News Detail Banner
All News & Events

Delaware Court Finds Password Protection for Electronic Documents Insufficient to Preserve Trade Secrets

August 01, 2014
Business Litigation Reports

Key questions in most trade secret cases are whether information was misappropriated and whether that information qualified as a trade secret in the first place. Under the Uniform Trade Secrets Act’s definition of a trade secret, whether information is a qualified trade secret depends on whether the efforts taken to maintain the information’s secrecy are “reasonable under the circumstances.” See, e.g., Del. Code Ann. tit. 6, § 2001(4) (West) (adopting, like the majority of states, the Uniform Trade Secrets Act’s definition of a trade secret). For example, strict password policies are a common business practice when it comes to protecting digital files, and one might assume they are a “reasonable” method of protecting digitally stored trade secrets. Not so, according to the Delaware Court of Chancery, which ruled that in the circumstances of a recent case, password protection alone was not sufficient to maintain trade secret status. Wayman Fire Prot., Inc. v. Premium Fire & Sec., LLC, No. 7866-VCP, 2014 WL 897223 (Del. Ch. Mar. 5, 2014).

At issue in Wayman Fire Protection were two reports taken from the plaintiff’s Salesforce.com account. The first, an “opportunities report,” identified Wayman’s prior bids, prospective business opportunities, and Wayman’s internal assessments of those opportunities. Id. at *13. The second, a “contacts report,” simply listed the names and contact information of Wayman’s current clients. Id. Both reports wound up in the hands of a competitor, Premium Fire & Security, when a Wayman employee departed for Premium Fire and took his backup of the electronic files he used at Wayman with him. Id. at *7. The employee then copied this entire backup drive, including the Salesforce reports from Wayman, onto his Premium Fire computer. Id. After losing a bid to Premium Fire, Wayman began to suspect that the employee had taken Wayman’s files with him to his new employer, and ultimately it sued Premium Fire and Wayman’s former employees for tortious interference with prospective contractual relations, misappropriation of trade secrets, misuse of computer system information, breach of the duty of loyalty, conversion, and civil conspiracy. Id. at *8. After a bench trial, the court found no liability for misappropriation of trade secrets, in part because Wayman failed to show its password policies met the standard for reasonable efforts to protect the secrecy of the information. Id. at *15-16 (addressing faults in plaintiff’s proof of misappropriation). Although the defendants conceded that the former employee had copied the files to Premium Fire’s computer and used them without Wayman’s permission, the court ruled that the Salesforce reports did not qualify for trade secret protection. Id.

In Delaware, as in other states, customer lists are recognized as potentially eligible for trade secret protection. See, e.g., Am. Family Mut. Ins. Co. v. Roth, 485 F.3d 930, 933 (7th Cir. 2007) (under Wisconsin’s implementation of the Uniform Trade Secrets Act, customer lists are eligible for protection as trade secrets); N. Atl. Instruments, Inc. v. Haber, 188 F.3d 38, 44 (2d Cir. 1999) (under New York law customer lists are protectable as trade secrets); cf. Nationwide Mut. Ins. Co. v. Mortensen, 606 F.3d 22, 28 (2d Cir. 2010) (under Connecticut law, customer lists are within the scope of trade secret protection, but a number of the state’s courts have noted that they often lie on the periphery of the law of trade secrets) (quotation omitted). In Wayman Fire Protection, however, the court was “not persuaded that merely password protecting the Salesforce information at issue here constitute[d] reasonable efforts to protect the confidentiality of that information.” 2014 WL 897223, at *16. Wayman protected the Salesforce documents by limiting access to only a handful of employees, each of whom had a Salesforce password that had to be changed every 30-60 days. Id. at *8. But limiting access to the documents was not enough: What mattered to the court was whether Wayman’s efforts sufficiently conveyed “that the Salesforce information was highly confidential or secret.” Id. at *16. The Delaware Court of Chancery found that because it was not “inherently obvious” that client names and phone numbers—most of which competitors could easily have found on their own simply by determining which businesses were subject to fire alarm and protection regulations—were confidential, proprietary information, Wayman “should have done something more to impress that fact upon those with access to Salesforce.” See id. For example, Wayman could have “monitor[ed] its authorized employees’ use of Salesforce or restrict[ed] those employees’ abilities to download, export, or otherwise transmit Wayman’s Salesforce data.” Id. at *8.

The finding that the password protected files did not qualify for trade secret protection stands out in contrast with the court’s other findings on related issues where Wayman established liability. Notably, the defendants conceded liability under Delaware’s Misuse of Computer System Information Act. See id. at *17 (citing 11 Del. C. § 935). The court specifically found that Premium Fire knowingly retained and improperly used computer data, in violation of the statute. Id. at *19. As a consequence, the court awarded Wayman unjust enrichment damages. Id. at *29-30. However, the court held that Wayman had not shown any of the defendants acted “wilfully and maliciously” in misusing the computer files, a prerequisite for treble damages under the statute. Id. at *19. Furthermore, the court found the computer files which the former employee copied from Wayman and used during the course of his job at Premium Fire were sufficiently “confidential” to trigger a duty of loyalty on the part of the employee. Id. at *22; see also id. at *20 (noting that under Delaware law, “if an employee in the course of his employment acquires secret information relating to his employer’s business, he occupies a position of trust and confidence toward it and must govern his actions accordingly”). Based on that finding, the court concluded that the former employee’s misuse of Wayman’s confidential information breached his duty of loyalty by benefiting Premium Fire, a direct competitor of Wayman. Id. at *22. Thus, the court distinguished both the defendants’ unauthorized use of Wayman’s information—required to support Wayman’s Misuse of Computer System Information Act claim—and the mere confidentiality of the information—required to support Wayman’s breach of duty of loyalty claim—from the more restrictive requirement that efforts to maintain secrecy be “reasonable under the circumstances” as required to support a trade secret misappropriation claim.

The court also distinguished the facts of Wayman Fire Protection from a strikingly similar earlier case finding that electronic customer lists did qualify for trade secret protection. Id. at *14 n.108 (citing Great Am. Opportunities, Inc. v. Cherrydale Fundraising, LLC, 2010 WL 338219, at *19 (Del. Ch. Jan. 29, 2010). In Great American Opportunities, the electronic customer lists were password protected, but were further addressed in provisions in an employment contract and handbook, and in letters the company sent its employees following termination notifying them of the sensitive and proprietary nature of that information and prohibiting them from disclosing such information both during and after their employment. 2010 WL 338219, at *19. On these facts, the court held that the electronic customer lists qualified for trade secret protection. Id. at *20.

The court’s opinion in Wayman Fire Protection, reaching the opposite conclusion, can be seen as suggesting that passwords have proliferated to the point where typing in a password is no longer adequate to put employees on sufficient notice that the information protected by that password is to be kept secret. This is consistent with the reality that today passwords are no longer reserved only for the most important or confidential information, but are becoming ubiquitous.

Wayman Fire Protection signals that the Delaware court is likely to enforce the burden on trade secret plaintiffs to show that alleged trade secrets are confidential and proprietary—that they are, in fact, secrets. There is no exhaustive list of acceptable methods, but in light of Great American Opportunities and Wayman Fire Protection, the more traditional instruments such as contracts, handbooks, and post-employment letters are likely to remain important tools in securing protection for trade secrets. At the same time, the Wayman Fire Protection opinion confirms that improper use of confidential information by former employees and competitors, even if it does not rise to the level of misappropriation of trade secrets, may establish significant liability for other torts under both statutory and common law claims