by John L. Watkins
We have addressed the importance of trade secrets and confidential information previously on this blog and in our series of podcasts. We have discussed huge jury verdicts that have recently come down against companies found to have violated the trade secret rights of others. We have also discussed how some prosecutors are now taking an interest in criminal prosecutions of trade secret violations under federal law. However, it should be noted that a California jury just acquitted two defendants who had been criminally charged with economic espionage.
Although the foregoing should have been enough to get anyone’s attention, the news just keeps coming. According to recent reports, a Chinese company just agreed to a $200 million settlement of a trade secret case in California. Associated Press has reported that a former Home Depot manager has been criminally accused of passing trade secret information. These issues are extremely serious and should be considered carefully by any company large or small.
To reiterate some of the key points: Each company should have practices in place to protect its own confidential information and to assure the confidentiality of the confidential information of others that it has agreed to keep secret. Potential legal protections should include: (1) Non-disclosure agreements (“NDAs”) with employees. These NDAs should cover the company’s information. In addition, if the employee will be handling confidential information of others, the NDA should cover that as well; (2) NDAs with consultants or outsourced resources; (3) NDAs with actual or potential suppliers; (4) NDAs with actual or potential customers; (5) NDAs with actual or potential investors; and (6) NDAs with potential business “partners.” Depending on a company’s business, there may be other parties who should be subject to an NDA. It is also a good idea to have company policies stressing the need to protect the company’s own confidential information and trade secrets, and the confidential information and trade secrets of others.
Having an NDA program in place, however, is probably not enough. A company should take other common-sense steps to avoid legal entanglements. These steps should probably include: (1) stressing periodically to employees the need to maintain confidentiality; (2) advising employees that particular information is sensitive; (3) making sure that only employees or others with a true need to know have access to confidential or trade secret information; (4) keeping hard copy confidential or trade secret information under lock and key; (5) password-protecting or otherwise restricting access to electronically stored information; (6) restricting copying of sensitive information; and (7) restricting or monitoring use of portable storage media such as thumb drives and portable hard drives. There may well be other steps that a company should take depending on the circumstances.
The one thing a company should not do is assume that it will avoid issues regarding confidential information and trade secrets. Burying one’s head in the sand may work for an ostrich, but it will not work for businesses in today’s complex and litigious world.
Monday, November 23, 2009
Saturday, November 7, 2009
Why Dispute Resolution Provisions Matter
By John L. Watkins
Commercial contracts of all types, ranging from sales agreements to merger agreements often contain "dispute resolution" provisions. These provisions typically govern what happens if there is a claim or dispute arising out of or relating to the agreement. In essence, the dispute resolution clause is a contractual agreement as to how the parties are going to resolve any differences that may arise.
Having litigated commercial contracts of different types for many years, one observation is that parties often do not pay enough attention to these provisions at the time the contract is drafted. At the time the contract is drafted, the parties are often focused on price and other key business terms. In addition, at the time a transaction is coming together, both sides are typically looking forward to a mutually beneficial relationship. In short, at the time a contract is finalized and signed, neither party tends to believe anything will go wrong. As a result, the dispute resolution provision, if it is considered at all, is often left to the last round of discussions.
Dispute resolution provisions often address two potentially important points: (1) Where a claim or dispute will be decided, and (2) how the dispute will be decided. Both issues require careful consideration.
Commercial contracts of all types, ranging from sales agreements to merger agreements often contain "dispute resolution" provisions. These provisions typically govern what happens if there is a claim or dispute arising out of or relating to the agreement. In essence, the dispute resolution clause is a contractual agreement as to how the parties are going to resolve any differences that may arise.
Having litigated commercial contracts of different types for many years, one observation is that parties often do not pay enough attention to these provisions at the time the contract is drafted. At the time the contract is drafted, the parties are often focused on price and other key business terms. In addition, at the time a transaction is coming together, both sides are typically looking forward to a mutually beneficial relationship. In short, at the time a contract is finalized and signed, neither party tends to believe anything will go wrong. As a result, the dispute resolution provision, if it is considered at all, is often left to the last round of discussions.
Dispute resolution provisions often address two potentially important points: (1) Where a claim or dispute will be decided, and (2) how the dispute will be decided. Both issues require careful consideration.
Where the Dispute Will Be Decided. Dispute resolution provisions often have forum selection clauses, which are also known as choice of venue provisions. These provisions specify which court or courts will decide the dispute, and often provide that the court or courts in a particular jurisdiction will exclusively decide the dispute. Although there are sometimes exceptions, the courts have generally enforced these provisions.
It is easy to see why the choice of venue is important. To use an analogy to sports, the forum selection clause may mandate that the dispute must be decided (literally) in the other party's home court. Of course, it may still be possible to win in the other party's jurisdiction, but the fight will almost always be more difficult and more expensive. If the other party is, for example, a large employer in the other jurisdiction, it may be difficult to pick an impartial jury. It will also be necessary, at the least, to hire counsel in the jurisdiction to work with the company's usual counsel. This adds a layer of expense.
How the Dispute Will Be Decided. Dispute resolution provisions may also contain provisions requiring that the dispute be decided by binding arbitration, instead of in the court system. In arbitration, the case most often is decided either by a single arbitrator or a panel of three arbitrators. Arbitrators most typically are lawyers with some experience in the substantive area or non-lawyer industry experts.
Many companies, particularly international companies, prefer arbitration over litigation. There are pros and cons to arbitration, and whether arbitration is right for a particular party requires consideration of the particular circumstances. If parties to a commercial contract agree to arbitration, the agreement is typically enforceable. In addition, and although there are exceptions, it is extremely difficult to appeal an award entered in arbitration through the court system.
If arbitration is chosen, the dispute resolution provision may also address important topics such as how the arbitrators are to be selected, and where the arbitration is to be held. The dispute resolution provision may mandate that a particular organization, such as the American Arbitration Association ("AAA") or the International Chamber of Commerce ("ICC") administer the arbitration. The AAA, ICC and other organizations also have rules that will often be specified to govern the arbitration. The choice of an administering organization can be important. The use of an administering organization adds a layer of expense in the form of various fees. In addition, the parties must pay the arbitrators' fees, which can be quite expensive.
Conclusion. The purpose of this post is not to argue for a particular type of dispute resolution provision, but rather to point out the need for parties to consider them carefully before signing a contract. In most instances, the dispute resolution provisions will never come into play. When there is a dispute, however, they become extremely important.
Tuesday, October 27, 2009
New Podcasts Available in Series on Common Legal Mistakes by International Companies
by John L. Watkins
Parts 3 and 4 of our podcast series on How International Companies Can Avoid Key Legal Mistakes in Doing Business in the U.S. are now available. In Part 3, we discuss why U.S. contracts are so long (in general, the freedom of contract generally favored in the U.S. includes with it the responsibility to consider and negotiate provisions carefully, and the failure to do so can create risks). We also discuss important legal provisions in contracts, including getting paid and delivery terms.
In Part 4, we continue the discussion of important legal terms that are frequently overlooked or misunderstood, including warranties, indemnities, termination provisions, and dispute resolution provisions.
The podcasts are available on iTunes (search "ctflegal" and download or subscribe), the firm's website, http://www.ctflegal.com/, or the firm's podcast page, http://www.ctflegal.blip.tv/.
We hope you will enjoy these and our other podcasts. Each podcast is actually a video podcast with slides that accompany the audio presentation.
Parts 3 and 4 of our podcast series on How International Companies Can Avoid Key Legal Mistakes in Doing Business in the U.S. are now available. In Part 3, we discuss why U.S. contracts are so long (in general, the freedom of contract generally favored in the U.S. includes with it the responsibility to consider and negotiate provisions carefully, and the failure to do so can create risks). We also discuss important legal provisions in contracts, including getting paid and delivery terms.
In Part 4, we continue the discussion of important legal terms that are frequently overlooked or misunderstood, including warranties, indemnities, termination provisions, and dispute resolution provisions.
The podcasts are available on iTunes (search "ctflegal" and download or subscribe), the firm's website, http://www.ctflegal.com/, or the firm's podcast page, http://www.ctflegal.blip.tv/.
We hope you will enjoy these and our other podcasts. Each podcast is actually a video podcast with slides that accompany the audio presentation.
Sunday, October 25, 2009
Trade Secret Prosecution Begins Under Federal Statute
By John L. Watkins
The protection of trade secrets through litigation has generally been limited to civil lawsuits, typically filed under state law statutory or common law provisions. This is true even though federal and state statutes have provided criminal penalties for trade secret misappropriation. The conventional wisdom was that prosecutors preferred pursuing more traditional crimes, perhaps lacked the resources to pursue trade secret violations, and preferred to leave enforcement to the aggrieved party's civil attorneys.
This approach and attitude may be changing. Last week, prosecutors in California began a trial against two individuals. The charges allege violation of the Economic Espionage Act, a federal statute adopted in 1996. According to press reports, the case involves the first jury trial in a case brought under the Act.
The Economic Espionage Act, 18 U.S.C. Section 1831, et seq. resembles many state trade secret statutes and provides broad criminal penalties for trade secret violations. Another federal statute that provides criminal and civil remedies, the Computer Fraud and Abuse Act, 18 U.S.C. Section 1030, et seq., may also come into play in trade secret cases. State statutes may also provide criminal remedies.
The increasing involvement of government authorities in enforcing remedies involving trade secrets certainly signals a new level of risk for those who may be considering taking or copying trade secrets. Many trade secret cases are brought against former employees who have left a company to join a competitor or to start a new business. The short answer for persons leaving a company is to be very careful and to have a very clear understanding with the employer about what can and cannot be taken.
I doubt, however, that the primary enforcement activity will shift from a company's civil litigation attorneys. Quite simply, the issue is one of control. In civil litigation, a company can decide whether to enforce its trade secret rights through litigation, the legal theories to be advanced, and can have a direct role in any resolution.
Friday, October 16, 2009
Update on Sidekick Incident
by John L. Watkins
Earlier this week, I discussed the incident regarding the apparent loss of data for users of the Sidekick phone sold by T-Mobile. Microsoft is now reporting on the T-Mobile website (10/15/09, 1:00 a.m. P.D.T.) that it believes it has recovered most, if not all, of the data.
Although this is good news, it appears that the incident has created considerable negative publicity for cloud computing generally. According to published reports, Microsoft is trying to limit the fallout from the incident, and has stated that the problem arose from technology used by its Danger Inc. subsidiary, which it describes as separate from Microsoft's other and core cloud based technologies.
It is heartening to know that considerable resources have been devoted to retrieving Sidekick users' data. At the same time, as reported in the original post, it appears that cloud providers still often contractually disclaim liability for loss of data.
It has been reported that at least two lawsuits have already been filed over the incident. It will be interesting to follow whether the lawsuits will be pursued if all or most of the data is in fact retrieved. I have not been able to determine whether the Sidekick terms and conditions disclaim liability. If they do, it will be interesting to see whether the limitations are enforced. Also, since the customer's relationship is presumably with T-Mobile and not Danger Inc., it will be interesting to see if any limitations will apply to Danger Inc.
Earlier this week, I discussed the incident regarding the apparent loss of data for users of the Sidekick phone sold by T-Mobile. Microsoft is now reporting on the T-Mobile website (10/15/09, 1:00 a.m. P.D.T.) that it believes it has recovered most, if not all, of the data.
Although this is good news, it appears that the incident has created considerable negative publicity for cloud computing generally. According to published reports, Microsoft is trying to limit the fallout from the incident, and has stated that the problem arose from technology used by its Danger Inc. subsidiary, which it describes as separate from Microsoft's other and core cloud based technologies.
It is heartening to know that considerable resources have been devoted to retrieving Sidekick users' data. At the same time, as reported in the original post, it appears that cloud providers still often contractually disclaim liability for loss of data.
It has been reported that at least two lawsuits have already been filed over the incident. It will be interesting to follow whether the lawsuits will be pursued if all or most of the data is in fact retrieved. I have not been able to determine whether the Sidekick terms and conditions disclaim liability. If they do, it will be interesting to see whether the limitations are enforced. Also, since the customer's relationship is presumably with T-Mobile and not Danger Inc., it will be interesting to see if any limitations will apply to Danger Inc.
Tuesday, October 13, 2009
Sidekick Episode Provides Real World Example of Cloud Computing Risks
by John L. Watkins
In a prior post, I wrote regarding both the promise of cloud computing, or software as a service, and the very real potential legal issues and conundrums faced by businesses considering moving some or all of their IT services and data to the "cloud." Perhaps the most fundamental issue is responsibility, or, more importantly, lack thereof, for lost data.
Recently, users of the Sidekick phone manufactured by Microsoft's subsidiary Danger experienced a loss of data first hand. According to published reports, contacts and photos stored on the phones were lost due to a server failure. One report indicated that the data was most likely permanently lost. However, as of this writing, T-Mobile, the distributor of the phone, stated on its website that "recent efforts indicate the prospects of recovering some lost content may now be possible." (Updated 10/12/09, 5:15 p.m. P.D.T.) The final outcome remains to be seen.
It is beyond question that many Sidekick users have been, at the least, severely inconvenienced by this event. The event puts in a very real context the possible loss of data by businesses considering using cloud based services. Consider the possible consequences of a catastrophic loss of data a doctor's office, an insurance agency, a law firm, or basically any other business.
As things presently exist, it appears that users of cloud based services may have little in the way of legal remedies. A very quick review of the terms and conditions for two of the best known cloud providers illustrate the issue. The Google Apps Premier Edition Agreement, paragraphs 14.1 and 14.2, disclaims liability for incidental and consequential damages and limits total liability to the amount paid by the customer to Google for services in the preceding twelve (12) months. The Agreement mandates California law and sets the exclusive venue for any dispute to be the courts in Santa Clara, CA. (Paragraph 15.10).
The Master Subscription Agreement for Salesforce.com, which is said to govern the free trial and any subsequent subscription, similarly limits liability, for any single incident, to the lesser of $500,000 or the amounts paid by the customer in the preceding twelve (12) months. (Paragraph 11.1). The Agreement also excludes incidental and consequential damages (Paragraph 11.2). The exclusive venue for litigation (for North American customers) is San Francisco, CA.
I have not researched the enforceability of these limitations under California law, but it is a pretty safe bet that the attorneys who drafted the terms and conditions have done so. Assuming the provisions are enforceable, it means, in common parlance, that a customer experiencing a service interruption or loss of data is out of luck. One prominent commentator, John C. Dvorak, has written that the Sidekick incident may "blow up the cloud," and that the end user license agreements limiting responsibility are the reason.
For a business considering cloud based computing, the Sidekick incident should provide fair warning. Technology is not perfect. Data loss does happen, and there may be no effective remedy. To be fair, this could also happen using a conventional network, and there may be no remedy in that instance as well. However, a business that backs up its data with a simple tape drive system has a pretty reasonable chance of recovering it in the event of a server failure. Any business considering a cloud based approach should, at the very least, have the provider's terms and conditions reviewed so that it can assess the risk it is assuming.
The lawyers who drafted these terms and conditions cannot be faulted: They are doing what lawyers are supposed to do. Sellers often limit liability, and with good reason. However, if machinery, as an example, breaks down, it can be repaired or replaced. The irretrievable loss of data is, at least from a real world perspective, different (the "legalities" may well be the same). Further, the failure of cloud providers to take legal responsibility may limit the widespread adoption of cloud based technology.
Please do not understand this as a blanket rejection of cloud based computing. I love Google's applications (after all, this is being written on Blogger) and have been very impressed by a demonstration of Salesforce. I also am a loyal (perhaps to a fault), T-Mobile customer (BlackBerry, not Sidekick!). Whether I would store critical data or confidential client information in the cloud, however, is another story, at least at this point in time.
I'm just an old lawyer from Atlanta, but it seems to me that if one of these companies were willing to accept some liability for data loss (such as, for example, a guarantee to restore data in a certain period of time or face some real liability), it would eliminate one of the key objections to cloud based technology. If the risk of data loss is truly minuscule, notwithstanding the Sidekick incident, this should be a risk that could be spread over a large user base for an incremental additional cost. It is even possible that an enterprising insurer is developing a product that could serve as a backstop. My guess is there is some money to be made here at a number of levels. Maybe that vendor is out there somewhere in the cloud.
In a prior post, I wrote regarding both the promise of cloud computing, or software as a service, and the very real potential legal issues and conundrums faced by businesses considering moving some or all of their IT services and data to the "cloud." Perhaps the most fundamental issue is responsibility, or, more importantly, lack thereof, for lost data.
Recently, users of the Sidekick phone manufactured by Microsoft's subsidiary Danger experienced a loss of data first hand. According to published reports, contacts and photos stored on the phones were lost due to a server failure. One report indicated that the data was most likely permanently lost. However, as of this writing, T-Mobile, the distributor of the phone, stated on its website that "recent efforts indicate the prospects of recovering some lost content may now be possible." (Updated 10/12/09, 5:15 p.m. P.D.T.) The final outcome remains to be seen.
It is beyond question that many Sidekick users have been, at the least, severely inconvenienced by this event. The event puts in a very real context the possible loss of data by businesses considering using cloud based services. Consider the possible consequences of a catastrophic loss of data a doctor's office, an insurance agency, a law firm, or basically any other business.
As things presently exist, it appears that users of cloud based services may have little in the way of legal remedies. A very quick review of the terms and conditions for two of the best known cloud providers illustrate the issue. The Google Apps Premier Edition Agreement, paragraphs 14.1 and 14.2, disclaims liability for incidental and consequential damages and limits total liability to the amount paid by the customer to Google for services in the preceding twelve (12) months. The Agreement mandates California law and sets the exclusive venue for any dispute to be the courts in Santa Clara, CA. (Paragraph 15.10).
The Master Subscription Agreement for Salesforce.com, which is said to govern the free trial and any subsequent subscription, similarly limits liability, for any single incident, to the lesser of $500,000 or the amounts paid by the customer in the preceding twelve (12) months. (Paragraph 11.1). The Agreement also excludes incidental and consequential damages (Paragraph 11.2). The exclusive venue for litigation (for North American customers) is San Francisco, CA.
I have not researched the enforceability of these limitations under California law, but it is a pretty safe bet that the attorneys who drafted the terms and conditions have done so. Assuming the provisions are enforceable, it means, in common parlance, that a customer experiencing a service interruption or loss of data is out of luck. One prominent commentator, John C. Dvorak, has written that the Sidekick incident may "blow up the cloud," and that the end user license agreements limiting responsibility are the reason.
For a business considering cloud based computing, the Sidekick incident should provide fair warning. Technology is not perfect. Data loss does happen, and there may be no effective remedy. To be fair, this could also happen using a conventional network, and there may be no remedy in that instance as well. However, a business that backs up its data with a simple tape drive system has a pretty reasonable chance of recovering it in the event of a server failure. Any business considering a cloud based approach should, at the very least, have the provider's terms and conditions reviewed so that it can assess the risk it is assuming.
The lawyers who drafted these terms and conditions cannot be faulted: They are doing what lawyers are supposed to do. Sellers often limit liability, and with good reason. However, if machinery, as an example, breaks down, it can be repaired or replaced. The irretrievable loss of data is, at least from a real world perspective, different (the "legalities" may well be the same). Further, the failure of cloud providers to take legal responsibility may limit the widespread adoption of cloud based technology.
Please do not understand this as a blanket rejection of cloud based computing. I love Google's applications (after all, this is being written on Blogger) and have been very impressed by a demonstration of Salesforce. I also am a loyal (perhaps to a fault), T-Mobile customer (BlackBerry, not Sidekick!). Whether I would store critical data or confidential client information in the cloud, however, is another story, at least at this point in time.
I'm just an old lawyer from Atlanta, but it seems to me that if one of these companies were willing to accept some liability for data loss (such as, for example, a guarantee to restore data in a certain period of time or face some real liability), it would eliminate one of the key objections to cloud based technology. If the risk of data loss is truly minuscule, notwithstanding the Sidekick incident, this should be a risk that could be spread over a large user base for an incremental additional cost. It is even possible that an enterprising insurer is developing a product that could serve as a backstop. My guess is there is some money to be made here at a number of levels. Maybe that vendor is out there somewhere in the cloud.
Saturday, October 10, 2009
Why Judge's New Procedure on Confidentiality May Result in Increased Arbitration and Mediation
By John L. Watkins
The Hon. J. Owen Forrester, Senior Judge of the United States District Court for the Northern District of Georgia, recently announced a new case management procedure that will limit the parties from consenting to blanket protective orders to protect the confidentiality of documents in civil cases. Such orders typically permit the parties to designate documents as "confidential" or "attorney's eyes only" without the necessity of court review or intervention. These orders are fairly common in complex business cases. Judge Forrester's procedure requires that he review a document before it is designated confidential.
Judge Forrester explained the adoption of the procedure to be based on his view that the courts should generally be open to the public. It remains to be seen whether other judges in the Northern District of Georgia or other courts will adopt Judge Forrester's procedure. However, Judge Forrester is very respected, so it would not be surprising to see his view gain favor with other judges.
If Judge Forrester's procedure becomes more widespread, there may be some interesting consequences. This past week, I participated in an interesting panel discussion on arbitration before the Atlanta Bar Association's Alternative Dispute Resolution Section. Another panelist suggested that Judge Forrester's procedure might lead to an increased use of arbitration because arbitration procedures are typically confidential. In addition, because arbitration is a creature of contract, it would seem likely that any agreement by the parties on discovery and confidentiality would be followed by the arbitrators.
Another possibility is that the procedure will foster an even greater use of mediation, or will perhaps result in mediation being used earlier in the process. Mediation is by its nature an extremely confidential process. I have previously written about why this characteristic makes mediation particularly useful in cases involving intellectual property, including trade secrets.
As for litigation, Judge Forrester's procedure will definitely require the parties to take a more detailed and focused look at confidential information that is the subject of discovery. In some cases -- those where there really is very little confidential at issue -- Judge Forrester's procedure might streamline things because the parties will simply produce the information. On the other hand, in cases where confidentiality is truly in issue, the very careful and selective review and analysis required, along with possible resulting motions practice, may slow things down and will probably result in increased expense.
The only sure thing is that Judge Forrester's procedure will require parties and their counsel to think carefully through their options before filing suit or in conducting discovery.
Subscribe to:
Posts (Atom)
Posts
