Filed: May 24, 2017
Opinion by: Judge Glenn T. Harrell, Jr.
Holding:
Simply
storing a “trade secret” in a cloud-based service is not sufficient to be
considered reasonable to maintain its secrecy under Maryland law. Reasonable efforts may include changing the
password to the account after an employee leaves, limiting access on a “need to
know” basis within the company, or restricting the dissemination of information
with confidentiality or non-disclosure agreements.
Facts:
Plaintiff sells electronic
products on Amazon.com. Defendant is a
competitor and was founded by a former employee of Plaintiff. Plaintiff alleges it owns a trade secret in
its “methodology by which it inputs information into the Amazon search template
in order to drive sales for its online tablet computer business.” Plaintiff keeps its trade secret, along with
other business documents, in cloud-based password-protected accounts on the
Internet. Plaintiff shares access to the
Dropbox accounts with its service providers.
On September 18, 2014, Plaintiff
filed a complaint in the Circuit Court for Montgomery County for misappropriation
of a trade secret. Plaintiff asserted that
a consultant of Defendant, who was a former employee of a service provider of
Plaintiff, viewed the trade secret in Plaintiff’s Dropbox account in April
2014.
The Circuit Court ruled in favor of Defendant on
the trade secret issue. Plaintiff
appealed to the Court of Special Appeals (Court), which affirmed the decision
regarding the alleged trade secret.
Analysis:
Md. Code, Commercial Law Art. §
11-1201 states that a “trade secret” is “information… that (1) derives
independent economic value, actual or potential, from not being generally known
to, and not being readily ascertainable by proper means by, other persons who
can obtain economic value from its disclosure or use; and (2) is the subject of
efforts that are reasonable under the circumstances to maintain its secrecy.”
The Court upheld the Circuit’s
Court decision in ruling that Plaintiff’s actions were not reasonable to
safeguard its proprietary information involving a cloud storage service. Cloud storage is a “backup and storage
service on the Internet” whereby a “customer’s files are downloaded to anyone’s
computer with a Web browser and password.”
Dropbox’s desktop applications allow customers to “easily move files
from (their) computer to the cloud and vice versa by dragging and dropping them
into (their) Dropbox folder. The service
automatically and quickly syncs (their) files across all of (their) devices, so
(they) can access everything, everywhere.”
The Court contrasted Plaintiff’s
efforts with the company in LeJeune v.Coin Acceptors, Inc., 381 Md. 288, 310-11, 849 A.2d 451, 464-65 (2004), which
did not want its customers disclosing its pricing with other customers because
it used a “tiered pricing scheme”. The
company acted reasonably under those circumstances by (1) negotiating
non-disclosure agreements with its customers, (2) marking “confidential” on
pricing and proposal documents, and (3) communicating to the employees in the
company’s employee handbook that it required employees to protect the company’s
secret manufacturing process and business methods.
The Court determined that merely
uploading its proprietary methodology to a cloud-based program on the Internet is
not a reasonable effort to protect the information. The Court suggested ways in which a company
can satisfy the second prong of § 11-1201 when information is stored in the “cloud”. Examples of reasonable efforts to maintain
the secrecy of Plaintiff’s methodology include (1) changing the password to the account after an employee leaves, (2) limiting
access on a “need to know” basis within the company, and (3) restricting the
dissemination of information with confidentiality or non-disclosure agreements.
The Court also reviewed whether
the punitive damages award was excessive.
This is an unreported
opinion. See Md. Rule 1-104.
The full opinion is available PDF.
No comments:
Post a Comment
Please Post Comments Here