Category Archives: Cybersecurity

Big IP NEWS: Defend Trade Secrets Act 2016 (DTSA) Passes Congress – President to sign

EnrolledTitle_114Posted by Henry M. Sneath, Esq. – Chair of the Intellectual Property Practice Group at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. (PSMN® and PSMNLaw®). Mr. Sneath is also an Adjunct Professor of Law at the Duquesne University School of Law teaching Trade Secret Law, Trademark Law and the Law of Unfair Competition. He may be contacted at hsneath@psmn.com or 412-288-4013. Website www.psmn.com or www.psmn.law

The US Congress has passed the landmark Defend Trade Secrets Act of 2016 (DTSA) and it is set for the President’s signature. It will soon be law. See Link to DTSA Legislation here: https://www.congress.gov/bill/114th-congress/senate-bill/1890/text    Trade Secret law has long been the province of the States, more or less exclusively, and except for criminal protections against trade secret theft and economic espionage, there has been no Federal civil law providing a federal damages remedy for such theft.  Amended will be Crimes and Criminal Procedures – Title 18, Chapter 90, Section 1836 and the key provision is as follows:

“(1) IN GENERAL.—An owner of a trade secret that is misappropriated may bring a civil action under this subsection if the trade secret is related to a product or service used in, or intended for use in, interstate or foreign commerce.”

Congress has now added a civil remedy provision to Federal protection of Trade Secrets wherein prior Federal law only provided criminal sanctions. This has been described as a major new development in Federal IP law and will provide federal jurisdiction for Trade Secret Misappropriation cases. The law will NOT preempt nor change State laws and therefore actions will be brought in both federal and state court jurisdictions. Most states (48) have adopted a form of the Uniform Trade Secrets Act (UTSA) and actions can still be brought under those state statutes, but those statutes vary to some degree. The DTSA is very similar to the UTSA based state court statutes, but there will be differences depending on the state jurisdiction from which cases are brought or removed. DTSA will apply to any acts of trade secret misappropriation that take place AFTER the act is signed into law (not retroactive). The Statute of Limitations will be 3 years according to the actual text linked above, but some commentators have stated that it is 5 years (we will need to check to get accurate information on the SOL and will follow up).

The DTSA contains an important and somewhat controversial “Civil Seizure” provision which renders it different from most state laws and which reads:

“(i) APPLICATION.—Based on an affidavit or verified complaint satisfying the requirements of this paragraph, the court may, upon ex parte application but only in extraordinary circumstances, issue an order providing for the seizure of property necessary to prevent the propagation or dissemination of the trade secret that is the subject of the action.”

This provision is controversial because it can be ordered by a court ex-parte. By amendment, the words “but only in extraordinary circumstances” were added to attempt to mollify some critics of this provision. However, there are some strict limitations to the ex-parte injunctions and a couple of them are below:

“(ii) REQUIREMENTS FOR ISSUING ORDER.—The court may not grant an application under clause (i) unless the court finds that it clearly appears from specific facts that—

“(I) an order issued pursuant to Rule 65 of the Federal Rules of Civil Procedure or another form of equitable relief would be inadequate to achieve the purpose of this paragraph because the party to which the order would be issued would evade, avoid, or otherwise not comply with such an order;

“(II) an immediate and irreparable injury will occur if such seizure is not ordered.”

Such ex-parte injunctions must be very specific and the court must go to great lengths not to overreach or to punish through publicity an accused wrongdoer during the period of seizure. There are other typical requirements for injunctions like posting of security and careful management of the seized materials, and the accused wrongdoer has a right of action back against the claimant if the seizure turns out to be wrongful or excessive.

In an action for misappropriation, a court may order injunctive relief and may

“(B) award—

“(i) (I) damages for actual loss caused by the misappropriation of the trade secret; and

“(II) damages for any unjust enrichment caused by the misappropriation of the trade secret that is not addressed in computing damages for actual loss; or

“(ii) in lieu of damages measured by any other methods, the damages caused by the misappropriation measured by imposition of liability for a reasonable royalty for the misappropriator’s unauthorized disclosure or use of the trade secret;

“(C) if the trade secret is willfully and maliciously misappropriated, award exemplary damages in an amount not more than 2 times the amount of the damages awarded under subparagraph (B); and

“(D) if a claim of the misappropriation is made in bad faith, which may be established by circumstantial evidence, a motion to terminate an injunction is made or opposed in bad faith, or the trade secret was willfully and maliciously misappropriated, award reasonable attorney’s fees to the prevailing party.”

It is unclear as to how this bill will be enforced against foreign Trade Secret theft, or if there will even be jurisdiction under this act for such claims. We will follow up on that issue in future posts. See the Senate and House reports below which contain a substantial amount of background legislative history and commentary. Contact us for additional information. We will continue to study this new law and report to our readers.

Here is a link to the US Senate report on the bill: https://www.congress.gov/congressional-report/114th-congress/senate-report/220/1

Here is a link to the US House report on the bill: https://www.congress.gov/congressional-report/114th-congress/house-report/529/1

Sneath, Henry 2012 headshot

Henry M. Sneath, Esquire – 412-288-4013 or hsneath@psmn.com

Follow me on Twitter @picadiosneath and on Google+: http://tinyurl.com/ktfwrah

 

 

Pittsburgh Court Rules on Data Breach Class Claims – Denying Cause of Action

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

537047_70437721A Pittsburgh, Pennsylvania Judge has ruled at the trial court level that there is no private cause of action for the alleged failure of a major hospital network to secure and protect PII and PHI. Denying Class claims, Judge Wettick has ruled that because the legislature has not created such a right, that only the Pennsylvania Attorney General has the right to bring a claim in this circumstance. See the Legal Intelligencer article here: http://tinyurl.com/nphostc  We will get more details on this case and pass them along with our analysis.

Business Leaders Rank Cyber Risk #2 on List of Main Concerns

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

Travelers Business Risk ImageTravelers Indemnity and Insurance released its annual Business Risk Index, which is a survey of the concerns of business leaders and decision makers. Not surprisingly, for 2015, Cyber Risk moved up to the number 2 concern on that list, right behind rising healthcare costs. In some industry sectors it is the number 1 concern. The Banking and Financial Services, Professional Services, and Technology sectors each ranked cyber risks as the main driver of sleepless nights.  The chart on page 3 of the survey is very instructional as to the different concerns between small, medium and large businesses. Small businesses have less concern about data breach than larger businesses, but perhaps small businesses are overlooking their vulnerability and attractiveness as targets. If they care less, they will likely protect less, and become easy targets for hackers. It should be a huge concern for all businesses in all industries as no one appears immune. If you data store or deal in Personal Identifiable Information (PII) or Personal Health Information (PHI) as part of your business, then you are a valuable target. If you have financial or credit information, or trade secrets to protect, then perhaps your competitors, foreign governments and political hackers want to look inside your data. Many insurers are now offering Cyber Risk Insurance to provide defense and indemnity against these risks. Every business should have a data breach prevention and response team of employees and outside consultants and lawyers to audit the company’s vulnerability and to set the plan for a response when a breach occurs.  See the complete Travelers Business Risk Index at: https://www.travelers.com/prepare-prevent/risk-index/business/index.aspx

Target Agrees to Settle Class Claims Over 2013 Data Breach for $10M

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

Data Breach broken_security_lock photo Target Corp. agrees to settle the 2013 data breach class claims prior to argument on class certification. Lead plaintiff’s counsel admitted the uphill battle he faced to obtain class certification due primarily to the difficulty in these consumer data breach cases of proving commonality of claims. This settlement, which still needs court approval for its proposed $10M payout, will not settle claims by commercial entities, but only individual consumer claims. Here is a good article with more detail from the National Law Journal. We will continue to follow this settlement and the handling of the commercial claims as this blog increases our focus on Cybersecurity and Data Breach Prevention and Response issues.

See this link to the NLJ for more info:  http://tinyurl.com/kxwjrb9

 

 

Cybersecurity (CISA) Bill Moves out of Congressional Committee

j0402514Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Response team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

Privacy concerns continue to dog the CISA (formerly CISPA) bill, but it easily passed out of the  Senate Intelligence Committee yesterday.  Pundits claim that the bill pits “big government – NSA, Homeland Security et al allegedly aided by Big Tech Companies” against privacy advocates who want less regulation of data and the internet. I’m not sure if it lines up that neatly however. See this short article with a summary of the committee process from Wired.Com.

Here is an advocacy website piece which supports defeat of he bill.

We will continue to monitor the path of the bill to see if it makes it to the Senate Floor for a vote. For the complete text of the bill, view it at this link.

Sneath Headshot

Henry M. Sneath on Google+ or see his PSMN ® bio.

3rd Circuit Hears Argument on Cybersecurity Issue Regarding Data Breaches of Consumer Information

by: Kelly A. Williams, a shareholder at Picadio Sneath Miller & Norton, P.C.

ComputerOn March 3, 2015, the Third Circuit heard oral argument in FTC v. Wyndham Worldwide Corp. (No. 14-3514) on the novel issue of whether or not the Federal Trade Commission can sue a company for failing to properly secure consumer data. The case arose when the FTC sued Wyndham Worldwide Corporation, after Russian hackers broke into the Wyndham’s computer network and stole the credit card information for thousands of customers. The FTC filed the suit based on its authority under federal law to patrol unfair business practices. The Wyndham Hotel contends that its cybersecurity system is outside the realm of the FTC’s authority and that the FTC had not given notice about what the law would require with regard to corporate data security practices. The case reached the Third Circuit after the District for New Jersey denied the Wyndham’s motion to dismiss, and the Wyndham filed an interlocutory appeal. The panel’s, consisting of Judge Thomas Ambro and Senior Judges Anthony Scirica and Jane Roth, interest in the novel issue was apparent from the fact that oral argument lasted twice as long as the allotted time and the Court requested supplemental briefing.

See this article for additional information (subscription required). A recording of the oral argument can be found here at the 3rd Circuit’s website.