Regulatory: Protecting client data security in trade secrets litigation

Discovery can be an especially fraught process in trade secrets cases

In a trade secrets suit, one of the plaintiff’s principal objectives is at least ostensibly to preserve the confidentiality of its trade secrets. The defendant, in turn, may attempt to defeat the plaintiff’s claim by showing that the plaintiff failed to take reasonable measures to safeguard confidentiality before commencing suit. In short, protecting data security is both an essential prerequisite and a principal objective of trade secrets litigation.

 In this context, outside counsel should be on alert that heightened vigilance is necessary to protect the information received from the client and from the opposing party in discovery. This issue is of course not unique to trade secrets litigation. For example, as highlighted by Comment 3 to Rule 5.3 of the Model Rules of Professional Conduct, any attorney using a third-party service to transmit client information has an affirmative professional obligation to evaluate the security of such transmissions. However, in trade secrets litigation, such issues should be an immediate and continuous concern. Both sides in a trade secrets litigation have an obvious economic interest in the security of the documents and information disclosed to outside counsel, and counsel must proceed with due care, so that their own actions do not undermine the parties’ substantial stake in the outcome of the dispute.  

But how can outside counsel determine what level of security is appropriate, and what is the role of in-house counsel in this inquiry? The starting point is a clear understanding of the client’s own level of data security. Before trade secret files or documents are transmitted from the client to outside counsel, in-house counsel and retained counsel should dialogue to ensure that outside counsel’s level of data security is at least equal to the client’s own protocols. Retained counsel should then memorialize in some sort of written communication to the trial team and the firm IT department the security level for each category of client data. This communication both reduces the risk of error by team members and ensures a record of appropriate precautions in the event of a later security breach.

Part of documenting these safeguards is the agreed protective order for pretrial discovery, a procedure familiar to most commercial litigators. Unfortunately, the protective order is so familiar that many attorneys use a standard form order without considering the specific needs of the client. For trial counsel, negotiating with opposing counsel the contents of the protective order may be the only opportunity to address how the adversary’s attorneys will protect the secrecy of the client’s information. Although protective orders do typically address what documents will be withheld from the opposing party’s business executives as “attorneys’ eyes only,” much less common are provisions expressly addressing how counsel will protect such sensitive documents from inadvertent disclosure or an external malicious data breach.

Some counsel may be reluctant to initiate this dialogue because they may fear that opposing counsel will seize upon this dialogue as an opportunity to impose excessive and unnecessary burdens. However, counsel should be equally wary of the adversary who turns over what are alleged to be highly sensitive business documents without any instructions at all regarding the methods to be used for their physical security. The attorney who accepts such documents while on notice of their claimed value but without any mutual agreement or understanding as to how such documents are to be protected is accepting an unnecessary and potentially significant exposure.

At the end of a trade secrets litigation, it is tempting to accept the final judgment or settlement of the case as sufficient to dispose of all legal obligations relating to the documents in counsel’s possession, but counsel will ignore at their peril and their clients’ prejudice their obligations under the protective order. Most standard form protective orders include some provision for either the return or destruction of confidential client documents at the end of the litigation. A party who fails to enforce this provision at the end of the case could later be found to have abandoned its documents and waived legal protection for their confidentiality. Although strict enforcement of the protective order may not be required, at a minimum there should be some written communication with opposing counsel memorializing that the parties have addressed this issue.

Finally, counsel should consider at the conclusion of the litigation the documents and information received from their own client. For highly sensitive client information, counsel should assess whether it is necessary to retain this information in counsel’s files, or whether instead counsel should return these files to the client.

The starting point for trade secrets litigation is the commercial reality that large sums may depend upon protecting client secrets. Counsel would do well to remember that lesson when managing client documents and communications throughout the course of the case.

Join the Conversation

Advertisement. Closing in 15 seconds.