Business Records Handling | Internet Law, Business & Data Security Law

Business records are created every minute in business and in a variety of entities. Every call handled by receptionists, customer service, account managers, and even by management and executives creates a business record. Every transaction, document dispatch, email, scanning of information for sharing, all creates business records. Every function and every task, digitized, becomes a business record, including internal memos, spreadsheets, and so on. Business records are, in other words, incessantly being created. They become the backbone of the enterprise and its operation, to deliver the best service or product possible. Their value is appreciable. Business records are a trade secret. Trade secrets are a valuable commodity for any business of any size.

A trade secret may be a customer list, a new plan for streamlining inventory, or noted logistical adjustment in the organization of delivery processes from manufacturers. Storing such information is fast becoming a colossal fact in cloud data management. The database records that are produced by daily activity of business records are sought after, stealthily by hackers. Any entity you can imagine is a target.

Trespassing into an entity’s database falls under the scope of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, and the Economic Espionage Act (“EEA”), 18 U.S.C. § 1831 et seq.[1] Any unauthorized access to copy, duplicate, or download business records is an enforceable offense. It is important to note how an entity handles its business records. The unique handling of the business records and how they are protected provides a clear depiction of how instrumental the business records are to the entity.

In 2012, the Ninth Circuit Court of Appeals, in United States v. Nosal, dealt with the issues of how business records become a recognized trade secret. Nosal was convicted on two counts of trade secret theft under the EEA. The Court found that Nosal had accessed an entity’s business records without authorization. He was charged with unauthorized downloading, copying and duplicating of trade secrets and unauthorized receipt and possession of stolen trade secrets which violated §§ 1832(a)(2) & (a)(4) of the EEA. Aside from determining if there was intent to convert, as required under the EEA, along with having the knowledge that such conversion would harm the entity, owner of the business record/trade secret, the Court weighed into the handling of the business records, i.e., trade secrets. The Court discussed how an entity, by its very handling of its records, its produced records and reports, etc., gave the data trade secret consideration; hence, gave the records value.

The value of the information, as noted by the Court, arose from the handling of the information and it integral import into the function of the entity’s operation. The Court opined about business records becoming a trade secret, that “the nature of the trade secret and its value stemmed from the unique integration, compilation, cultivation, and sorting of, and the aggressive protections applied. . .”[2] Its analysis borrowed from an Eight Circuit case, Conseco [3] and a Tenth Circuit case, Hertz [4] where customer lists were taken by employees. The customer lists in question were unique by their form, manner of cataloging, and analysis that was involved in the list’s composition. The Eight Circuit stated that they were trade secrets as they are ““specialized” computer program that was “unique” to Conseco.”” Similar to the Hertz case, the process involved to gather and organize the data made it a trade secret.

An entity’s process of handling business records is highly important in order to provide its business records and information trade secret status under the law. The value of a business record is based on how an entity handles the composition, characteristic, cataloging, purpose, use, and its intended unique use and secure storage. Custodial handling is crucial amid internal policies among employees and how depicted in personnel manuals for company enforcement.

[1] Computer Fraud and Abuse Act of 1986, Pub. L. No. 99-474. , § 2(g)(4), 100 Stat. 1213-15. CFAA was later expanded to protect any computer “used in interstate or foreign commerce or communication.” Economic Espionage Act of 1996, Pub. L. 104-294, § 201(4)(B), 110 Stat. 3488, 3493 (codified as amended at 18 U.S.C. § 1030(e)(2)(B)).

[2] Order, Ninth Circuit, #14-10037, at p. 34.

[3] Conseco Finance Servicing Corp. v. North American Mortgage Co., 381 F.3d 811 (8th Cir. 2004).

[4] Hertz v. Luzenac Grp., 576 F.3d 1103, 1114 (10th Cir. 2009) (holding that a customer list may be a trade secret where “it is the end result of a long process of culling the relevant information from lengthy and diverse sources, even if the original sources are publicly available”).

Cancel reply

Small Business Website January 13, 2019
Small business websites are crucial if a small business is expecting to have a chance of drawing customers. The website becomes the image for the small business that is starting out. A small business website can also hurt the chances for the business to grow. The small business website has varied uses and it also… […]
Lorenzo Law Firm
Startup Copyrights Use January 10, 2019
Startup copyrights issues come up frequently in counseling legal sessions. For many, they perceive that there is a open filed of content hat any startup can avail itself of that would help push their business forward. Not so, is the truth. Savvy business starters know that their intellectual property gives its business import and is… […]
Lorenzo Law Firm
Data Security of ESI November 21, 2018
Data security and the insecurity of electronically stored information (ESI) is ephemeral. Data security is not as predictable as one would prefer to think. Any anticipation of a data security incident or of its origin is absolutely unpredictable. With every incident, the attention is always on possible external sources. All too often, little effort is… […]
Lorenzo Law Firm
Doxing Personal Information November 10, 2018
Doxing personal information is a growing concern to all, to say the least. Personal information online is common, however, with the Internet being so prevalent. Many records are found online, such as, voting, property ownership, even bankruptcies, and new business filings. But what is doxing? Doxing ‘may’ occur when someone publishes online someone else’s personal… […]
Lorenzo Law Firm
Startup Business Cloud Use Issues November 8, 2018
Startup business cloud service is becoming a key aspect in the data management requirements of many entities. Startup business cloud service could save considerable amount of money for a startup. Cloud service of data process becomes, for many, their central component for their data. The decision to use a cloud service, however, should consider the… […]
Lorenzo Law Firm
Internet Freedom November 6, 2018
Internet freedom is surely under stated, considering the extent of communications and the amount of data shared and transmitted. Among the billions of daily data bits transmitted among users, unfortunately there are abuses. Internet freedom is taken for granted by millions of users that resort to the Internet for less than beneficial reasons. Online fraud,… […]
Lorenzo Law Firm
Startup Cyber Insurance October 23, 2018
Startup cyber insurance is not a common consideration as an entrepreneur sets out in to the marketplace. After all, data breaches are always thought of as someone else’s problem. But many business people soon realize that the concerns and possible fears are realistic. The need for cyber insurance is unfortunately getting credible publicity. The notion… […]
Lorenzo Law Firm
Doxing Information October 17, 2018
Doxing information is not a household term. It is slowly becoming part of the daily conversation especially by people who have had their personal information publicized online. Internet information that is available to read on the Internet about anyone is surprising. The Internet hosts way too much information. All users are contributing to its data. … […]
Lorenzo Law Firm
Cease Demand Letter Myths October 10, 2018
Cease demand letters are an expected step before any legal action is taken. Most jurisdictions require a claimant to demonstrate mitigation efforts. Courts respect a claimant’s attempt to resolve the issue of concern. They also appreciate seeing an effort to minimize damages. But what can be surmised by cease demand letters is not what is… […]
Lorenzo Law Firm
Software Distinctions and Ideas October 8, 2018
Software distinctions from existing software presents a hiccup to many developers with novel ideas. Software considerations to push for a patent will encounter nuances that need to be addressed. The approval process has been presenting hurdles for software patent filings. The hurdles are more about what contribution is being offered by the idea rather than… […]
Lorenzo Law Firm