When does information which is readily available in the public realm still constitute a trade secret? A business looking to protect its trade secret customer lists would be wise to follow the guidance of the recent case of loanDepot.com, LLC v. CrossCountry Mortg., LLC, No. 22 CIV. 5971 (LGS), 2023 WL 3884032 (S.D.N.Y. June 8, 2023). In loanDepot.com, Plaintiff had brought claims, including under the federal Defend Trade Secrets Act (“DTSA”), after an alleged “raid” by Defendant, Plaintiff’s competitor, of Plaintiff’s employees and information. In short, when the employees (named as individual defendants) left Plaintiff for Defendant, they accessed, downloaded and took client data, including compilations of customer contact information — addresses, phone numbers and emails. The former employees also allegedly solicited their colleagues to leave Plaintiff for Defendant. All these actions were taken despite employee agreements containing restrictive covenants.
The motion at bar, which the Southern District granted in part and denied in part, concerned Plaintiff’s request to continue and enlarge an existing Temporary Restraining Order. The Order at bar concerns three types of requested restraint: (1) Defendant’s use and distribution of Plaintiff’s documents and information; (2) Defendant’s use of Plaintiff’s “basic customer contact information” possessed “independent[ly] of any [Plaintiff] documents”; and (3) Defendant’s solicitation of Plaintiff’s employees.
There was no real question that Defendant should be restrained from using the actual documents and information stolen by Plaintiff’s former employees. But, what about information that is publically available, and if compiled and assembled could replicate Plaintiff’s purportedly “secret” information? Can Defendant’s use of such information violate the DTSA? The loanDepot.com Court found that there was a strong enough possibility that it would to grant the injunction and restrain Defendant.
The Court, citing 18 U.S.C. § 1836(b)(1), stated that “to prevail on a DTSA claim, the plaintiff must establish that (1) it possessed a trade secret and (2) the defendant misappropriated the trade secret.” loanDepot.com, 2023 WL 3884032, at *5. The second element is fairly well established, but the Court spent some time on the first. Breaking this section into its component parts, the Court laid out the statutory definition of “trade secret” as including “all forms and types of financial, business, scientific, technical, economic, or engineering information if (1) the owner thereof has taken reasonable measures to keep such information secret and (2) the information derives independent economic value from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information.” Id.
Here, Plaintiff required all its employees to enter into confidentiality agreements and agreements acknowledging they may not retain customer information, and also to review and acknowledge an employee handbook and Plaintiff’s Information Security Policy. Further, the customer contact information was protected by passwords, restricted access, and encryption so that was only accessible for a “business need.” The Court found this to be sufficient to demonstrate the protection element.
Regarding the second element, while it may be self-evident that the customer information was valuable because the former employees thought it something worth stealing, the Defendant argued that the information could be re-created through public databases and other publicly available means, an allegation which was essentially undisputed. However, in rejecting Defendant’s argument that the customer information was not a trade secret, the Court responded with the interesting assessment that while such reverse engineering could have been done, that is not what was done. The Court reasonably concluded that such a re-creation of customer and client list would take significant time, research and resources. Does that difficulty and cost convert public information, so compiled, into a trade secret due federal protection? While this case is one to watch, the Court, for now, is indicating that it very well might.
While this was a clear victory for the Plaintiff, the Court has not enjoined the solicitation of Plaintiff employees, despite employment agreements with the former employees acknowledging the insufficiency of money damages as relief for this injury. For the loanDepot.com Court, the difference between this issue, and the customer information, is that Defendant was actively using Plaintiff’s information, but Plaintiff could not show that employee solicitation was currently happening – only that it did happen and it might again.
It seems a bit like the Court is denying Plaintiff a chance to close the barn door before the horses inevitably try to run out but, generally, courts do not deal in theoretical possibilities, only actual and imminent harm, otherwise they run the risk of passing judgment on mere hypotheticals. Therefore, businesses should be warned that courts can only provide protection from imminent harm and, therefore, businesses must be personally vigilant to catch the horse on its way towards the door before going to the expense and trouble of seeking judicial relief.