Trade Secrets database computer abuse data breach big data cloud data

Database as a Trade Secret

Trade secrets in database records fall victim to many who seek the potential value of stored records from a variety of entities, either from government agencies and competitor businesses, to also include medical and financial enterprises, and even from their own employer or client. Intruding into another’s database is becoming too common in our economy and database intrusion was a pivotal issue in a landmark Ninth Circuit case, United States v. Nosal. While the case largely engaged discussion on the scope of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, the case also addressed the issues of trade secrets under the Economic Espionage Act (“EEA”), 18 U.S.C. § 1831 et seq.[1] As the Ninth Circuit notes in its Order, Nosal was convicted on two counts of trade secret theft under the EEA. Nosal was charged with unauthorized downloading, copying and duplicating of trade secrets and unauthorized receipt and possession of stolen trade secrets which violated §§ 1832(a)(2) & (a)(4) of the EEA.

The key to the analysis of the handling of the trade secret intrusion issue of the case was the sufficiency of the evidence to support a finding. The Court weighed into the Economic Espionage Act and determined that the EEA requires that there be intent to convert a trade secret and intending or knowing that the offense will injure [an] owner of that trade secret. In so doing it saw that the requirement of Nosal knowing that the receipt or possession of a trade secret with knowledge that it was “stolen or appropriated, obtained, or converted without authorization, was instrumental in laying the foundation for establishing the condition for a violation. Though Nosal challenged the sufficiency by raising that the information culled was sourced from public records and that it could not be deemed as a misappropriation of a trade secret, or for that matter, a trade secret.

The Court made a clear distinction by analogizing the subject before it to other trade secret cases involving technical drawings, scientific formulas, specimens and data results in research, or aeronautical assessments in engineering designs. The Court reasoned that the EEA’s scope is not limited to select segments of the industry, but that the EEA encompasses financial and business information.[2] While it cited the definition of trade secrets under the Act, it emphasized technical as well as financial and business information that is intended by the owner to be kept secret because of the economic value import of the secret itself. Furthermore, the Court reasoned that its value was engendered by it not being generally known to the public.[3] The Court opined that what Nosal sought and acquired was “classic examples of a trade secret that derives from an amalgam of public and proprietary source data” and that the “data came from public sources and other data came from internal, confidential sources.”[4] The Court gave import to the effort and system of research and algorithm employed to compose the record database that made it unique and not commonly searched information.

As the Ninth Circuit so clearly articulated about the characteristic of the data record sought by Nosal, “Instead, the nature of the trade secret and its value stemmed from the unique integration, compilation, cultivation, and sorting of, and the aggressive protections applied to, the Searcher database.”[5] Its analysis borrowed from an Eight Circuit case, Conseco[6] and a Tenth Circuit case, Hertz[7] where customer lists were taken by employees. The customer lists in question were unique by their form, manner of cataloging, and analysis that was involved in the list’s composition. The Eight Circuit stated that they were trade secrets as they are ““specialized” computer program that was “unique” to Conseco.”” Similar to the Hertz case, the process involved to gather and organize the data made it a trade secret.

In essence, the purported value of a data record to be become and be considered a trade secret originates in the manner in which the owner pursued its composition, characteristic, cataloging, purpose, use, and its intended unique use and storage from others to use and see. Its custodial handling is as well important to analyze, especially how it is dealt with in personnel policies and employment manuals for employees to follow and management to enforce.

[1] Computer Fraud and Abuse Act of 1986, Pub. L. No. 99-474. , § 2(g)(4), 100 Stat. 1213-15. CFAA was later expanded to protect any computer “used in interstate or foreign commerce or communication.” Economic Espionage Act of 1996, Pub. L. 104-294, § 201(4)(B), 110 Stat. 3488, 3493 (codified as amended at 18 U.S.C. § 1030(e)(2)(B)).

[2] Order, Ninth Circuit, #14-10037, at p. 32.

[3] Footnote 15 of the Order stated as follows: Congress recently amended § 1839, replacing “the public” with “another person who can obtain economic value from the disclosure or use of the information.” Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, § 2(b)(1)(A), 130 Stat. 376, 380.

[4] Order, at p. 34.

[5] Order, at p. 34.

[6]Conseco Finance Servicing Corp. v. North American Mortgage Co., 381 F.3d 811 (8th Cir. 2004).

[7] Hertz v. Luzenac Grp., 576 F.3d 1103, 1114 (10th Cir. 2009) (holding that a customer list may be a trade secret where “it is the end result of a long process of culling the relevant information from lengthy and diverse sources, even if the original sources are publicly available”).