It is not an unlikely scenario: your top salesperson leaves your company to work for a competitor, taking your customers’ names and contact information with her on her personal BlackBerry. What legal rights do you have to keep your ex-employee from using the customer information she obtained while working for you? Can she use that information to solicit your customers on behalf of her new employer?
If your employee did not sign an agreement containing covenants against the use of confidential information, solicitation of customers or competition while working for your company, one of your primary legal protections is the law of trade secrets. In Georgia, trade secrets law is embodied in the Georgia Trade Secrets Act (the “Trade Secrets Act”). Most other states have similar statutes. 
Under the Trade Secrets Act, if a company can show that its customer lists, pricing information and other sensitive documents or information are trade secrets, it may be able to prevent a departing employee from taking or using that information in a competitive manner. The key to claiming protection under the Trade Secrets Act is showing that the information constitutes a “trade secret.” This requires proof of several elements. First, a company must show that the information in question belongs to the company. Second, the information cannot be commonly known by, or available to, the public. Third, the information must have actual or potential economic value to the person who possesses it because others cannot generally ascertain it by proper means. And fourth, the company must have used reasonable efforts to maintain the secrecy of the information. More than anything else, written policies regarding the use and disclosure of sensitive information, as well as policies concerning computer use, are critical to a company’s ability to stop a former employee from using information in a competitive manner.
The Trade Secrets Act was adopted before the proliferation of laptop computers, personal digital assistants and other mobile electronic devices. Whereas proving a Trade Secrets Act claim was once fairly straightforward, it has become more complicated with the advent of BlackBerrys, iPhones, cellular telephones and laptop computers. In the past, businesses primarily kept track of sensitive customer information – customers’ names, addresses, phone numbers, and preferences – in paper files. Now, contact information is most often stored electronically. Businesses commonly keep customers’ names and contact information in a number of electronic formats and in multiple places. As a result, it is more difficult than ever to know who owns the information, and whether a business has made reasonable efforts to preserve its secrecy.
This article explains how the elements of the trade secret test apply in the age of the BlackBerry and iPhone, and suggests some steps that you, as a company owner or executive, can take right now to protect your company’s trade secrets and preserve your rights under the Trade Secrets Act. 
Showing It’s Yours
To invoke the protection of the Trade Secrets Act, you must first meet its most basic requirement: the information you are seeking to protect must be yours. But, not all information is capable of being owned. Georgia courts have consistently ruled that a company can own tangible compilations of its customer contact information, but that it cannot own its customers’ names, email addresses or phone numbers alone. Practically, this means that your ex-employee, if not bound by a nondisclosure agreement or other restrictive covenant, is free to solicit your customers so long as she relies on her own memory to recall those customers’ identities and obtains their contact information from publicly available sources. It is only if she takes or copies “an actual list contained on paper” that the Trade Secrets Act can be used to stop her.
In the past, this tangible/intangible distinction provided an easy way to distinguish between compilations of names and the names themselves. But modern businesses seldom restrict their customers’ information to a single printed sheet of paper. Chances are, you keep your customers’ contact information on a computer hard drive or a network or web-accessible database. In fact, you may keep this information in a number of formats: perhaps in an Excel spreadsheet for sales projections, in a financial management software program for billing purposes, and in your Microsoft Outlook program for communication needs. And maybe the Outlook contacts sync to your employees’ BlackBerrys or iPhones. So, how does the tangible/intangible distinction work for electronically stored information?
So far, the Georgia courts have offered little guidance. The most recent cases to evaluate this issue have continued to find that businesses must put information in a tangible list in order for it to be protected as a trade secret. In 1997, for example, a federal court applying Georgia law reaffirmed the tangible/intangible distinction as the trade secret threshold. In that case, the court declared, “companies may create customer lists on notebook paper, parchment, computer disk, microfiche, or on the back of a napkin; such tangible lists are protected by the Trade Secrets Act.” In 1999, another federal court struck down a company’s argument that former employees stole its “customer base.” Chastising the company for failing to point to a particular compilation of customer information, the court explained that it “should have reduced its customer list to tangible, written form.”
Showing You’ve Kept it a Secret
You must also have used reasonable efforts to maintain the secrecy of the information in question. It is not enough simply to declare that information is confidential; you must demonstrate affirmative actions to maintain secrecy.
In the past, you could satisfy this requirement by showing that you maintained only one copy of your customer list, on paper, locked in a safe or a drawer where only executive management had access to it. But, what qualifies as a “reasonable effort” to maintain secrecy if your information is in an electronic file rather than on paper?
A recent Georgia case provides a helpful example. In Paramount Tax & Accounting, LLC v. H&R Block Eastern Enterprises, Inc., the court addressed the secrecy of tax preparer H&R Block’s customer database. A former H&R Block employee used the database to send letters on behalf of a new tax preparer, soliciting H&R Block’s customers. The court recognized that H&R Block had established companywide policies protecting its client information from disclosure to third parties, counseled its employees regarding those policies, limited access to its customer database to certain employees, protected the database with a password, prohibited employees from printing out information from the database, and prohibited employees from taking home information from the customer database. Based on these confidentiality measures, the court decided H&R Block had made a reasonable effort to protect the secrecy of its customer database.
H&R Block showed that in a number of ways, it acted affirmatively to protect the secrecy of its customer database. If, for example, H&R Block had allowed its employees to sync their BlackBerrys and iPhones to company computers, the court might have concluded that this was not consistent with making reasonable efforts at maintaining secrecy. This case shows the importance of instituting policies that restrict how employees may access and use information.
What You Can Do to Protect Your Information and Relationships
As you can see, there is little certainty for employers seeking to claim trade secret protection for their electronic lists and information. But there are some things you can do now to avoid later problems:
- Require new employees to sign restrictive covenants. Valid, enforceable restrictive covenants are the best way to prevent employees from using information acquired during their employment with you in the context of a new job. Have your attorneys prepare an enforceable non-disclosure, non-compete and/or non-solicit agreement, and require all employees to sign it.
- Adopt confidentiality and computer use policies. Institute confidentiality, non-disclosure and computer use policies. A computer use policy should state that if an employee has a company-issued laptop computer or other electronic device, the employee must return it and may not download any information off of it before departing. Disseminate your policies, train your employees on what they mean, and enforce them.
- Issue company-owned laptops and BlackBerrys. Issue company-owned laptops and BlackBerrys to employees who need them for their work. Prohibit employees from accessing or downloading sensitive company information using personal computers or personally owned handheld devices so that if you ever need to assert your rights under the Trade Secrets Act, you can show you attempted to maintain the secrecy of your information and that employees who downloaded that information knew they were exceeding their permission.
- Password-protect sensitive information. Password-protect databases, documents or other electronically stored information that contains sensitive information, and retain control of the password. Change passwords often. To the extent that you have hard copies of the information, lock them up and control who has access to them.
- Restrict access. Permit access to sensitive information to only those employees who need it. Distribute passwords to only those employees who need to access protected information. Prohibit employees from distributing or disclosing company passwords.
- Label sensitive documents. Mark sensitive documents, including customer lists, “confidential” or “secret.” Electronic documents should likewise be labeled or placed in folders or drives that require a password to open.
- Destroy printed versions of sensitive documents. Require employees who printed schedules and lists as part of their duties to shred or otherwise destroy the lists when finished.
- Keep documents in the office. Prohibit employees from taking sensitive documents home with them. Limit employees’ access to customers’ contact information or other sensitive information via their personal cell phones, BlackBerrys or laptops. Limit syncing of company computers with personal devices and implement strict policies concerning ownership in conjunction with their doing so.
- Conduct inventory for departing employees. Consistent with a computer use policy, require departing employees to return all company property, including documents and electronic devices issued through the company, and to delete any customer contact information that may be on their personal electronic devices.
- Institute remote access policies. It is common for companies to provide remote access to work systems for employees who telecommute or are frequently out of the office. When you know your employees need to access company information remotely, it is important to have in place policies that address the downloading of documents and other information. You may also want to consider limiting the scope of remote access.
- Act fast. If a key employee leaves and you suspect he or she has taken information that could be a trade secret, consult with legal counsel, and do it fast. You may be able to seek the court’s assistance to prevent your former employee from using your trade secrets.
 Some protection may also be available under Georgia’s Computer Systems Protection Act (the “Computer Protection Act”) and similar statutes in other states. A discussion of the Computer Protection Act is outside the scope of this article.
 This article discusses the two elements of a Trade Secrets Act claim that are most affected by the proliferation of BlackBerrys and similar devices: whether the information is owned by the company claiming trade secret protection, and proving that the company used reasonable efforts to maintain the secrecy of the information. The remaining two elements – whether the information is commonly known by the public and whether it has economic value – are less affected by these recent technological developments and are outside the scope of this article.