Category Archives: Cybersecurity

From Relecura: Semiconductor Sensors. Building the Wave in IoT Development

As the Internet of Things (IoT) develops, there is an increasing need to “sense” changes in the atmospherics which surround semiconductors. In other words, the working chips must get smarter and smarter and have feel! Some of that AI feel in chips is being supplied by sensing chips – the layered structure of wafers of semiconductor material which can “sense” changes in the environment it is measuring or into which it is placed. Gas sensors are particularly important and patent applications for these devices are on the upswing internationally, with Sony and Samsung leading the way. See Relecura article at http://tinyurl.com/ybrojuq2
Edaphic Scientific describes a gas sensor’s performance as follows:  “Semiconductor gas sensors rely on a gas coming into contact with a metal oxide surface and then undergoing either oxidation or reduction. The absorption or desorption of the gas on the metal oxide changes either the conductivity or resistivity from a known baseline value. This change in conductivity or resistivity can be measured with electronic circuitry. Usually the change in conductivity or resistivity is a linear and proportional relationship with gas concentration. Therefore, a simple calibration equation can be established between resistivity/conductivity change and gas concentration.” http://tinyurl.com/y6ufz7vx
The IoT relies on smarter and smarter technology as it governs many things around us. Products will have this smarter and smarter technology and converting “sensing” into electronic circuitry will likely have a positive impact on performance, but will present new challenges as products fail and cause damage to person or property. How deep a dive will be required in products liability litigation for example when a “sensor chip” fails to sense. Sensor chips have been around for a while, but they are becoming tremendously sophisticated and integral to the virtual world in which we operate.

Posted by Henry M. Sneath, Esquire Co-Chair Litigation Practice Group and Chair of the IP Practice Group: Houston Harbaugh, P.C., 401 Liberty Avenue, Pittsburgh, Pa. 15222. Please contact Mr. Sneath at 412-288-4013 or sneathhm@hh-law.com

 

 

 

 

 

Advertisements

DTSA (DEFEND TRADE SECRETS ACT) CLAIMS INCREASE DRAMATICALLY IN 2017 AND 2018

FROM DTSALaw®:  As we have previously predicted on these pages (and at www.dtsalaw.com ), the number of DTSA lawsuits has risen dramatically in 2017 and the first two quarters of 2018. Lex Machina and IPLaw 360 report that DTSA lawsuits increased from roughly 900 suits to over 1100 in 2018. In the first two quarters of 2018, the number of filings already is 581. The DTSA is still working its way into the legal community’s knowledge base and many practitioners may still be unaware of the most important benefit – of automatic Federal Court jurisdiction for trade secret cases under the 2016 DTSA that involve interstate commerce. The DTSA was signed into legislation as an amendment to the Economic Espionage Act (EEA) and with EEA is a powerful tool in the arsenal of litigation strategies in both the employment and non-employment arenas. Many DTSA claims are part of claims brought to enforce employment restrictive covenants, which restrictive covenant claims themselves are becoming disfavored by the states and their courts. As “non-compete” claims find less favor with the courts, lawyers should look carefully at the DTSA (and EEA) for civil claims that might apply. IPLaw 360 reports as well that only 19 cases filed to date have reached a conclusion on the merits of trade secret misappropriation. Results were essentially evenly split between plaintiffs and defendants. Houston Harbaugh, P.C. (www.hh-law.com) has an aggressive employment and trade secret practice and Pittsburgh is seeing a number of new cases filed in its Western District Pennsylvania Federal Court. DTSALaw® is a registered trademark of Houston Harbaugh, P.C.

Posted by Henry M. Sneath, Esq.                                             Shareholder and Director;                                                                                      Co-Chair of the Litigation Department;                                                    Chair of the IP Department;                                                                         Houston Harbaugh, P.C.  (www.hh-law.com)                                                    Pittsburgh, Pa.                                                                                                              Please contact Mr. Sneath at 412-288-4013 or sneathhm@hh-law.com

Business: Seeking Predictability in an Era of Uncertainty

Here is an article I wrote which was published by DRI in their IDQ (In-house Defense Quarterly) to promote the DRI Corporate Counsel Round Table meeting in Washington D.C. which was held in January. It highlights the uncertainty in business markets and the role of the courts in same. See the article at this link: http://tinyurl.com/y9mov84l 

Posted by Henry M. Sneath, Esq.                                                         Shareholder and Director;                                                                                    Co-Chair of the Litigation Department;                                                    Chair of the IP Department;                                                                         Houston Harbaugh, P.C.  (www.hh-law.com)                                                    Pittsburgh, Pa.                                                                                                              Please contact Mr. Sneath at 412-288-4013 or sneathhm@hh-law.com 

 

 

From Legal Tech/Law.Com news: A Bug Bounty for Discounts on Cyber Insurance

From our friends at Law.Com: In the growing market for cyber insurance, carriers are trying to compete on price.  One carrier, Coalition is offering discounts if your company creates a partnership with a “white hat hacker” and establishes a bug bounty with that hacker. The hacker gets a bounty for finding vulnerabilities. Legal Tech author Rhys Dipshan details the program in the article at this link: http://tinyurl.com/ydck3nxg

Dipshan reports that “bug bounties” are becoming a popular weapon in combating cyber attacks. “Unsurprisingly” Dipshan reports, “bounty programs are becoming increasingly common in the tech and corporate world, with companies such as FacebookMicrosoft and Uber offering compensation for vulnerability disclosures. They also have caught on in the federal government as well, with the Department of Defense launching its “Hack the Pentagon” and “Hack the Air Force” programs.” Do you need a cyber bounty hunter?

Posted by Henry M. Sneath, Esq.  HoustonHarbaugh, P.C. – Pittsburgh, Pa.  https://www.hh-law.com Chair of the Intellectual Property Practice Group and Co-Chair Litigation Practice Group. Contact at: sneathhm@hh-law.com or 412-288-4013

Merger Grows Pittsburgh Business and Litigation Law Firm Houston Harbaugh, P.C.: Expands Litigation Practice

 

Pittsburgh based law firm Houston Harbaugh, P.C. has announced its merger with the former and preeminent litigation boutique Picadio Sneath Miller & Norton, P.C. (PSMN®) effective January 1, 2018. The merger creates a 43 lawyer firm with particular strengths in Business Law and Business Litigation, Employment, Employee Benefits/ERISA, Environmental and Energy Law, Estates and Trusts, Health Care, Insurance Coverage and Bad Faith Defense, Immigration, Intellectual Property, Oil and Gas, Products Liability and Catastrophic Injury Defense, Public Finance and Real Estate. This blog will feature posts on the law and litigation of Patent, Trademark, Copyright, Trade Secrets, Defend Trade Secrets Act (DTSA), Cyber-Security, Technology matters and updates on the tremendous growth of the technology sector in Pittsburgh. Houston Harbaugh is proud to be among the regional law firms which are poised to provide high level, efficient, cost effective legal services for the new Eds, Meds, Energy and Technology economy in Pittsburgh, Ohio and West Virginia.

For more information on the merged firm please contact Marketing Director Anna Marks at 412-281-5060. See News Release regarding the merger here at: https://www.hh-law.com/houston-harbaugh-grows-litigation-practice/

Pennsylvania Superior Court Rules Employer Owes No Duty to Protect Employee Data

 Kelly WilliamsKelly A. Williams, a Senior Attorney at the Pittsburgh law firm of  Houston Harbaugh, P.C.     412-288-4005

In an apparent case of first impression, a divided three-judge panel of the Pennsylvania Superior Court recently held that an employer does not owe a legal duty to its employees to protect the employees’ electronically stored personal and financial information.  In Dittman v. UPMC, decided on January 12, 2017 (docket no. 971 WDA 2015), the Superior Court affirmed an opinion of the Court of Common Pleas of Allegheny County, PA (opinion by the Honorable R. Stanton Wettick, Jr.), sustaining defendant University of Pittsburgh Medical Center’s (“UPMC”) preliminary objections to an employee class action suit.  The suit arose from a data breach of the employees’ personal information, which was provided to UPMC as a condition of employment.

The employees sued UPMC for negligence and breach of contract after their names, birth dates, social security numbers, tax information, addresses, salaries and bank information were stolen due to the data breach. Specifically, they alleged that UPMC failed to properly encrypt data, establish adequate firewalls and implement adequate authentication protocols to protect the information in its computer network.  All of UPMC’s 62,000 employees and former employees were affected by the breach.  Appellants consisted of two separate but overlapping classes.  One class alleged that the stolen information had already been used to file fraudulent tax returns and steal the tax refunds of certain employees.  The other class consisted of those who had not suffered this harm but alleged that they were at increased and imminent risk of becoming victims of identity theft crimes, fraud and abuse.

security-breach-image-2To determine whether a duty of care exists, the Pennsylvania courts look to five factors, none of which are determinative alone. Seebold v. Prison Health Servs., Inc., 57 A.3d 1232, 1243 (Pa. 2012); Althaus ex. rel. Althaus v. Cohen, 756 A.2d 1166, 1169 (Pa. 2000).  The five factors are:

  1. the relationship between the parties;
  2. the social utility of the actor’s conduct;
  3. the nature of the risk imposed and foreseeability of the harm incurred;
  4. the consequences of imposing a duty upon the actor; and
  5. the overall public interest in the proposed solution.

In Dittman, the court found that the first factor weighed in favor of finding a duty because the employer-employee relationship gives rise to duties on the employer.  The court next weighed the second factor against the third:  the need of employers to collect and store personal information about their employees against the risk of storing information electronically and the foreseeability of data breaches.  The court concluded:

While a data breach (and its ensuing harm) is generally foreseeable, we do not believe that this possibility outweighs the social utility of electronically storing employee information. In the modern era, more and more information is stored electronically and the days of keeping documents in file cabinets are long gone. Without doubt, employees and consumers alike derive substantial benefits from efficiencies resulting from the transfer and storage of electronic data. Although breaches of electronically stored data are a potential risk, this generalized risk does not outweigh the social utility of maintaining electronically stored information. We note here that Appellants do not allege that UPMC encountered a specific threat of intrusion into its computer systems.

Analysis of the fourth factor looks to the consequences of imposing a duty.  In this situation, the court considered that data breaches are widespread and that there is no safe harbor for entities storing confidential information.  It was also the court’s opinion that no judicially created duty of care is needed to incentivize companies to protect confidential employee information because other statutes and safeguards are in place to prevent employers from disclosing confidential information.  Thus, the court concluded that “it unnecessary to require employers to incur potentially significant costs to increase security measures when there is no true way to prevent data breaches altogether. Employers strive to run their businesses efficiently and they have an incentive to protect employee information and prevent these types of occurrences.”

Finally, the fifth factor looks to whether there is a public interest in imposing a duty.  The Superior Court found persuasive the reasoning of the trial court that imposing a duty here would greatly expend judicial resources and would result in judicial activism.  The Superior Court agreed with the trial court that the Pennsylvania legislature has considered the same issues and chose only to impose a duty of notification of a data breach.  “It is not for the courts to alter the direction of the General Assembly because public policy is a matter for the legislature.”

Weighing all five factors, the court held that the factors weighed against imposing a duty.  Judge Stabile filed a concurring opinion, which Judge Olson, the writer for the majority opinion, joined.  Judge Stabile agreed with the ruling but emphasized that the law in this area is quickly changing and that the ruling was based on the facts pled in that particular case.  One of the key facts for Judge Stabile was the fact that the employees had not alleged that UPMC was on notice of any specific security threat.  In a dissenting opinion, Judge Musmanno concluded that  allegations that UPMC failed to properly encrypt data, establish adequate fire walls and implement appropriate authentication protocols was sufficient to allege that UPMC knew or should have known that there was a likelihood data would be stolen.  Judge Musmanno also disagreed with the majority’s assumption that employers are sufficiently incentivized to protect employee data without a duty imposed upon them to do so.

The employees filed a motion for reconsideration and reargument on January 26, 2017.  Thus, the Superior Court’s January 2017 opinion may not be the final word on the issue.

security-breach-imageDittman is interesting in the world of data breach lawsuits because it does not address standing.  Many data breach defendants have relied upon the theory that plaintiffs lack standing to bring claims for data breaches where plaintiffs cannot prove actual harm from the breach.  Proof of actual harm can be challenging because evidence regarding the use of the stolen information may be difficult to find.  Here, standing was not discussed by the Superior Court.  In the trial court below, UPMC had argued that the claims against it should be dismissed on the grounds that the employees lacked standing to assert claims on behalf of employees who had not yet been injured.  UPMC also asserted that the employees’ negligence and breach of implied contract claims failed as a matter of law.  After oral argument on these issues, the trial court ordered both parties to file supplemental briefs on the issue of whether UPMC owed a duty to its employees with respect to the handling of their personal and financial data.  This ultimately proved to be the issue that the trial court and the Superior Court found to be determinative.

The Dittman v. UPMC opinion may be found at:  http://scholar.google.com/scholar_case?case=17833965968674892500&q=dittman+v.+upmc&hl=en&as_sdt=6,39&as_vis=1.

DTSA Cases Being Filed: Defend Trade Secrets Act 2016

Posted by: DTSALAW.Com and DefendTradeSecretsAct.Lawyer Henry M. Sneath, Esq. – Chair of the Intellectual Property Practice Group at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. (PSMN® and PSMNLaw®). Mr. Sneath is also an Adjunct Professor of Law at the Duquesne University School of Law teaching Trade Secret Law, Trademark Law and the Law of Unfair Competition. He may be contacted at hsneath@psmn.com or 412-288-4013. See Websites www.psmn.com or www.DTSALaw.com.

The new DTSA federal civil remedy statute is already generating lawsuits being filed in Federal Courts. Two suits were recently filed in the Southern District of Florida with jurisdiction being claimed pursuant to the Defend Trade Secrets Act 2016 (DTSA). One case was also filed in the Northern District of Texas. See links to the cases below. In each Florida case, the plaintiff not only claimed trade secret misappropriation under the DTSA, but also under the Florida UTSA state statute (FUTSA). The Texas case brings claims under DTSA and the TUTSA along with pendent state law claims. This may become the trend as the DTSA and state statutes modeled after the Uniform Trade Secret Act describe trade secrets and misappropriation somewhat differently and provide, in some cases, different remedies. The differences in “definitions” between DTSA and the UTSA are not major, but they may make a difference if either is left out of a complaint filed in federal court.  We will monitor this trend and post in the future on new filings.

Interestingly, while both Florida cases seek injunctive relief in the complaint’s claims for relief, neither docket shows the filing of a separate Motion for TRO, Preliminary Injunction or motion for other injunctive relief. The Dean case brings only trade secret misappropriation claims under the DTSA and the FUTSA state statute. The Bonamar case brings claims under DTSA and FUTSA and a number of pendent State Law claims that you would expect to see in an employment related, non-disclosure, breach of covenants/contract case. In the Texas case, the plaintiff has filed an emergency motion for TRO under both state and federal law and a hearing is set for May 26, 2016. The motion and brief are linked below. Here are links to the cases on our website.

Florida Cases: Bonamar v. Turkin and Supreme Crab ; Dean V. City of Miami Beach et al

Texas Case: UPS v. Thornburg (Complaint) ; UPS v. Thornburg (Emergency Motion for TRO) ; UPS v. Thornburg (Brief in Support of Motion for TRO)

Sneath, Henry 2012 headshot

Henry M. Sneath, Esq. 412-288-4013 hsneath@psmn.com

Defend Trade Secrets Act (DTSA) Seminar in Pittsburgh Jun 22, 2016

Posted by Henry M. Sneath, Esq. – Chair of the Intellectual Property Practice Group at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. (PSMN® and PSMNLaw®). Mr. Sneath is also an Adjunct Professor of Law at the Duquesne University School of Law teaching Trade Secret Law, Trademark Law and the Law of Unfair Competition. He may be contacted at hsneath@psmn.com or 412-288-4013. Website www.psmn.com or www.psmn.law

See copy of my Tweet from earlier today: “I’m pleased to be a part of the Federal Bar Association seminar set for Pittsburgh on the new Defend Trade Secrets Act  https://twitter.com/hashtag/DTSA?src=hash   on June 22, 2016. Co-Hosted by the Pittsburgh Intellectual Property Law Association (PIPLA) and the Duquesne University School of Law, where I teach Trade Secret Law as an adjunct Professor of Law. Register at FBA link: http://tinyurl.com/gm8nudj and see my Tweet at
https://twitter.com/PicadioSneath/status/730450574148149248
This is biggest Federal expansion of  #IP  Law since the Lanham Act and when signed by the President (today it appears) – it will provide immediate jurisdiction for  #tradesecret  actions in Federal Court.”

Big IP NEWS: Defend Trade Secrets Act 2016 (DTSA) Passes Congress – President to sign

EnrolledTitle_114Posted by Henry M. Sneath, Esq. – Chair of the Intellectual Property Practice Group at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. (PSMN® and PSMNLaw®). Mr. Sneath is also an Adjunct Professor of Law at the Duquesne University School of Law teaching Trade Secret Law, Trademark Law and the Law of Unfair Competition. He may be contacted at hsneath@psmn.com or 412-288-4013. Website www.psmn.com or www.psmn.law

The US Congress has passed the landmark Defend Trade Secrets Act of 2016 (DTSA) and it is set for the President’s signature. It will soon be law. See Link to DTSA Legislation here: https://www.congress.gov/bill/114th-congress/senate-bill/1890/text    Trade Secret law has long been the province of the States, more or less exclusively, and except for criminal protections against trade secret theft and economic espionage, there has been no Federal civil law providing a federal damages remedy for such theft.  Amended will be Crimes and Criminal Procedures – Title 18, Chapter 90, Section 1836 and the key provision is as follows:

“(1) IN GENERAL.—An owner of a trade secret that is misappropriated may bring a civil action under this subsection if the trade secret is related to a product or service used in, or intended for use in, interstate or foreign commerce.”

Congress has now added a civil remedy provision to Federal protection of Trade Secrets wherein prior Federal law only provided criminal sanctions. This has been described as a major new development in Federal IP law and will provide federal jurisdiction for Trade Secret Misappropriation cases. The law will NOT preempt nor change State laws and therefore actions will be brought in both federal and state court jurisdictions. Most states (48) have adopted a form of the Uniform Trade Secrets Act (UTSA) and actions can still be brought under those state statutes, but those statutes vary to some degree. The DTSA is very similar to the UTSA based state court statutes, but there will be differences depending on the state jurisdiction from which cases are brought or removed. DTSA will apply to any acts of trade secret misappropriation that take place AFTER the act is signed into law (not retroactive). The Statute of Limitations will be 3 years according to the actual text linked above, but some commentators have stated that it is 5 years (we will need to check to get accurate information on the SOL and will follow up).

The DTSA contains an important and somewhat controversial “Civil Seizure” provision which renders it different from most state laws and which reads:

“(i) APPLICATION.—Based on an affidavit or verified complaint satisfying the requirements of this paragraph, the court may, upon ex parte application but only in extraordinary circumstances, issue an order providing for the seizure of property necessary to prevent the propagation or dissemination of the trade secret that is the subject of the action.”

This provision is controversial because it can be ordered by a court ex-parte. By amendment, the words “but only in extraordinary circumstances” were added to attempt to mollify some critics of this provision. However, there are some strict limitations to the ex-parte injunctions and a couple of them are below:

“(ii) REQUIREMENTS FOR ISSUING ORDER.—The court may not grant an application under clause (i) unless the court finds that it clearly appears from specific facts that—

“(I) an order issued pursuant to Rule 65 of the Federal Rules of Civil Procedure or another form of equitable relief would be inadequate to achieve the purpose of this paragraph because the party to which the order would be issued would evade, avoid, or otherwise not comply with such an order;

“(II) an immediate and irreparable injury will occur if such seizure is not ordered.”

Such ex-parte injunctions must be very specific and the court must go to great lengths not to overreach or to punish through publicity an accused wrongdoer during the period of seizure. There are other typical requirements for injunctions like posting of security and careful management of the seized materials, and the accused wrongdoer has a right of action back against the claimant if the seizure turns out to be wrongful or excessive.

In an action for misappropriation, a court may order injunctive relief and may

“(B) award—

“(i) (I) damages for actual loss caused by the misappropriation of the trade secret; and

“(II) damages for any unjust enrichment caused by the misappropriation of the trade secret that is not addressed in computing damages for actual loss; or

“(ii) in lieu of damages measured by any other methods, the damages caused by the misappropriation measured by imposition of liability for a reasonable royalty for the misappropriator’s unauthorized disclosure or use of the trade secret;

“(C) if the trade secret is willfully and maliciously misappropriated, award exemplary damages in an amount not more than 2 times the amount of the damages awarded under subparagraph (B); and

“(D) if a claim of the misappropriation is made in bad faith, which may be established by circumstantial evidence, a motion to terminate an injunction is made or opposed in bad faith, or the trade secret was willfully and maliciously misappropriated, award reasonable attorney’s fees to the prevailing party.”

It is unclear as to how this bill will be enforced against foreign Trade Secret theft, or if there will even be jurisdiction under this act for such claims. We will follow up on that issue in future posts. See the Senate and House reports below which contain a substantial amount of background legislative history and commentary. Contact us for additional information. We will continue to study this new law and report to our readers.

Here is a link to the US Senate report on the bill: https://www.congress.gov/congressional-report/114th-congress/senate-report/220/1

Here is a link to the US House report on the bill: https://www.congress.gov/congressional-report/114th-congress/house-report/529/1

Sneath, Henry 2012 headshot

Henry M. Sneath, Esquire – 412-288-4013 or hsneath@psmn.com

Follow me on Twitter @picadiosneath and on Google+: http://tinyurl.com/ktfwrah

 

 

Pittsburgh Court Rules on Data Breach Class Claims – Denying Cause of Action

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

537047_70437721A Pittsburgh, Pennsylvania Judge has ruled at the trial court level that there is no private cause of action for the alleged failure of a major hospital network to secure and protect PII and PHI. Denying Class claims, Judge Wettick has ruled that because the legislature has not created such a right, that only the Pennsylvania Attorney General has the right to bring a claim in this circumstance. See the Legal Intelligencer article here: http://tinyurl.com/nphostc  We will get more details on this case and pass them along with our analysis.

%d bloggers like this: