Silicon Valley Chapter’s November 2023 Event, Featuring Jim Pooley
The LES Silicon Valley Chapter hosted Jim Pooley as the keynote speaker at its final networking event of the year (November 14th, 2023). The event was hosted by Procopio in their Palo Alto office, with attendance at capacity with over 80 people. Pooley addressed the topic of managing trade secrets, a topic where he has established global expertise since the 1970s. Pooley spent over 40 years as a successful Silicon Valley trial lawyer with deep knowledge of trade secrets and patents, including 5 years (2009-2014) as manager of the international patent system (PCT) as Deputy Director General of the World IP Organization (WIPO) in Geneva. Pooley published his first book on trade secrets in 1982, and his most recent book was translated to Chinese, evidence of the global interest in the topic.
Why Trade Secrets Matter?
Pooley started with a historical overview, stating that trade secrets are the oldest form of IP; as a matter of fact, a method for securing and manufacturing silk is the oldest documented trade secret. Trade secrets litigation started showing in the 1970s, when Pooley was a partner at Wilson Sonsini in Silicon Valley. Pooley described this as litigation caused by people “doing something stupid”.
Later, when running PCT at WIPO, he visited companies and realized that new challenges associated with trade secrets related to digital assets (such as data) and networks. While industry’s primary asset nowadays is data, these valuable assets are vulnerable: cyberattacks, external threats, open innovation (imperative to share to innovate fast enough) and a modern workforce require close management of trade secrets in the global economy.
Based on Pooley’s experience, lawyers do not always see trade secrets as “Real IP”. Trade secrets are a creature of state law, and it has not been clear what is the doctrine behind it. Patent lawyers view them as “mysterious” and something to be avoided; but their clients don’t see it this way. The clients actually see trade secrets as both assets (data, customer info, competitive intelligence) and liabilities (compliance, cyber threats, risk management) at the same time.
Increasing damages awards lead people to pay more attention to trade secrets: $2 billion (Appian v. Pegasystems), $940 million (Epic v. Tata), and $706 million (Title Source v. House Canary), are some of the recent examples of high trade secret litigation damages.
Trade Secrets Law
Next, Pooley addressed the legal protection of trade secrets. Trade secret protection is broader than any other form of IP protection (patents, trademarks, copyrights) since it protects information. The legal definition of trade secrets is similar worldwide, with the following elements:
- Information that is secret (not generally known)
- Has competitive value from the fact that it is secret (incremental value from treating it as a secret, as has been determined in a recent legal case)
- Is protected by “reasonable efforts” (the most difficult to understand and prove)
Examples of protectable trade secrets include raw data, information about customers, etc. Skill and general knowledge are not covered. Trade secrets are potentially permanent but not exclusive, as more than one company can have the same trade secret.
Pooley highlighted a problem that came to light during the Waymo v. Uber trade secrets litigation case, known as the “Recruiter’s Dilemma”. When hiring employees in an emerging industry, you want to hire for their general trade and experience, not for any specific trade secrets they have been exposed to. And yet, the perfect hire is someone who has solved a problem for a competitor, so they may have had some exposure to trade secrets.
Managing trade secrets
Pooley laid out the strategic objectives for managing trade secrets: prevent loss of critical advantage, avoid contamination, comply with standards (important for board members) and demonstrate “reasonable steps” (if you ever go to court).
Pooley continued by defining three factors guiding “reasonable steps” (which align with classic risk management principles):
- Value of the information: focus on what is most important (almost all secrets will eventually become known, many secrets degrade over time).
- Risk of loss or contamination: what are the threat vectors (most important is the workforce), what is the likelihood that they will come to pass.
- Consider mitigation measures: what mitigation measures might reduce risk, what do they cost (money, administration and friction
Pooley then elaborated on three risk areas related to trade secrets, and how they should be managed to mitigate risk:
- Risk area #1: People
- Recruiting and onboarding: address “Recruiter’s Dilemma” (in fast growing industries and companies) by reviewing contracts and create good record of warnings not to bring information in.
- Training is the cheapest form of prevention: effective training is continuous and varied, as employers are the most common source of leaks.
- Termination: lock down access to systems, conduct a thorough exit interview (find out where are they going? What will they be doing there and how can they perform their new role by maintaining confidentiality?)
- Risk area #2: Processes
- Policies: good, understandable not overwhelming, monitorable; pay special attention to social media, reinforce through management response to each incident.
- Access controls: access on a need-to-know basis, coordinate access change as positions change, keep record classification systems simple.
- Endpoint controls: map where data travels and it is stored, who has access and how; establish controls for employee-owned devices.
- Risk Area #3: Management
- NDA Management: form v. contract (NDAs deserve negotiation), track lack of execution and follow up.
- International supply chain: every country is very different; US has discovery so get US jurisdiction, if possible, to increase level of control.
- Litigation avoidance – top of mind: trade secret litigation is costly, involves emotional issues.
Conclusion: Creating a Plan Fit for Purpose
Pooley’s final takeaways were focused on how to create a plan fit for purpose, so that trade secret management can be done “without breaking a sweat”. The plan should benefit from following a few simple guidelines:
- “Audit” and “inventory” are not required: “manage to the risk, not to the rules.”
- Central authority with distributed responsibility: Business Unit leaders perform initial assessment, central management assures compliance and reviews.
- Regular reviews: threat environments are dynamic, plans need adjustment.