As we continue working remotely during and even after the pandemic, companies and their employees must rely on communications platforms such as WebEx, Zoom, and Google Meet to conduct business. In many instances, call participants discuss trade secrets or other confidential information, which may not receive the protection ordinarily given in other modes of communication, such as through emails and face-to-face conversations. In a recent court decision, the Delaware Chancery Court held that information can lose its status as a trade secret if it is disclosed during a video conference that is not fully secure, such as not being password protected.
In Smash Franchise Partners, LLC v. Kanda Holdings, Inc., No.2020-0302-JTL, 2020 Del. Ch. LEXIS 263 (Ch. Aug. 13, 2020), the plaintiff, a franchisor, brought claims for misappropriation of trade secrets, unfair competition, conversion, and breach of a non-disclosure agreement. The Smash Franchise Partners (“Smash”) alleged that the defendant, a potential franchise purchaser, had started a similar company with stolen trade secret information that was obtained during confidential meetings conducted via Zoom. This past April, Smash filed a motion for a preliminary injunction barring the defendant from using or disclosing its confidential and trade secret information that would allow it to compete with Smash.
In an August, 2020 order, the Court held that Smash was not reasonably likely to succeed on the merits of its claim because, even assuming trade secrets existed, Smash failed to take reasonable measures to protect them. The Court specifically pointed to Smash’s disclosure of confidential and trade secret information via Zoom video calls with potential franchisees, during which Smash failed to use available security measures.
The Court found that Smash did not avail itself of the Zoom security features to help ensure that confidentiality was maintained. First, all of the meetings were held using the same Zoom link, and participants were under no obligation to keep the link confidential. Therefore, the link, and access to all of the meetings, could easily have been shared with outside parties. Also, Smash used the same Zoom meeting code for all its meetings and didn’t use the waiting room feature to screen participants. Anyone who wanted and received the code could join the calls. The company also didn’t set up the meeting access as password protected. Lastly, while Smash’s internal procedures provided that a company representative would take roll at the beginning of each meeting and remove anyone who did not have permission to be there, they failed to follow their own directive. Due to such failures on the part of Smash, the Court denied the company’s motion for a preliminary injunction relating to the trade secret and confidential information claims.
Although it’s not binding authority in most jurisdictions, the Smash decision serves as a cautionary tale to businesses and individuals alike to learn and use security measures available on remote communication platforms, even if there is no confidential information being disclosed. With platforms such as Zoom, participants should make sure to include steps such as password protecting meetings, checking for uninvited participants, and having individuals with access to the meeting agree to confidentiality obligations, unlike the parties in this case.
For more information Stewart Banner