Advanced Security Systems and the Human Factor
As organizations seek to prevent misappropriation of their valuable trade secrets, they are presented with advanced technology including methods and systems such as data encryption systems, internet monitoring systems, key and password protected access systems, user monitoring and reporting systems and strategic surveillance systems, to name a few. However, a recent ruling by the Oregon State Appeals Court, in the matter of Pelican Bay Forest Products, Inc. v. Western Timber Products, Inc. (“Pelican Bay v. Western Timber”) demonstrates that, to protect trade secrets, organizations should consider taking measures beyond just the adoption of available advanced technological methods and systems, designed to address the “Means of Trade Secret Misappropriation” and consider also implementing measures designed to address the actual Source of Trade Secret Misappropriation – Human Behavior or the Human Factor
The Case-Pelican Bay v. Western Timber
The Pelican Bay v. Western Timber case involved an action brought by Pelican Bay against its former employee Kelley, Kelley’s son-in-law Hotmer and one of Pelican Bay’s competitors, Western Timber and its owner Seid. It was shown through evidence presented at the trial that:
· Kelley, while working at Pelican Bay as a sales representative, had developed a valuable customer list;
· At the time of hire in 2007, Pelican Bay management obtained from Kelley an “Employee Acknowledgement” undertaking that he would abide by Pelican Bay’s employee handbook, which contained a Confidentiality Policy and list of proprietary information, which included customer lists.
· Despite signing the Employee Acknowledgement in 2007, Kelley, in 2013, attempted to sell his customer list to other Pelican Bay traders and, around the same time, contacted one of Pelican Bay’s competitors, inquiring as to its interest in hiring his daughter. Upon discovery of his conduct, Pelican Bay’s management reminded Kelley of his obligations under the previously signed Employee Acknowledgement and, in addition obtained a signed statement reaffirming his awareness of Pelican Bay’s “Confidentiality Policy” and that customer lists were deemed proprietary and confidential information belonging to Pelican Bay.
· As Kelley approached retirement as a Pelican Bay sales representative he provided confidential customer information obtained during his employment with Pelican Bay to his son-in-law Hotmer, who was hired by Western Timber and who proceeded to utlize Kelley’s customer list to solicit customers of Pelican Bay, assisted by Kelley, following his retirement, ten days after Hotmer’s hire by Western Timber.
· Upon learning of Kelley’s, Hotmer’s, Western Timber’s and its owner Seid’s conduct, Pelican Bay sent Western Timber a cease-and-desist letter informing them that they had misappropriated Pelican Bay’s confidential information and that they should stop using it immediately.
· Western Timber declined to cease use of this information, and Hotmer remained employed by Western Timber, continuing to exploit the customer list provided by Kelley,
As a consequence, Pelican Bay sued each of Kelly, Hotmer, Western Timber and its owner Seid, alleging three claims for relief against defendants: misappropriation of trade secrets, intentional interference with economic relations, and conversion.
The defendants filed a motion for summary judgment, which was granted by the trial court, and the matter was appealed by Pelican Bay to the Oregon State Appeals Court, which reversed the trial court’s entry of summary judgment finding that the defendants had violated Oregon’s trade secret law.
Lessons Learned
The Pelican Bay case provides a number of useful lessons for those organizations seeking to protect their valuable trade secret information, to wit:
· Trade secrets can take the form of information that is possessed only in a person’s memory – i.e. it need not exist in tangible form;
· The act of communicating memorized trade secret information, without the knowledge or consent of the owner of such information, may constitute an act of trade secret misappropriation and the recipient of such information may also be in violation of Trade Secret Laws;
When it comes to considering what actions an organization should take to protect its trade secrets, the Pelican Bay case further, and possibly more importantly, illustrates that technological security measures and systems, although useful in limiting the means to misappropriate trade secrets, are not sufficient. Such systems would have provided Pelican Bay no deterrent, and will not protect any organization where, as in the Pelican Bay case, the trade secret information is misappropriated, through memorization.
What then should those organizations seeking to protect their trade secret information consider-- beyond or in addition to adopting and installing advanced technology security measures and systems?
Consider the following quote by Douglas Maughan, head of cyber security research at the US Department of Homeland Security:
We’ve had too many computer scientists looking at cyber security, and not enough psychologists, economists and human-factors peopled.
One legal author summarizing the Pelican Bay case alluded to additional measures an organization seeking to protect its trade secret information should consider- consistent with Mr. Maughan’s statement, noting that:
The Pelican Bay decision reminds us that organizations should be vigilant in protecting trade secret information, regardless of what form the information may take …and ensuring employees know and understand what their employers consider a trade secret is especially important when such information is of a type that can be memorized and orally divulged.
It should be added that: as the legal author noted, It is important to not only assure that members of an organization’s work force are initially familiarized with what an organization considers to be trade secrets, but members of the workforce should be regularly refreshed on this information and documentary evidence of their understanding should be obtained and archived, as demonstrated in the Pelican Bay case in which Pelican Bay’s management required Kelley sign the “Employee Acknowledgement” in 2007, and the 2013 “signed statement” confirming his continuing understanding regarding the nature of Pelican Bay’s confidential information, including the customer list.
The BAR Group, LLC – Insider Threat Awareness Training
Realizing the limits of advanced security systems, The BAR Group team developed a unique cutting edge course designed to inoculate an organization against potential insider threat by addressing the source of all trade secret misappropriation - the Human Factor. As suggested by the legal author, noted above, our Insider Threat Awareness Training course provides each workforce member a thorough understanding of: (i) the nature of trade secrets (including tangible and intangible); (ii) the laws protecting trade secrets (covering all forms of misappropriation, including memorization); and (iii) the consequences resulting from violation of these laws, including both the civil and criminal consequences (emphasizing the potential severe consequences for violation of these laws).
To verify this understanding, our Insider Threat Awareness Training program includes computer generated, recorded and archived, testing designed: to verify the understanding of these concepts by an organization’s work force members taking the course; and to provide an organization evidence of such understanding - evidence that can later be used if enforcement is required. viz the Pelican Bay case.
We suggest that, as illustrated by the Pelican Bay case, it is important to provide this Insider Threat Awareness training during the entire employment cycle including: pre-hire, recurring at scheduled intervals, incident reporting and investigation and upon termination/exit.
With this proven and archived understanding, members of a workforce are empowered:
To avoid engaging in unintended misappropriation of the organization’s or a third-party’s trade secrets or inadvertent participation in an “Association” determined to be engaged in misappropriation of trade secrets.
To act as an advocate for an organization, confronting others who may be inadvertently or advertently considering or actually engaged in acts constituting misappropriation of trade secrets
To assist in identifying and reporting possible plots or schemes they observe undertaken by co-workers or third-parties to misappropriate an organization’s trade secrets;
The BAR Group is comprised a uniquely qualified group of retired law enforcement and business professionals that have developed and currently teach a cutting edge course (Unlocking the Truth) providing attendees skills in identifying deception during a non-confrontational interview, based on observed human behaviors.
Upon becoming aware of the far reaching and devastating consequences resulting from misappropriation of Trade Secrets, members of The BAR Group, LLC, (“The BAR Group”) realized that they possessed unique expertise that could be applied to assist in addressing the Trade Secret misappropriation threat facing industry.
Employing their understanding of Human Behavior and the functioning of the Human Mind, members of The BAR Group set about reviewing case after case, reported Trade Secret misappropriation cases, and reviewed the ever increasing suggested solutions, the predominance of which, they discovered, address Trade Secret misappropriation through adoption and implementation of various systems and devices. e.g. data encryption systems, internet monitoring systems, key and password protected access systems, user monitoring and reporting systems and strategic surveillance systems, to name a few.
Following such review, The BAR Group members realized that, although many of these advanced technological systems provided solutions addressing the MEANS by which Trade Secrets are misappropriated, they failed to target the actual source of trade secret misappropriation