Privacy and Cybersecurity

Subscribe to Privacy and Cybersecurity via RSS

A federal judge in Colorado declined to sanction Plaintiff DTC Energy Group Inc. (“DTC”) for disclosing information governed by a civil protective order. DTC Energy Group, Inc. v. Hirschfeld, 1:17-cv-01718 (D. Colo. July 27, 2020).

DTC, a consulting and staffing firm serving the oil and gas industry across the United States, filed suit in July 2017 against Defendants Ally Consulting, LLC (“Ally”), a former business partner and direct competitor of DTC, and two former DTC employees.

The amended complaint alleged a variety of claims, including trade secret misappropriation, unfair competition, breach of employment contract, and civil conspiracy to steal trade secrets.

During  discovery, and subject to an oral protective order issued by the court, Ally produced to DTC documents and information that contained certain of Ally’s trade secrets.  DTC later shared documents produced as “confidential” in the litigation with both its outside criminal attorney and with a Denver assistant district attorney after receiving a grand jury subpoena for those documents.  Ally and the other defendants accused DTC of malfeasance and of willful violation of the protective order, and sought sanctions in the  litigation.Continue Reading Caught between a rock and a hard place; that is, a subpoena and a protective order

Companies looking to protect valuable trade secrets and confidential information routinely employ multiple precautions ranging from employee training to technological safeguards.

Another potential tool in the arsenal, and worth careful consideration for companies operating in the government contract space, is the National Institute of Standards and Technology’s (NIST) recently released final public draft of enhanced security requirements. NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B, provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI) associated with critical programs or high value assets from the risks posed by advanced persistent threats (APTs).
Continue Reading Companies Protecting Trade Secrets Should Consider Role of NIST’s Enhanced Security Requirements

On May 22, the Eleventh Circuit clarified trade secrets misappropriation analysis under the Florida Uniform Trade Secrets Act (“FUTSA”), strengthening the trade secret protection offered by the statute. The decision vacated a magistrate judge’s finding that the defendants had not misappropriated trade secretes following a bench trial in the Compulife Software Inc. v. Newman et al. matter (No. 18-12004). The court found error in the magistrate’s failure to “consider the several alternative varieties of misappropriation” contemplated by FUTSA and the magistrate’s reasoning that the public availability of life insurance quotes on the plaintiff’s website “automatically precluded a finding that scraping those quotes constituted misappropriation.”

“At its essence, it’s a case about high-tech corporate espionage,” Circuit Judge Kevin C. Newsom’s opinion begins. The plaintiff, Compulife Software Inc. (“Compulife”), sells access to its online database of insurance premium information, which synthesizes publicly available insurers’ rate tables using Compulife’s proprietary method and formula. Compulife also provides life insurance quotes sourced from its online database. The database itself is valuable because it consistently updates with current information about life insurers’ rate tables and allows for direct comparison across dozens of providers. Compulife licenses access to the database to its customers—primarily insurance agents who in turn seek to provide reliable insurance rate estimates to policyholders. In direct competition with Compulife, the defendants likewise generate life insurance quotes through their various websites.Continue Reading Eleventh Circuit Solidifies Protection of Trade Secrets Threatened By “High-Tech Corporate Espionage” Under Florida’s Trade Secret Law

The COVID-19 crisis has presented an array of novel issues for companies, including new and unexpected cybersecurity threats. In addition to the now well-known security limitations of video platforms such as Zoom, we are seeing cyber-attacks in the form of COVID-19 related phishing attempts and ransomware attacks. In at least some of these attempted hacks, cybercriminals are hoping to steal trade secrets.

  • Cybercriminals are taking advantage of the novel at-home working environment and the increased fear and uncertainty surrounding the pandemic to launch malware and phishing attacks related to COVID-19.
  • Employees may be more likely to click a link or open an attachment, even though they would never consider doing so in a normal situation at work.
  • Therefore, malware may pose more of a danger than it did when employees primarily accessed their email over their employers’ traditionally more protected systems.
  • Companies should consider putting employees on notice about the COVID-19 related phishing attempts and provide examples of common scams.

Continue Reading COVID-19 and the Unique Opportunity for Phishing

On April 20, 2020, the Supreme Court granted cert in Van Buren v. United States, to resolve an important circuit split over the meaning of “authorized access” under the Computer Fraud and Abuse Act (CFAA). This is the Court’s first foray into analyzing the precise contours of CFAA liability. Van Buren may have far-reaching implications for any individual or business operating in the digital domain, as the scope of civil and criminal liability under the CFAA can impact just about any sort of relationship involving access to computer systems, whether it be employer-employee relationships or third-party relationships.

The CFAA was enacted in 1986 as a first-of-its-kind statute designed to combat computer-related crimes, and has become an important and powerful tool for not only for the government but any business seeking to protect its intellectual property and computer systems. The CFAA imposes criminal liability on any person who “intentionally accesses a computer without authorization” or “exceeds authorized access” and, in doing so, obtains information from any protected computer. The CFAA also provides a civil cause of action for similar conduct. See 18 U.S.C. §§ 1030(a)(2), 1030(a)(4), 1030(a)(5)(B)-(C).
Continue Reading “Authorized Access”: The Supreme Court’s First Foray Into The Computer Fraud and Abuse Act

Companies and other organizations increasingly must face serious and complex threats to their business and infrastructure.  Whether the threat is trade secret theft, rogue insiders, cybercrime adversaries, aggressive competitors, or misconduct by business and supply chain partners, companies should remain constantly vigilant and defense ready. Adversaries, including especially cybercriminals operating exclusively in the digital domain, are often highly motivated, sophisticated, resourced, and innovative. The opaque, pervasive, and global nature of modern digital networked environments presents opportunities for criminals. The sophistication and relentless creativity of these bad actors pose significant challenges to companies and law enforcement agencies in being able to detect, assess, mitigate, attribute, and deter these threats. Because available tools and real-world practices to address these threats often outpace the law, companies are called upon to develop their own comprehensive approaches to investigate and remediate these forms of risk. In doing so, companies must be willing to assume a certain level of risk to effectively investigate and obtain sufficient insight to counter the problems.
Continue Reading Complex Threat Investigations: Tips for Investigating Trade Secret Misappropriation and Other Digital Crimes

Chinese national and materials scientist Hongjin Tan has pled guilty to stealing from his former employer Phillips 66 (“Phillips”) more than $1 billion in trade secrets related to next generation battery technology.

DOJ announced Tan’s guilty plea this week which revealed that he copied substantial research and development files that he knew contained protected company

We invite you to join Crowell & Moring’s second installment of our “Safeguarding Your Secrets in the Digital Age” webinar series: Reasonable Precautions to Protect Trade Secrets in The Digital Age, taking place on Tuesday, October 8th at 12:00 pm (EDT).

During this webinar, Crowell & Moring Counsel Kate Growley and Julia Milewski

Applying the trade secret label to diversity initiatives is growing in popularity in recent years.

This issue has arisen in the context of public records requests, as companies with government contracts are subject to the Labor Department’s anti-discrimination arm and are required to provide diversity information in the form of EEO-1 reports. Several companies have

On January 25, 2019, the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corp. ruled unanimously that plaintiffs do not need to allege “some actual injury or adverse effect” in order to challenge alleged violations of Illinois’ Biometric Information Privacy Act (BIPA). In so doing, the Supreme Court expressly held that the loss of