Last month the U.S. Department of Justice (DOJ) announced that an engineer in Georgia pled guilty to conspiracy to steal trade secrets from an aircraft company.
Essentially, the thief conspired with others to steal aircraft wing designs and anti-icing testing research hoping to get FAA certification for another company’s product.
In the thirty-two (32) page initial complaint, a few pages are devoted to how the aircraft company (victim) attempted to protect their trade secrets.
I thought it would be useful to consider the safeguards taken by the aircraft company.
Why is this important?
Legal experts explain that in order to claim/allege another stole your trade secrets, you need to show that you took reasonable steps to protect those secrets.
Here’s a quote from a blog post titled, “Safeguarding Secrecy: Taking “Reasonable” Measures to Protect Trade Secrets,” written by IP Attorney Esha Bandyopadhyay, of Fish and Richardson P.C.
“The Uniform Trade Secrets Act (UTSA) requires a trade secret owner to take protective measures that are “reasonable under the circumstances.” Similarly, the Defend Trade Secrets Act (DTSA) requires an owner to take “reasonable measures to keep [trade secret] information secret . . . ”
Some Steps Taken by the Aircraft Company to Protect Their Trade Secrets as Detailed in the Initial Complaint:
Company A protected its anti-ice and wing model information as confidential and proprietary.
Company A used a number of reasonable measures to protect its sensitive and proprietary information, including the following:
A. Company A staffed guards in its main lobby during business hours and deployed a mobile patrol unit to conduct routine patrols 24-hours per day, 7 days per week.
B. Company A granted physical access to its facilities to only those persons with a valid badge.
Company A required all employees, contractors and visitors to have a badge and wear it visibly at all times. Badges could be used to access only those areas that an employee or contractor had a predetermined need to access.
C. To sponsor a visitor and obtain a visitor badge, a Company A employee had to submit a visitor request including the visitor’s name, company affiliation, purpose for visit and citizenship status. Citizenship status information was required because certain areas of Company A are off limits to non-U.S. nationals.
D. Company A maintained visitor logs in its badging system, and required that visitors be escorted by Company A personnel at all times while in the facility.
E. Company A implemented data security policies by requiring all new employees and contractors to sign declarations that they have read, reviewed, and agree to abide by Company A’s Business Conduct and Ethics Policy, as well as its Use of Computing Systems, Equipment and Support policy.
These policies prohibited the unauthorized use or dissemination of sensitive and proprietary information, as well as the use of storage devices and laptops on its computer systems and networks without authorization.
Company A confidentiality obligations continue even after an employee or contractor leaves Company A.
F. Company A employees with access to information about Company A’s future programs and activities which had not yet been announced companywide were required to sign an additional Need To Know document in which they agreed to maintain the confidentiality of that information, even from other Company A employees.
G. Company A required suppliers, vendors and service providers to execute proprietary information/non-disclosure agreements before they were allowed to receive any Company A confidential and proprietary information or access Company A facilities.
H. Company A limited access to its sensitive and proprietary information to those who needed the information to perform their employment duties on Company As secure electronic database.
To obtain access to this database, employees were required to:
(1) possess a valid employee badge to enter Company As main buildings;
(2) swipe the badge to access limited-access areas;
3) scan the badge into an employee computer terminal;
4) login with a unique username and password to the Company A network;
(5) open a database to which a limited number of employees had access; and
(6) login to the database with a unique employee number and password.
I. Company A tracked searches within its database, such that a system administrator could see what a unique user has searched for and accessed, as well as when the activity occurred.
J. Company A labeled the front of its reports with a notice indicating that the information was proprietary and that the information could not be disclosed to others without the written authorization of Company A.
K. Company A prohibited remote access to its database without an approved Company A laptop or cellphone and a VPN token to ensure an encrypted connection.
Disclaimer: IPProbe.Global is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.