The Defend Trade Secrets Act (DTSA) "is the most significant development in trade secrets law in decades," said Russell Beck, a partner at Beck Reed Riden, during the Trade Secrets track at the AIPLA annual meeting. Not only is the Act significant in the historical sense, it also comes at a time when trade secrets themselves are becoming an increasingly important form of IP protection. Information "is the major corporate asset these days," panelist and Orrick Herrington & Sutcliffe partner James Pooley said.
"In this very interconnected environment, it's not an issue of if you've been breached, but when you've been breached," said Pamela Passman of CREATe.org. "The biggest risk to cyber security is insiders," she said. Surprisingly, Passman says that few cases have thus far dealt in depth with cyber security. Under the DTSA, however, it is required that a company establish that the information in question was a trade secret by demonstrating that reasonable measures were taken to protect it. "In the past, judges have been giving a pass in terms of cyber security," said Passman, "but I do think as we move to federal court there will be higher scrutiny."
The DTSA's predecessor, the Uniform Trade Secrets Act (UTSA) of 1985, failed to live up to its name and trade secrets law remained largely disparate from state-to-state. Peter Toren of Weisbrod Matteis & Copley presented the differences between the Acts, most notably the extraterritoriality ex parte seizure provisions.
The DTSA also adopts some important case law modifying injunctive relief as articulated in the previous statute, such as a more nuanced treatment of employees that gives them "much greater freedom of movement," said Toren. When it comes to ex parte seizures on the other hand, "in some ways we're in very much unchartered waters," he said.
After the break, panelists John Rome and Victoria Cundiff provided attendees with tips for what security measures might look like in the future. "We need to be afraid; very, very afraid of hackers" said Cundiff, an attorney with Paul Hastings. Cundiff also cautioned against the liabilities to companies receiving trade secrets that they "knew or should of known" they were acquiring.
Rome, of Intensify Analytics, said that User and Entity Behavioral Analytics (UEBA) will be the future of data protection. Such technology learns particular patterns of behavior and uses these as encryption. "It's what you do. It's behavior, it can't be emulated. It can't be stored," he said. "Behavior is the holy grail of this problem."
Tanya Forsheit of Frankfurt Kurnit Klein & Selz commented, "there's really no difference when you're talking about trade secrets," between those and data encryption or cyber security. "It's all just data, sensitive information."