With the shift to remote work likely here to stay for many, companies and their employees are regularly relying on remote conferencing tools such as Zoom, Microsoft Teams, WebEx and other platforms to conduct business. Companies should be aware of a recent decision from the Chancery Court in Delaware that denied a preliminary injunction to a trade secret owner because it found the company had failed to take “reasonable precautions” to protect the confidentiality of its trade secrets during a Zoom conference.
In Smash Franchise Partners, LLC v. Kanda Holdings, Inc. (2020), the plaintiffs (Smash) operate a mobile trash compaction business and sell franchises to other entrepreneurs who wish to run a SMASH-branded franchise in a protected territory. The primary purpose of the business involves use of a truck-mounted mobile trash compactor that smashes trash into the customer's dumpster, which saves the customer fees they would otherwise pay to the dumpster provider.
One potential franchisee by the name of Todd Perri showed interest in the Smash business model, but soon decided he'd go one step better and start his own competing business. Without telling Smash of his intent, Perri continued in his discussions with the company while gathering valuable information for his start-up. The independent contractor retained to market the Smash franchise required Perri to sign a non-disclosure agreement (NDA), which he did, prior to attending Zoom presentations by Smash franchisees and Smash itself. Those open Zoom calls addressed the cost of doing business, business strategies and potential customers.
All the while, Perri and his partner had been preparing to open up their competing business, Perri Dumpster Devil. Once they launched, Smash immediately filed a trade secret lawsuit and motion for preliminary injunction intended to shut the Dumpster Devils down. Unfortunately for Smash, the trial court denied Smash's motion for two reasons. In order to prevail on its motion for preliminary injunction, Smash was required to show a reasonable likelihood of success on its trade secrets claims.
First, the NDA only protected proprietary information disclosed by the “Company”, defined as the various Smash affiliated entities. It did nothing to protect such information disclosed by Smash franchisees.
Second, the Court found that the Zoom presentations were too lax in security measures to meet the standard for protecting the trade secrets involved. Although Smash could have used Zoom's security features, they failed to do so and instead:
“Smash freely gave out the Zoom information for the Franchisee Forum Calls and the Founder Calls to anyone who had expressed interest in a franchise and completed the introductory call. Smash used the same Zoom meeting code for all of its meetings. Smash did not require that participants to [sic] enter a password and did not use the waiting room feature to screen participants. Anyone who had expressed interest and received the code could join the calls, and participants could readily share the code with others.”
Moreover, the Court found that Smash failed to follow their own procedures by taking a roll call and removing anyone who should not be there. Because Smash failed to take reasonable steps to protect its trade secrets, the court held that it had not established a reasonable likelihood of success on the merits of its claims in order to be entitled to a preliminary injunction.
This case is a reminder to all business owners of the importance of protecting the proprietary and confidential information of a business from use by or disclosure to third parties without an NDA in place. Making sure you understand what your company's intellectual property assets are and drafting and enforcing company-wide trade secret protocols designed to protect that information is crucial.
As more work is done remotely in the post-COVID world, companies may need to revise their policies to better limit access to trade secrets, increase the use of password protection and other security measures and update employment agreements to include confidentiality provisions that specifically address the remote work environment and require use of NDA's with third parties. In addition, work-from-home policies should require the secure use, storage and destruction of confidential materials and ensure that home internet connections and wireless networks are secure.
As we have seen in the Smash case, policies for the use of remote conferencing technology such as Zoom should be updated to 1) limit attendance at sessions where discussions of trade secrets are likely to a “need to know” basis; 2) require either signed employment agreements or NDAs for those in attendance; and 3) require password-protection, use of the waiting room feature, and encryption of shared confidential information and 4) require a roll call and use of the locking feature at the beginning of the meeting.