Securing Trade Secrets and Intellectual Property Against Cyberattack

Speaker Firms and Organization:
Gordon Feinblatt LLC
George F. Ritchie
Member
Thank you for logging into today’s event. Please note we are in standby mode. All Microphones will be muted until the event
starts. We will be back with speaker instructions @ 02:55pm. Any Questions? Please email: info@theknowledegroup.org
Group Registration Policy
Please note ALL participants must be registered or they will not be able to access the event.
If you have more than one person from your company attending, you must fill out the group registration form.
We reserve the right to disconnect any unauthorized users from this event and to deny violators admission to future events.
To obtain a group registration please send a note to info@theknowledgegroup.org or call 646.202.9344.
Presented By:
October 26, 2016
1
Partner Firms:
Burr & Forman LLP
William "Chip" Collins Jr.
Partner
Center for Responsible Enterprise And
Trade (CREATe.org)
Pamela Passman
President and CEO
BDO USA, LLP
Bud Conner
Director - Forensic Technology Solutions

October 26, 2016
2
 Please note the FAQ.HELP TAB located to the right of the main presentation. On this page you will find answers to the top questions asked by
attendees during webcast such as how to fix audio issues, where to download the slides and what to do if you miss a secret word. To access this
tab, click the FAQ.HELP Tab to the right of the main presentation when you’re done click the tab of the main presentation to get back.
 For those viewing the webcast on a mobile device, please note:
o These instructions are for Apple and Android devices only. If you are using a Windows tablet, please follow the instructions for viewing
the webcast on a PC.
o The FAQ.HELP TAB will not be visible on mobile devices.
o You will receive the frequently asked questions & other pertinent info through the apps chat window function on your device.
o On Apple devices you must tap the screen anywhere to see the task bar which will show up as a blue bar across the top of the screen.
Click the chat icon then click the chat with all to access the FAQ’s.
o Feel free to submit questions by using the “questions” function built-in to the app on your device.
o You may use your device’s “pinch to zoom function” to enlarge the slide images on your screen.
o Headphones are highly recommended. In the event of audio difficulties, a dial-in number is available and will be provided via the app’s
chat function on your device.

October 26, 2016
3
 Follow us on Twitter, that’s @Know_Group to receive updates for this event as well as other news and pertinent info.
 If you experience any technical difficulties during today’s WebEx session, please contact our Technical Support @ 866-779-3239. We will post the
dial information in the chat window to the right shortly and it’s available in the FAQ.Help Tab on the right. Please redial into the webcast in case of
connectivity issue where we have to restart the Webex event.
 You may ask a question at anytime throughout the presentation today via the chat window on the lower right hand side of your screen. Questions
will be aggregated and addressed during the Q&A segment.
 Please note, this call is being recorded for playback purposes.
 If anyone was unable to log in to the online webcast and needs to download a copy of the PowerPoint presentation for today’s event, please send
an email to: info@theknowledgegroup.org. If you’re already logged in to the online Webcast, we will post a link to download the files shortly and it’s
available in the FAQ.Help Tab

October 26, 2016
4
 If you are listening on a laptop, you may need to use headphones as some laptops speakers are not sufficiently amplified enough to hear the
presentations. If you do not have headphones and cannot hear the webcast send an email to info@theknowledgegroup.org and we will send you
the dial in phone number.
 About an hour or so after the event, you'll be sent a survey via email asking you for your feedback on your experience with this event today - it's
designed to take less than two minutes to complete, and it helps us to understand how to wisely invest your time in future events. Your feedback is
greatly appreciated. If you are applying for continuing education credit, completions of the surveys are mandatory as per your state boards and
bars. 6 secret words (3 for each credit hour) will be given throughout the presentation. We will ask you to fill these words into the survey as proof
of your attendance. Please stay tuned for the secret word. If you miss a secret word please refer to the FAQ.Help tab to the right.
 Speakers, I will be giving out the secret words at randomly selected times. I may have to break into your presentation briefly to read the secret
word. Pardon the interruption.

Partner Firms:
October 26, 2016
5
Gordon Feinblatt is a full-service law firm with more than 60 attorneys
and over 20 paralegals. Our size assures proficiency in virtually every area
of the law without sacrificing personalized attention to our clients.
Each of the Firm’s Practice Group Chairs and many of our other attorneys
are among the State’s leading practitioners. Twenty-five of our attorneys are
listed in Woodward & White’s Best Lawyers in America® 2017and four of our
lawyers have been designated “Lawyer of the Year” in Baltimore by Best
Lawyers. Eighteen attorneys are named in Maryland Super Lawyers 2016.
We present our clients with innovative solutions applicable to their unique
problems and circumstances, providing a legal advantage to people doing
business in Maryland.
BDO is the brand name for BDO USA, LLP, a U.S. Professional services firm
providing assurance, tax, financial advisory and consulting services to a
wide range of publicly traded and privately held companies. For more than
100 years, BDO has provided quality service through the active involvement
of experienced and committed professionals. The firm serves clients through
60 offices and more than 400 independent alliance firm locations nationwide.
As an independent member firm of BDO international limited, BDO serves
multinational clients through a global network of over 1,400 offices in more
than 154 countries.
BDO USA, LLP, a Delaware limited liability partnership, is the U.S. Member
of BDO international limited, a UK company limited by guarantee, and forms
part of the international BDO network of independent member firms. BDO is
the brand name for the BDO network and for each of the BDO member
firms.

Partner Firms:
October 26, 2016
6
The Center for Responsible Enterprise And Trade (CREATe.org) helps
organizations and their third parties address governance, risk and
compliance requirements associated with the prevention of corruption and
the protection of intellectual property (IP) and trade secrets from cyber and
other risks. Our mission is to make leading practices in IP protection and
anti-corruption achievable for all companies. To achieve this mission, we
have developed CREATe Leading Practices, a service that measures the
maturity of business processes in place and guides prioritization and
improvements to help companies embed controls to mitigate risks. CREATe
Leading Practices is deployed in multiple languages by organizations
operating globally.
Burr & Forman’s experienced legal team serves clients with local, national,
and international legal needs. With particular industry strengths in the
financial institutions, health care and manufacturing sectors, our attorneys
draw from a diverse range of backgrounds and experience to serve as
trusted business advisors and legal counsel to help clients achieve their
goals. Burr & Forman is a Southeast regional firm with nearly 300 attorneys
and 10 offices in Alabama, Florida, Georgia, Mississippi, and Tennessee.

Brief Speaker Bios:
October 26, 2016
7
George F. Ritchie
George Ritchie is a trial lawyer and adviser with over 20 years of experience handling high stakes litigation matters and other strategic
challenges facing private and public companies. His practice focuses on intellectual property, environmental, employment and related
corporate matters. He also counsels clients on risk avoidance, crisis management, and company-sensitive issues across a broad
spectrum of industries. He represents domestic and international clients in cases in state and federal courts across the country, and in
various arbitral forums.
Bud Conner
Bud Conner is a Director in the Forensic Technology Services practice of BDO Consulting. Combining legal, technology, and
information governance expertise, Bud helps organizations find cost effective solutions for managing and protecting enterprise data
and information. From data creation through storage and retrieval, Bud advises corporations and law firms in policy and process
implementation, and in identifying and deploying the appropriate technologies and services to harmonize enterprise operations,
improve processes, and realize a true return on investment.

Brief Speaker Bios:
Pamela Passman
Pamela Passman is President and CEO of the Center for Responsible Enterprise and Trade (CREATe.org), an organization dedicated
to helping companies and their third parties effectively address governance, risk and compliance requirements through the
benchmarking and implementation of business processes across an enterprise. Prior to founding CREATe in October 2011, Passman
was the Corporate Vice President and Deputy General Counsel, Global Corporate and Regulatory Affairs, Microsoft
Corporation. Since 2002, Passman led Microsoft’s regulatory compliance work across 100 countries and addressing a range of issues,
including privacy, security, law enforcement, telecommunications and other issues related to cloud computing.
October 26, 2016
8
► For more information about the speakers, you can visit: https://theknowledgegroup.org/event-homepage/?event_id=1724
Chip Collins is a partner and business litigator in the Atlanta office of Burr & Forman LLP. His practice is largely focused on litigating
and arbitrating non-compete and trade secret disputes, counseling employers and executives on unfair competition issues, and
drafting employment and severance agreements. Chip is a frequent commentator on non-compete and trade secret issues, having
been featured in publications including the Atlanta Business Chronicle, Attorney at Law, andBusiness to Business, and he started his
firm’s unfair competition blog (noncompetetradesecretslaw.com), to which he is a regular contributor.

The rise in cyber threats is putting companies at risk of losing trade secrets and other intellectual property assets
that are integral to competitive edge, revenues and reputation. Many companies, however, are unsure about how
to shore up their IP and trade secret protection programs to thwart potential risks and losses.
In this two-hour LIVE Webcast, a panel of distinguished professionals and thought leaders organized by The
Knowledge Group will help the audience understand the important aspects of Securing Trade Secrets and
Intellectual Property Against Cyberattack. They will provide an in-depth discussion of the critical issues and best
practices with respect to this noteworthy topic. Speakers will also share helpful tips in developing and
implementing data security programs while ensuring compliance with applicable laws.
Some of the major topics that will be covered in this course are:
• IP and Trade Secrets Protection
• Key Challenges and Vulnerabilities
• Data Security Policies
• Risk Identification and Mitigation
• Best Regulatory Remedies
October 26, 2016
9

Featured Speakers:
October 26, 2016
10
SEGMENT 4:
Partner
Burr & Forman LLP
SEGMENT 2:
George F. Ritchie
Member
SEGMENT 3:
Pamela Passman
President and CEO
Center for Responsible Enterprise
And Trade (CREATe.org)
SEGMENT 1:
Bud Conner
Director - Forensic Technology
Solutions
BDO USA, LLP

Introduction
Bud Conner is a Director in the Forensic Technology Services practice of BDO Consulting. Combining legal, technology,
and information governance expertise, Bud helps organizations find cost effective solutions for managing and protecting
enterprise data and information. From data creation through storage and retrieval, Bud advises corporations and law firms
in policy and process implementation, and in identifying and deploying the appropriate technologies and services to
harmonize enterprise operations, improve processes, and realize a true return on investment.
Bud began his professional career as an intellectual property attorney, and is a registered patent attorney before the United
States Patent & Trademark Office. He is also an ARMA-certified Information Governance Professional. Protecting
intellectual property and sensitive information has been a constant objective of his work.
Bud is a graduate of the Case Western Reserve School of Law, and holds a BS in Biochemistry from Indiana University.
October 26, 2016
11
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

TRADE Secrets, IP (and Other Valuable Data)
in the CYBER AGE
The Big Picture for Protecting Digital Assets
October 26, 2016
12
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

A TRADE SECRET IS:
information, including a formula, pattern, compilation, program device, method, technique, or process, that:
(i) derives independent economic value, actual or potential, from not being generally known to, and not being
readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or
use, and
(ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
(Uniform Trade Secrets Act)
Examples of trade secrets can include:
• engineering information; methods, processes, and know-how;
• tolerances and formulas;
• business and financial information;
• computer programs (particularly source code) and related information;
• pending, unpublished patent applications;
• business plans, budgets, methods of calculating costs and pricing; customer and supplier information;
• other information relating to a company's business.
October 26, 2016
13
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

The Information Hierarchy:
All Trade Secrets constitute Confidential Information, but:
Not all Confidential Information rises to the Level of Trade Secret, and:
All Confidential Information is Proprietary Information, but not all Proprietary Information is Confidential.
For example, patented inventions and copyrighted materials are known to the public, but they are
proprietary to their owner.
Some companies view anything they do or create as proprietary.
October 26, 2016
14
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

WHERE ARE YOU GOING WITH THIS?
This is a Cyber seminar
• “Cyber” is defined as “of, relating to, or involving computers or computer networks.”
As a practical matter, most enterprise computer networks constitute a single data lake, wherein all
information (proprietary, confidential, trade secret, and garbage) co-exists.
The Information does not self-segregate in the data lake, so absent efforts to isolate trade secrets or other
valuable data, protecting that data requires protecting the whole lake.
For a lot of reasons, that’s really hard to do (more on this later).
October 26, 2016
15
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

GOING FISHING (OR PHISHING)
October 26, 2016
16
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

WHAT ELSE IS IN THE LAKE?
Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”)
• Names and addresses
• Social security numbers, drivers’ license numbers, and passport numbers/other government identifiers
• Bank account information and credit card numbers
• Usernames and passwords
• Compensation and other related employment information (including benefits, retirement and
termination plans and previous work history)
• Health Claims appeals information
• Diagnosis, disability code and member ID numbers of employees/dependents
• Health/medical information provided outside of company health plan
October 26, 2016
17
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

PROTECTING INFORMATION: THAT WHICH YOU
WANT TO AND THAT WHICH YOU HAVE TO
You want to keep your Trade Secrets out of the public’s hands. You have to keep PII and PHI out of the
public’s hands.
Examples of laws related to different types of PII
• HIPAA/HITECH - Health related information
• GLBA - Financial information
• Privacy Act - Fair Information Practices for PII held by Federal Agencies
• COPPA - Protects children’s privacy by allowing parents to control what information is collected
• FERPA - Student’s personal information
• FCRA - Collection and use of consumer information
October 26, 2016
18
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

AGAIN, WHERE ARE YOU GOING WITH THIS?
A variety of information types have value to hackers.
Most enterprise data lives in the same place, and the information types are generally intermingled with
each other.
Total protection against hacking or breach is impossible.
Therefore, protection strategy should be based on prioritizing data types based on value to the company,
value to hackers, legal/regulatory obligations, and cost of breach.
So, with respect to Trade Secrets—the primary reason we’re here—the protection strategy should be a
consideration under the greater data security/data breach philosophy. That is, if you are going to
undertake to protect trade secrets, it will be most effective if the enterprise undertakes a holistic protection
strategy at the same time.
October 26, 2016
19
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

A HOLISTIC ENTERPRISE DATA SECURITY STRATEGY
October 26, 2016
20
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

PROTECTING TRADE SECRETS IN THE CYBER AGE
A multi-functional endeavor
Identify valuable information
Identify risk
Policy considerations
Behavioral considerations
Technology considerations
October 26, 2016
21
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

Introduction
George Ritchie is a trial lawyer and adviser with over 20 years of experience handling high stakes litigation matters and
other strategic challenges facing private and public companies. His practice focuses on intellectual property, environmental,
employment and related corporate matters. He also counsels clients on risk avoidance, crisis management, and company-
sensitive issues across a broad spectrum of industries. He represents domestic and international clients in cases in state
and federal courts across the country, and in various arbitral forums.
In addition to his courtroom work, George also has substantial experience in representing companies and individuals
involved in government investigations, including matters involving securities and accounting fraud, alleged mislabeling of
food products under USDA regulations and consumer protection violations. George regularly provides pre-litigation analysis
and advice to clients, and has lectured extensively on the importance of pre-litigation planning and expert witness
development.
October 26, 2016
22
SEGMENT 2:
George F. Ritchie
Member

Defending Trade Secrets From Cyber Attack
October 26, 2016
23
SEGMENT 2:
George F. Ritchie
Member

Defining the Problem: What is a Trade Secret?
 USTA:
1) “Information . . . that . . . derives independent economic value, actual or potential

2) from not being generally known [to other persons who can obtain economic value from its
disclosure or use]

3) and not being readily ascertainable by proper means by other persons who can obtain economic
value from its disclosure or use, and

4) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”
Similar Concepts under the Restatement and Defend Trade Secrets Act (DTSA)
October 26, 2016
24
SEGMENT 2:
George F. Ritchie
Member

Defining the Problem: The Importance of
Reasonable Efforts to Maintain Secrecy
 This is the factor where most trade secrets cases are likely to fail
 Lapses in security, failure to treat information as secret, and inadvertent disclosure are enough to
destroy trade secret status
 Omega Optical, Inc. v. Chroma Technology Corp., 174 Vt. 10, 800 A.2d1064 (2002):
 No evidence of policy of confidentiality within company and company had taken no steps to
protect technology from disclosure
 Court ruled that company could not claim trade secret status of technology and entire portfolio
was lost to a competitor
October 26, 2016
25
SEGMENT 2:
George F. Ritchie
Member

Defining the Problem: Common
Scenarios in Loss of Trade Secrets
 Who is the company protecting the trade secrets from: outside competitors, inside employees (loyal
and not loyal), the general public
 Common Scenarios for trade secret “loss” -
◦ Loss of trade secrets through inadvertent disclosure: trade show, conference speech, sales call
◦ Loss of trade secrets through unprotected disclosure: “preliminary discussions,” simultaneous
disclosure, unprotected disclosure within NDA
◦ Loss of Trade Secrets through hostile actions: departing employees, corporate spies
October 26, 2016
26
SEGMENT 2:
George F. Ritchie
Member

Addressing the Problem:
Goals For Trade Secret Security Programs
 Focus of efforts must be what is “reasonable under the circumstances”
 Courts will ask: what is the standard of care in the industry? Has company suffered information losses
before? Were procedures tightened in response? How big is corporation? Does it have “big
corporation” security measures, or is “Mom and Pop” approach enough?
 Two Goals: 1) Prevent Information Loss through security measures; 2) ensure favorable result in
trade secret litigation
October 26, 2016
27
SEGMENT 2:
George F. Ritchie
Member

Addressing the Problem: Typical
Solutions for Non-Cyber Threats
 Dealing with the Insider:
◦ Employment Agreements w/Restrictive Covenants and Confidentiality Clauses
◦ Compartmentalization of trade secrets – access on a “need to know” basis
◦ Access tracking within the company
◦ Computer passwords, encryption
◦ Employee Handbook and periodic employee training
◦ The exit interview and “trade secret statement”
◦ Provision of equipment – limit to company-issued and demand return
October 26, 2016
28
SEGMENT 2:
George F. Ritchie
Member

Addressing the Problem: Dealing
with Outside Threats
 Preventing Access through Fraud
 Preventing Access through Trespass
 Preventing Access Through Inducement to Breach
 Proper use of NDAs
◦ 11th Cir. Decision in Warehouse Solutions v. Integrated Logistics, 2015 WL 2151757 (11th Cir. May
8, 2015)
 Counsel reviews of sales presentations, research articles, trade show materials
October 26, 2016
29
SEGMENT 2:
George F. Ritchie
Member

Reasonable Efforts: Cyber Security
 Take-away from cases interpreting “reasonable efforts” – cost benefit analysis, which varies in each
case based on the costs of protective measures relative to the attendant benefits of protection.
 How to apply to Cyber Attack scenarios?
◦ Look to FTC Complaints and Consent Decrees on protection of consumer data for guidance
◦ Password protocols and policies foundational to data security
◦ Use of encryption, segmentation of servers from unauthorized access, firewalls and monitoring of
access
October 26, 2016
30
SEGMENT 2:
George F. Ritchie
Member

 Additional FTC Guidance:
◦ Companies should monitor and regulate outgoing traffic on the network
◦ Have protocols in place for dealing with detected security breaches
◦ Websites should have separate employee and consumer login pages
◦ Deletion of old, unused information on server
◦ Put in place adequate risk assessment plans, including trade secret and security audits
◦ Installation of proper antivirus and anti-spying programs
October 26, 2016
31
SEGMENT 2:
George F. Ritchie
Member

 Adoption of NIST Framework
October 26, 2016
32
SEGMENT 2:
George F. Ritchie
Member

Introduction
Pamela Passman is President and CEO of the Center for Responsible Enterprise and Trade (CREATe.org), an organization
dedicated to helping companies and their third parties effectively address governance, risk and compliance requirements
through the benchmarking and implementation of business processes across an enterprise. Prior to founding CREATe in
October 2011, Passman was the Corporate Vice President and Deputy General Counsel, Global Corporate and Regulatory
Affairs, Microsoft Corporation. Since 2002, Passman led Microsoft’s regulatory compliance work across 100 countries and
addressing a range of issues, including privacy, security, law enforcement, telecommunications and other issues related to
cloud computing. She worked closely with business leaders and research and development teams to advance Microsoft’s
businesses in China and other emerging markets. She first joined Microsoft in 1996 and until 2002, led the Legal and
Corporate Affairs organization in Asia, based in Tokyo, with a focus on Japan, Korea and the People’s Republic of China.
Prior to joining Microsoft, Ms. Passman practiced law with Covington & Burling in Washington, D.C. and Nagashima & Ohno
in Tokyo, Japan. Passman was recognized as one of the ‘Most Influential People in Security 2014’ by Security Magazine.
October 26, 2016
33
SEGMENT 3:
Pamela Passman
President and CEO

What are Reasonable Efforts’ for Cybersecurity?
• Reasonable efforts / reasonable steps
̵ Remains a key test for whether information gets trade
secret protection
• Needed cybersecurity protections have been mentioned in
trade secrets cases:
October 26, 2016
34
SEGMENT 3:
Pamela Passman
President and CEO
̵ Password protection
̵ ‘Need to know’ access
̵ Segregated server
storage
̵ Firewalls
̵ Data encryption
̵ Website blocking
̵ Internet use monitoring
̵ Pop-up warnings
̵ Prohibitions on printing
̵ USB use restrictions

Industry Trend: Enterprise Risk Management (ERM)
• Cybersecurity: not just an IT issue
̵ Managing people and processes also vital
̵ NIST and industry best practices: evolving towards integrated risk management throughout the
enterprise
• Some trade secret cases touch on ERM issues:
̵ Corporate policies and procedures
̵ Internal and third party agreements
̵ HR practices
̵ Trade secret registry
̵ Physical security
̵ Employee training and awareness
̵ Management responsibilities
̵ Security monitoring
̵ Prompt corrective actions
October 26, 2016
35
SEGMENT 3:
Pamela Passman
President and CEO

Embedding Cybersecurity into Business Operations
Benefits:
• Builds awareness throughout the company
• Communicates clear expectations
• Preventative, proactive
• Builds on management systems used for other business operations
October 26, 2016
36
SEGMENT 3:
Pamela Passman
President and CEO

A Management-Systems Approach
October 26, 2016
37
SEGMENT 3:
Pamela Passman
President and CEO

Risk Assessment
Sample processes that should be in place:
 Trade secret registry
 Assess potential risks to trade secrets
 Assessment of likelihood and severity of potential risks
 Risk mitigation plan
October 26, 2016
38
SEGMENT 3:
Pamela Passman
President and CEO

Policies, Procedures and Records
 Company, staff and third-party policies
 Trade secrets specific procedures
 Marking and segregation procedures
 Standard confidentiality and usage provisions
 Standard NDA
 Inventory and other documentation
October 26, 2016
39
SEGMENT 3:
Pamela Passman
President and CEO

Security & Confidentiality Management
 Identity and access management
 Data security measures
 Perimeter and network defense
 Physical security
October 26, 2016
40
SEGMENT 3:
Pamela Passman
President and CEO

Management of Third Parties
October 26, 2016
41
SEGMENT 3:
Pamela Passman
President and CEO
 Due diligence
 Third-party communications
 Written nondisclosure and other agreement terms
 Regular reviews

Information Protection Team
October 26, 2016
42
SEGMENT 3:
Pamela Passman
President and CEO
 Risk analysis
 Responsible executive
 Cross-functional coordination
 Authority and budget
 Comprehensive oversight

Training and Capacity Building
October 26, 2016
43
SEGMENT 3:
Pamela Passman
President and CEO
 Initial staff training
 Ongoing training
 Supply chain training
 Specialized training

Monitoring & Measurement
October 26, 2016
44
SEGMENT 3:
Pamela Passman
President and CEO
 Regular reviews of internal protections
 Regular reviews of third-party protections
 Benchmarking

Corrective Actions & Improvements
October 26, 2016
45
SEGMENT 3:
Pamela Passman
President and CEO
 Rapid response
 Response plan
 Root-cause analysis
 Tracking
 Regular review and protection program update

Industry Trend: Approach to Managing Cyber Risk
• Voluntary framework,
five main functions
̵ Analysis of technical and management
capabilities
• Trade-secrets impact?
̵ “The Framework may become the de facto
standard … and may impact legal definitions
and enforcement guidelines for cybersecurity
moving forward.” PwC
October 26, 2016
46
SEGMENT 3:
Pamela Passman
President and CEO
NIST Cybersecurity Framework
Function Category
IDENTIFY (ID) Asset Management.
Business Environment.
Governance.
Risk Assessment.
Risk Management Strategy.
PROTECT (PR) Access Control.
Awareness and Training.
Data Security.
Information Protection Processes
and Procedures.
Maintenance.
Protective Technology.
DETECT (DE) Anomalies and Events.
Security Continuous Monitoring.
Detection Processes.
RESPOND (RS) Response Planning.
Communications.
Analysis.
Mitigation.
Improvements.
RECOVER (RC) Recovery Planning.
Improvements.
Communications.

Introduction
Chip Collins is a partner and business litigator in the Atlanta office of Burr & Forman LLP. His practice is largely focused on
litigating and arbitrating non-compete and trade secret disputes, counseling employers and executives on unfair competition
issues, and drafting employment and severance agreements. Chip is a frequent commentator on non-compete and trade
secret issues, having been featured in publications including the Atlanta Business Chronicle, Attorney at Law, andBusiness
to Business, and he started his firm’s unfair competition blog (noncompetetradesecretslaw.com), to which he is a regular
contributor. He has presented seminars on trade secret and non-compete law for ICLE in Georgia and The Knowledge
Group and has been a guest lecturer on trade secret issues at the Emory University School of Law for the last two
years. Chip has been involved in the creation of both the noncompete/trade secrets and cybersecurity service groups at his
firm.
October 26, 2016
47
SEGMENT 4:
Partner
Burr & Forman LLP

When the Genie Gets Out of the Bottle
Rights and Remedies for Trade Secret Owners in the Aftermath of a Cyber Attack
October 26, 2016
48
SEGMENT 4:
Partner
Burr & Forman LLP

Why me?
Reasons trade secrets may be subject to cyber attack:
• Competitor seeking competitive advantage
• Thrill seeker looking to expose vulnerabilities and gain notoriety/bragging rights in hacker community
• “Hacktivist” seeking to publicize information for political or public interest purposes
• Disgruntled employee, customer, or other “malicious insider” seeking to embarrass or damage a
business
October 26, 2016
49
SEGMENT 4:
Partner
Burr & Forman LLP

Is my Trade Secret still a “secret” if it gets posted on the Internet?
“Widespread, anonymous publication of the information over the Internet may destroy its status as a
trade secret. The concern is whether the information has retained its value to the creator in spite of
the publication.”
DVD Copy Control Assoc. Inc. v. Bunner, 116 Cal. App. 4th 241, 251 (Cal. Ct. App. 2004) (citing
Religious Tech. Center v. NetCom On-Line Comm, 923 F. Supp. 1231, 1256 (N.D. Cal. 1995),
Religious Tech. Center v. NetCom On-Line Comm., 907 F. Supp. 1361 (N.D. Cal. 1995), and Rest.3d
Unfair Competition, §39, com. f, p. 431).
October 26, 2016
50
SEGMENT 4:
Partner
Burr & Forman LLP

Is my Trade Secret still a “secret” if it gets posted on the Internet?
Publication of a trade secret on the Internet does not necessarily destroy trade secret status if the
publication is sufficiently:
• obscure;
• transient; or
• otherwise limited so that it does not become generally known to the relevant people, i.e., potential
competitors or other persons to whom the information would have some economic value.
DVD Copy Control Assoc. Inc. v. Bunner, 116 Cal. App. 4th 241, 251 (Cal. Ct. App. 2004) (internal
citations omitted). See also Syncsort Inc. v. Innovative Routines, Int.’l, Inc., No. 04-3623 (WHW), 2011
WL 3651331, at *13 (D.N.J. Aug. 18, 2011).
October 26, 2016
51
SEGMENT 4:
Partner
Burr & Forman LLP

The Need for Speed: Move Fast When Trade Secrets Have Been Exposed in a
Cyber Attack
After a cyber attack, trade secret owners must immediately:
• Identify and remediate the source of the breach
• Identify what trade secrets have been compromised
• Identify the misappropriator (if possible)
• Determine where trade secrets have been exposed, published ,or otherwise made available to the
public (if possible)
• Attempt to have exposed trade secrets removed/deleted from websites or other public sources as
quickly as possible
• Work to prevent further loss, dissemination, or publication of compromised trade secrets to protect
trade secret status
• Preserve evidence for use in a potential civil or criminal action
• Evaluate and pursue civil and criminal remedies
October 26, 2016
52
SEGMENT 4:
Partner
Burr & Forman LLP

Civil Remedies for Trade Secret Misappropriation
Defend Trade Secrets Act of 2016: 18 U.S.C. §1836
• Provides a private civil cause of action for misappropriation of trade secrets and confidential
information (BUT does not preempt existing state laws)
• Promotes uniformity in trade secret law, which previously was governed by state laws adopting
differing versions of the Uniform Trade Secrets Act
• Provides original federal subject matter jurisdiction for misappropriation claims
• Broad definition of trade secret and broader protections for employers (i.e., no confidentiality
agreement or restrictive covenant required to enforce protections)
• Provides ex parte seizure remedy which allows for the immediate seizure of misappropriated
trade secrets without requiring advance notice to the party holding the trade secrets where
TRO or other remedies are inadequate
• Allows injunctive relief, recovery of actual damages, recovery of reasonable royalty and/or
unjust enrichment, and exemplary damages of 2x the damages award and attorneys’ fees for
willful or malicious misappropriation
• Provides whistleblower immunity and anti-retaliation provisions
• Rejects “inevitable disclosure” doctrine
October 26, 2016
53
SEGMENT 4:
Partner
Burr & Forman LLP

Computer Fraud and Abuse Act: 18 U.S.C. §1030
• Anti-hacking statute that makes it a crime to access information on a computer without, or in excess
of, authorization
• Provides for a private civil right of action where an individual or company may bring a civil lawsuit if
actual damages in one year exceed $5,000
• Plaintiff can obtain injunctive relief and recover actual/compensatory damages attributable to
violation
• Civil case must be brought within 2 years of the date of the violation or the date of the discovery of
the damage
• BUT: CFAA’s applicability to trade secrets has been called into question – See United States v.
Nosal, 676 F.3d 854 (9th Cir. 2012) (finding that the “general purpose [of the CFAA] is to punish
hacking – the circumvention of technological access barriers – not misappropriation of trade secrets
. . .”).
See JOHN VILLASENOR, Corporate Cybersecurity Realism: Managing Trade Secrets in a World Where
Breaches Occur, AM. INTELL. PROP. L. ASS’N. Q. J., VOLUME 43, NUMBERS 2/3. (Aug. 1, 2005).
October 26, 2016
54
SEGMENT 4:
Partner
Burr & Forman LLP

State Laws - most states have adopted a version of the Uniform Trade Secrets Act, which allows:
• Injunctive relief for actual or threatened misappropriation
• Recovery of actual damages caused by misappropriation
• Unjust enrichment and/or reasonable royalty
• Exemplary damages of 2x any award of actual damages
• Attorneys’ fees for willful or malicious misappropriation OR for claims of misappropriation
made in bad faith
• Preempts “conflicting tort, restitutionary, and other laws providing civil remedies for
misappropriation of trade secrets”
To the extent not preempted by state statutes, trade secret owners may have common law claims for:
• unfair competition
• deceptive trade practices
• Conversion, trespass, invasion of privacy, replevin
• Violations of RICO statutes
• Breach of fiduciary duty and/or duty of loyalty/confidentiality
• Breach of contract (involving NDAs, restrictive covenants, etc.)
October 26, 2016
55
SEGMENT 4:
Partner
Burr & Forman LLP

Criminal Remedies for Trade Secret Misappropriation
Economic Espionage Act of 1996 18 U.S.C. §1831, et. seq..
• Criminalizes economic espionage and theft of trade secrets.
• Attorney General may bring civil action to enjoin violations
• Violations are punishable by fines and/or imprisonment of up to 10 years for theft of trade
secrets
• No preemption of other civil or criminal remedies
• Expansive federal jurisdiction is beneficial in cases involving multi-jurisdictional internet
prosecutions
• No private civil cause of action
• BUT: EEA does not apply to those who do not intend to benefit financially from the disclosure,
so may not apply to hacker whose only intent is to destroy secrecy
2 GABRIEL M. RAMSEY, ET AL., INTERNET LAW AND PRACTICE § 18.37 (2016); 2 JOHN J. FALVEY, JR. &
AMY M. MCCALLEN, INTERNET LAW AND PRACTICE § 26.13 (2016).
October 26, 2016
56
SEGMENT 4:
Partner
Burr & Forman LLP

Criminal Remedies for Trade Secret Misappropriation
Computer Fraud and Abuse Act: 18 U.S.C. §1030
• Anti-hacking statute that makes it a crime for anyone to access information on a computer without,
or in excess of, authorization
• Violations are punishable by imprisonment and/or civil forfeiture of personal property used or
intended to be used to commit the violation
• Civil cases comprise largest percentage of opinions construing the CFAA
• Section 1030(g) authorizes private right of action for compensatory damages and
injunctive/equitable relief by any person who suffers a loss resulting from a statutory violation, if
the loss during any one-year period is at least $5,000
• No preemption of other laws governing computer crimes
4 E-COMMERCE AND INTERNET LAW 44.08[1] (2015).
October 26, 2016
57
SEGMENT 4:
Partner
Burr & Forman LLP

Criminal Prosecution or Civil Lawsuit?
Advantages to criminal prosecution:
• Government search and seizure orders are broader in scope than civil TROs/injunctions, and search
warrants may be more easily obtained due to lower probable cause standard
• Prosecuting agency covers costs
• Deterrent effect of hefty fines and potential imprisonment
• Government agencies face less jurisdictional barriers
4 E-COMMERCE AND INTERNET LAW 43.06-07 (2015).
October 26, 2016
58
SEGMENT 4:
Partner
Burr & Forman LLP

Disadvantages to criminal prosecution:
• Trade secret owner loses control of case/outcome
• Prosecutors decide whether to pursue and with what crimes to charge
• Prosecuting agencies with limited resources may delay/decline prosecution, and inadequate security
systems may result in more risk of compromise/exposure of trade secrets
• Higher burden of proof (beyond a reasonable doubt) and more procedural advantages available to
defendants in criminal cases
• Restitutionary recovery may be less than recoverable civil damages
October 26, 2016
59
SEGMENT 4:
Partner
Burr & Forman LLP

Advantages to Civil Lawsuit:
• Trade secret owner controls case, can shape relief sought can better control publicity, and can more
directly impact outcome
• Lower burden of proof (preponderance standard) makes it easier for plaintiffs to prevail
• Potential for recovery of damages
• Actual/compensatory damages
• Treble damages
• Punitive damages
• Attorneys’ fees and costs of litigation
• Injunctive Relief, if available, can help to protect trade secret status and prevent further
loss/dissemination of trade secrets
October 26, 2016
60
SEGMENT 4:
Partner
Burr & Forman LLP

Disadvantages to Civil Lawsuit:
• Difficulty in identifying anonymous or pseudonymous defendants
• Obtaining injunction can be too slow to protect trade secret status
• Judgment collection – Religious Tech. Ctr. v. Netcom On-Line Comm’n Servs., Inc., 923 F. Supp.
1231, 1256 (N.D. Cal. 1995) (“The anonymous (or judgment proof) defendant can permanently
destroy trade valuable trade secrets, leaving no one to hold liable for the misappropriation.”).
• First Amendment concerns – Ford Motor Co. v Lane, 67 F. Supp. 2d 745 (E.D. Mi. 1999) (declining
to enjoin Defendant’s threatened “publication of Ford’s trade secrets and other internal documents”
upon finding that “[i]n the absence of a confidentiality agreement or fiduciary duty between the
parties, Ford’s commercial interest in its trade secrets and Lane’s alleged improper conduct in
obtaining the trade secrets are not grounds for issuing a prior restraint”)
October 26, 2016
61
SEGMENT 4:
Partner
Burr & Forman LLP

Who do I sue?
• “John Doe” lawsuits may be filed against anonymous or pseudonymous hackers. The Republic of
Kazakhstan v. Does 1-100, No. 15 Civ. 1900(ER), 2015 WL 6473016 (S.D.N.Y. Oct. 27, 2015)
(action for injunctive relief and damages under CFAA against anonymous hackers that posted
confidential government documents on internet).
• Once suit is filed, seek expedited discovery and serve subpoenas on internet service providers or
website owners to compel production of identifying information for the persons that posted the trade
secrets online.
• Consider whether ISPs or other third parties may be liable for negligence if trade secrets not
removed from site upon request
See 2 E-COMMERCE AND INTERNET LAW §§10.12 and 10.18 (2015); RICHARD G. SANDERS & ROBB S.
HARVEY, Unmasking Anonymous and Pseudonymous Online Posters, 21 NO. 2 PRAC. LITIGATOR 35
(2010).
October 26, 2016
62
SEGMENT 4:
Partner
Burr & Forman LLP

October 26, 2016
63
Contact Info:
Partner
Burr & Forman LLP
E: wcollins@burr.com
T: 404.685.4266
Pamela Passman
President and CEO
Center for Responsible
Enterprise And Trade
(CREATe.org)
E: ppassman@CREATe.org
T: 202.842.4701
George F. Ritchie
Member
E: gritchie@gfrlaw.com
T: 410.576.4131
Bud Conner
Solutions
BDO USA, LLP
E: BConner@bdo.com
T: 216.325.1732

► You may ask a question at anytime throughout the presentation today. Simply click on the question mark icon located on the floating tool bar on the bottom right side of your screen. Type
your question in the box that appears and click send.
► Questions will be answered in the order they are received.
Q&A:
October 26, 2016
64
SEGMENT 4:
Partner
Burr & Forman LLP
SEGMENT 2:
George F. Ritchie
Member
SEGMENT 3:
Pamela Passman
President and CEO
SEGMENT 1:
Bud Conner
Solutions
BDO USA, LLP

October 26, 2016
65
ABOUT THE KNOWLEDGE GROUP
The Knowledge Group is an organization that produces live webcasts which examine regulatory
changes and their impacts across a variety of industries. “We bring together the world's leading
authorities and industry participants through informative two-hour webcasts to study the impact of
changing regulations.”
If you would like to be informed of other upcoming events, please click here.
Disclaimer:
The Knowledge Group is producing this event for information purposes only. We do not intend to
provide or offer business advice.
The contents of this event are based upon the opinions of our speakers. The Knowledge Group does
not warrant their accuracy and completeness. The statements made by them are based on their
independent opinions and does not necessarily reflect that of The Knowledge Group‘s views.
In no event shall The Knowledge Group be liable to any person or business entity for any special,
direct, indirect, punitive, incidental or consequential damages as a result of any information gathered
from this webcast.
Certain images and/or photos on this page are the copyrighted property of 123RF Limited, their
Contributors or Licensed Partners and are being used with permission under license. These images
and/or photos may not be copied or downloaded without permission from 123RF Limited

Securing Trade Secrets and Intellectual Property Against Cyberattack

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Securing Trade Secrets and Intellectual Property Against Cyberattack

Ähnlich wie Securing Trade Secrets and Intellectual Property Against Cyberattack (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Securing Trade Secrets and Intellectual Property Against Cyberattack