payments).” The court held that the employee’s authorization to access his employer’s computer system ended when he resolved to destroy company files. In addition, the employee had unlawfully transmitted to the company’s computer a program intended to cause damage to that system by preventing the employer from tracing files the employee deleted.
In addition to providing an employer-friendly interpretation of the CFAA, the Citrin case also provides a practical lesson for employers. The conduct of the miscreant employee, including copying and deleting his employer’s proprietary information from the computer system during the waning days of his employment, is not entirely atypical. Wise employers will carefully monitor and supervise the activities of employees known to be leaving their employment soon. Employers may also want to consider restricting access to the computer system or more closely monitoring access during their remaining time.
The CFAA provides a helpful sword that employers can use against an employee who improperly copies or deletes files from the company computer system. Keep in mind that these sorts of claims can be brought against a former employee for improperly taking e-mails or data from a computer even if the employee did not have a noncompete or confidentiality agreement.
Employers wishing to contractually tie the hands of their employees after the term of their employment may enter into written restrictive covenants.
However, also keep in mind that this is a two-way street. What happens when your company hires a new employee and he brings with him documents that he copied from his former employer’s computer? Your company could be liable. That is why many employers have new employees sign a document at the commencement of their employment acknowledging that the new employer has not asked the new hire to bring any information or documents from a former employer and that the new employee has not done so. While not an absolute shield against liability, such a practice can provide an employer an extra layer of protection and assurance when it hires new employees.
Other Noncontractual Claims Against Former Employees
In addition to claims for violating trade secret protection laws and computer system protection laws, employers have a number of additional claims that can be asserted against former employees who have acted improperly. These claims typically arise under state law and obviously are dependent upon the facts of each case. While the elements of such claims may vary according to each state’s laws, they can generally be summarized as follows:
- Conversion — a claim that an employee improperly took physical property or money belonging to his former employer.
- Tortious interference with contract — a claim that an employee improperly sought to interfere with a contractual relationship between a company and its client.
- Theft of business opportunities — a claim that an employee came into receipt of a business opportunity while working with one employer, e.g., received a request for proposal from a potential client, but instead of pursuing that opportunity with and for the benefit of his current employer, he instead diverted that opportunity for his own benefit or to another entity.
- Breach of an employee’s duty of loyalty, good faith and fair dealing — a claim that an employee, during the scope and course of his employment, intentionally engaged in acts contrary to his employer’s interests.
- Breach of fiduciary duty — like the claim described immediately above, this claim involves an allegation that an employee — and, in particular, an officer or director — of the company, who held a fiduciary obligation to act in the best interests of his employer, instead acted in a manner that harmed the company or benefitted a competitor.
Employment and Separation Agreements – Defining Post-Employment Boundaries
The discussion above centers primarily around an employer’s legal rights against a former employee in the absence of, or in addition to, any sort of contractual commitment by the employee. Employers wishing to contractually tie the hands of their employees after the term of their employment may enter into written restrictive covenants.
When a former employee or competitor seeks to raid another employer’s work force and recruit personnel to a competitor, this practice is sometimes referred to as “pirating.”
Restrictive covenants are provisions that typically provide that during the term of employment and for some period of time thereafter, the employee will not compete with the employer, or solicit customers or employees of the employer. Such restrictions can be placed in an employment agreement that is entered into either at the outset or during the existence of the employment relationship, or they can be placed in a separation agreement, whereby the employee will typically release any claims that he or she may have against the employer and, under certain circumstances, agree not to engage in certain post-employment competitive activities, usually in exchange for some form of severance payment from the company.
Restrictive covenants are intended to protect the employer’s assets and good will and its relationships with its customers and employees. Artfully drafted, restrictive covenants can serve those purposes. However, restrictive covenants are governed by state law and, therefore, differ greatly from state to state. Courts in many states are loathe to enforce such agreements, thereby leaving many employers without certain protections the employer had counted on and needed. For companies with business operations and employees in multiple states, a particular restrictive covenant may be enforceable in one state and invalid in another. Most state laws require that restrictive covenants be reasonably related to and necessary for the protection of the legitimate business interests of the employer, and require that the covenants be reasonable in geographic scope, time and the nature of the activities prohibited.
“We don’t want our former employees competing against us. Anywhere. Ever.”
By definition, a noncompete agreement is an agreement whereby the employee agrees not to compete with the employer or work for a competitor for a period of time after termination of the employment relationship. However, for courts, the definition and enforceability of noncompete agreements is not so clear-cut. Therefore, the drafting and implementation of noncompete agreements by an employer requires careful consideration of important legal issues.
Typically, noncompete agreements must be reasonable in terms of time, territory and scope. In some states, if any element is overbroad, the entire noncompete is overbroad and other provisions of the agreement may become unenforceable too. Other states’ laws permit courts to revise and narrow, or “blue pencil,” overbroad covenants so as to make them enforceable.
There is absolutely no “one size fits all” type of noncompete that will work in every state or in every circumstance. Simply because your company has had a “form” you have used for years does not necessarily mean that the noncompete provisions in your agreement are valid. The law as to what is, and what is not, enforceable is constantly changing. For this reason, noncompete agreements should be drafted and used on a case-by-base basis with the assistance of legal counsel.
“‘Pirating’? Sounds like a Johnny Depp movie.”
When a former employee or competitor seeks to raid another employer’s work force and recruit personnel to a competitor, this practice is sometimes referred to as “pirating.” A “nonsolicitation of employees” covenant is one that restricts an employee from recruiting his or her co-workers after leaving employment. The employer’s interest in including these covenants in employment or separation agreements is readily apparent, as no employer could stand, financially or otherwise, to have an employee leave the company and take everyone with him or her. Courts in most states generally will uphold these covenants, provided that they contain a limitation as to the time period the former employee would be restricted and that they are reasonable to protect the employer’s legitimate business interests.
A covenant of nonsolicitation of customers prohibits former employees from soliciting business from the customers and prospective customers of his or her former employer. This restriction primarily protects the employer’s interest in developing customer relationships and contacts. An employer can define whom the employee is prohibited from soliciting in two ways. First, the employer can limit solicitation to those customers with whom the employee had material contact while employed. However, in order to be enforceable, such a limitation typically must provide that the covenant restricts solicitation only of customers the employee actually contacted or dealt with for business purposes while employed. Second, an employer can prohibit solicitation of customers located within a specified geographic area in which the former employee engaged in business on behalf of the employer.
Certainly, the prospect of having to sue a former employee is not one that most employers take lightly. However, by recognizing the harm that can be done by a departing employee and by exerting its legal rights to prevent or reduce improper use of a company’s proprietary information or violation of its written restrictive covenant agreements, employers can help to minimize the damage that may arise.