Earlier this afternoon, the White House announced a major initiative to combat the increasing threat to U.S. companies from the theft of trade secrets. The initiative addresses both external threats as well as internal threats from employees and other insiders, including the threat that a company’s most valuable intellectual property might simply walk out the front door on a flash drive in an employee’s pocket. One industry participant at the White House briefing, John Powell of AMSC, emphasized that “no matter how secure a company thinks its computers and networks are from external technical threats, the internal threat from employee theft is always present and, in many senses, is more difficult to deal with.”
The initiative, called the “Strategy to Mitigate the Theft of U.S. Trade Secrets,” involves five elements: diplomatic outreach, promoting best practices in the private sector, increased efforts by law enforcement, legislative changes, and increasing public awareness of the threat. These efforts could affect employers in several ways, including those described below.
- Defining Best Practices: Government officials, including the U.S. Intellectual Property Enforcement Coordinator, will facilitate industry efforts to develop voluntary best practices to combat trade secret theft. Best practices are expected to be developed in the following areas: research and development compartmentalization; information security policies; physical security policies; and human resources policies. Employers might benefit from shared information about these strategies and wish to contribute to the project, but establishing best practices could result in new standards that companies are expected to meet. As a result, the White House initiative emphasizes that the standards will be voluntary and not necessarily appropriate for all companies.
- Encouraging Cooperation Among Companies: As part of the development of best practices, the initiative seeks to encourage companies to work together to develop solutions to the problem of trade secret theft. The White House statement notes that companies should act “consistent with anti-trust laws,” while an industry participant at the White House briefing noted that the initiative should include a review of rules that could thwart industry cooperation, including anti-trust laws.
- Greater Ability for Companies to Invoke Government Assistance: The initiative emphasizes both increased intelligence sharing, law enforcement, and diplomatic efforts. As a result, companies should find a helping hand at federal agencies, including the Department of Justice, FBI, the Department of State, and the US Trade Representative. Government assistance could include advance warnings about suspected threats to companies as well as investigating and prosecuting incidents of theft. If the theft occurs overseas or involves actors outside the United States, the government may seek extradition and/or investigation and prosecution by foreign authorities.
- New Tools for Private Enforcement: The Administration will also review existing laws to identify legislative changes that might be needed to enhance enforcement against trade secret theft. The White House did not mention any particular laws, but one possibility is to amend the Computer Fraud and Abuse Act. Currently, appeals courts are split as to whether this Act may be used by an employer against an employee who steals trade secrets from the employer’s computer systems if the employer gave the employee access to those systems, albeit not for purposes of stealing company secrets. It would be helpful to clarify that the Act is not limited to situations where unrelated individuals hack into a computer system.
In light of the White House initiative, companies might wish to review their own policies and procedures addressing trade secret theft. Addressing that threat involves a comprehensive plan, including identifying which information is critical, designating that information confidential, establishing practices, procedures, and policies to maintain confidentiality, and being prepared to address immediately breaches that occur. Each step implicates several areas of the law, including data security, privacy, intellectual property, white collar crime, employment, employee benefits and executive compensation, corporate and securities, insurance coverage, and crisis management.