Competitive Secrecy.
Reminder: none of what follows is legal advice. At all.
In the current era of business, more so than in any era before, information is power. From client lists and sales metrics, to patentable innovations and trademarked branding, enterprise value today is as much about what a business does as it is about what that business knows. And, of course, how well protected that knowledge actually is.
For a lot of key business information, the protections of trademark and patent are either unavailable or inappropriate. A list of top customers, for instance, can’t be trademarked, nor can it be patented. Nevertheless, it, along with information on how those customers were acquired, and how sales practice should be tailored to best derive value from those customers, is of extremely high value to just about any business. Typically, we refer to this kind of information as “trade secret,” and that designation carries with it protections of its own.
The thing about trade secret information, though, is that it’s typically only valuable when it’s deployed. In order to be effective, a business must, perhaps reluctantly, make this information available to a wide range of its employees, often spanning a number of different business units. Nevertheless, in order to keep its trade secret status, trade secret information must be handled with care. Companies need to take reasonable measures to keep trade secret information confidential, etc.
Protective Covenants.
But what are reasonable measures? For the legendary Coca-Cola formula, it’s kept under lock and key, with extremely restricted access, and deployed towards the front lines of the business in a compartmentalized format such that it can’t easily be ascertained or reverse-engineered. And for something like a recipe, that can work. But, for something like sales practice data, it simply can’t, and it’s in situations like these where covenants between companies and their employees are vital. Sometimes these covenants are contained within a single, long-form “Employment Agreement,” and other times, they’re carved off into a standalone “Confidentiality and Intellectual Property Rights Agreement,” or something to that effect. Here’s a quick summary of some of the typical covenants:
Confidentiality (a/k/a an “NDA”): Our stuff is secret, and you have to keep it secret.
Non-Solicitation (a/k/a a “Non-Sol”): You can’t poach your colleagues and run off and start a new thing together, or have them join you at a different company, typically for a period of time.
Non-Competition (a/k/a a “Non-Compete”): You can’t work for a competitor or start a company that competes with us, typically for a period of time and within a specific geography.
And this all sort of makes sense, right? If you’ve got an employee who’s got access to your most sensitive customer information, you don’t want them violating the above covenants. That would be very bad for business. And how do we deal with bad business stuff in America? We litigate (obviously).
Litigation Gamble.
There’s a recent set of non-compete-related lawsuits taking place in Massachusetts and California, and to understand what’s going on, we’re going to dive into the murky industry of online sports betting. In the US market for online sports betting, there’s two dominant players: DraftKings and Fanatics. Gambling businesses, whether online or in-person (e.g., a casino), rely heavily on business from their top clients. Customer and sales practice information, therefore, is of extremely high value. Just last week (and roughly 10 days before the Superbowl, a very significant event in the world of sports betting), an executive at DraftKings left his position with the company and joined its rival, Fanatics. DraftKings promptly sued the executive in federal court in Massachusetts, citing theft of confidential information and violation of his non-compete and other covenants with the company. The executive also sued DraftKings in state court in California, arguing that the non-compete is unenforceable.
Just Ban It!
For a while now, there’s been something of a push in state legislatures across the country to ban non-compete agreements. Not surprisingly, California has led the charge, adopting legislation effective as of this year to ban non-competes. New York is trying to follow suit, though its bill was vetoed by Governor Kathy Hochul in December and is likely to see revision as this year progresses. There’s also a potential federal ban looming in the distance. And, for what it’s worth, I get it. Non-competes can be scary, and, for a lot of employees, wholly unnecessary. A lot of companies include them as a matter of course in their Employment Agreements, without pausing to think about whether there’s an actual interest of the company that’s being protected in the actual use-case. For instance, WeWork was investigated by the Attorney General’s offices of New York and Illinois for its use of non-competes with fairly low-level workers (e.g., front desk staffers). Is someone who makes sure you’ve scanned your ID card before entering your flexible co-working space really going to run away with their employer’s trade secrets? Probably not! There’s no good reason that person shouldn’t be able to quit and go work for another leasing company masquerading as a tech company.
On the other hand, though, there are employees at companies who generate or have access to vital trade secret information, the disclosure of which to a competitor could be disastrous. Is a confidentiality clause (which, to be clear, is not something to be affected by the bans / proposed bans on non-competes) sufficient to protect employers’ interests? That is to say, do we trust departing employees to: a) understand what is / is not the confidential information of their former employer; and b) not use or disclose that information, particularly to their future employer that may be a competitor of their former employer? Come on. (I mean, even the President did it, sort of.)
An Eventful Teams Call.
But don’t just take my word for it. Here’s this: back in November of last year, an ex-employee of a German company called Valeo was on a Teams call with his former employer on behalf of his new employer, Nvidia. Nvidia and Valeo were working together on a project for an auto parts manufacturer, and the guy was a software engineer on the Nvidia side. On the call, during a screen share (yep, you know where this is going…), the guy minimizes the PowerPoint he’s presenting to reveal…his former employer’s source code! Jesus. Now, of course, investigations, lawsuits, penalties, etc., but the scary thing to me here is that this only came to light because of how gobsmackingly stupid the employee was. What I’m thinking about here—and I’m sure I’m not alone in this—is how often is this happening where the employee in question isn’t a complete moron, and the compromise of confidential information is going undetected? Probably loads of times! And as a lawyer for companies with confidential information, this gives me a tummy ache.
Now, here’s a tough question: would a non-compete have solved this problem? Maybe. Here’s what I think: if you’re an employee of questionable scruples, I’m not sure how much a non-compete is going to deter you from harvesting confidential information for future (wrongful) use. Do you think “oh, well I have this non-compete, so what’s the point?” Or do you collect the information, store it, and save the wondering about its usefulness for later? My guess is the latter. Also, what sort of information is it, and how evergreen is it? The thing is, non-competes are typically of limited duration (and few would argue it’s worthwhile trying to enforce a “forever” non-compete), whereas a lot of confidential business information is valuable for a long, long time. So, sure, if an employee wrongfully shares or uses confidential information tomorrow vs. 6 months from now vs. a year from now, the damage is (maybe) lessened, but certainly not eliminated. But, it’s important to note, we’re starting to generalize pretty broadly here.
Getting Into The Details.
To me, generalization is a big part of the problem here, on both sides of the equation. To fans of non-competes, I’d say that the provisions unfairly punish employees who won’t divert confidential business information, and only delay the inevitable in the case of those who will. To those against, I’d say that there are legitimate circumstances in which a non-compete is vital to protect the reasonable interests of a business, and that a blanket ban is inartful, at best. What’s needed is an inquiry based on the specific facts and circumstances, considering, inter alia, the following:
Confidential Information Value Decay. Is the confidential information to which the subject employee has access of evergreen value, or does its value decay over time? Now, I’m not sure how much information in the world is truly of evergreen value, particularly in this world of increasingly rapid innovation, but it’s fair to say that some information (e.g., software source code) might have longer value than other information (e.g., marketing plans for the upcoming quarter). A non-compete may be more effective in cases where the subject information exhibits rapid decay, whereas for more evergreen information, the marginal value of the non-compete should decrease steadily over time, but its overall value will correlate to the long-term value of the underlying information.
Geographic Scope of Confidential Information. Is the confidential information valuable anywhere in the world, or only in a specific region? Is the non-compete limited to match that scope? Even if it is, though, we’ve got issues. What’s a subject employee to do? Move? That seems harsh.
Industry Scope of Confidential Information. Is the confidential information valuable only within the subject company’s industry, or broadly across a variety of industries? Is the non-compete tailored to suit? Here, again, though, it’s not so easy for an employee to switch industries, perhaps even less so than to switch place of residence, in the case of highly specific skill sets.
Compensation to Employee During Non-Compete Period. In some industries, this is known as a “garden leave,” but basically, if a business finds it necessary to protect its confidential information for a period of time through the use of a non-compete, it can pay the subject employee for a portion of or all of the non-compete period. I’m sure some will disagree, but I think these arrangements are fairly defensible. On one hand, it’s still reasonable to call this a “restriction on trade,” but I don’t think it’s an unreasonable one. If we’re worried about the employee’s ability to earn, that concern is solved. If there’s an employer out there willing to pay the employee substantially more if they can start immediately, that’s the sort of scenario that seems a little suspicious. Is the increase in payment perhaps related to information coming along with the employee? In at least some cases, probably.
Earnings Threshold Nonsense.
Notice one thing that isn’t in the above calculus: how much the subject employee earns. Why? Because that has nothing to do with the fairness of the restriction. For instance, if I were to give you two employees, the co-founder and CEO of a startup, and a mid-level portfolio manager at a private equity firm, and asked you which one of the two has more access to confidential information which, if used adversely, could likely destroy their employer, which would you choose? The startup guy, right? Now here’s another question: which one likely gets paid more? Probably the portfolio manager. Now, remember how I’d mentioned that NY’s governor vetoed legislation banning non-competes? One of the key considerations is the dollar amount threshold for employee annual compensation. The dispute between the governor and the bill’s sponsors is over whether the threshold should be $250k or $300k / yr. (and how bonus and stock option compensation should be counted, etc.).
For the financial services industry (e.g., Wall Street banks, hedge funds, private equity funds, etc.), the $250k vs. $300k threshold fight might be more meaningful in distinguishing junior vs. mid-level employees, but it: a) has nothing to do with the nature of the confidential information being protected, the risk to the business should the information leak to a competitor, etc.; and b) covers just about every employee, from junior to senior, in the context of most other industries! So, fundamentally, under the proposed NYS law, a large bank can put a non-compete on mid-level line-employees, but an innovation-centric startup can’t put one on its key leaders. This is insanity. (And what’re the odds that there’s some bank lobbyists at work in Albany to set the compensation threshold at $250k? Don’t answer that.)
Post-Ban Dystopia.
Let’s be realistic about a few things:
A federal ban is going to depend a lot on what happens this November.
California’s ban isn’t going anywhere, and New York’s ban is going to become law eventually.
Other states may join the “ban-wagon,” and I’d expect this to split sort of along the red/blue divide that currently exists across the states.
It’s telling—and perhaps no accident—that the two states leading the way on banning non-competes are also those which hold the most vibrant and populous communities of tech and other innovation-driven startups. Functionally, though, this brings the most risk to a large number of the most vulnerable doorsteps. How might these companies adapt?
The most logical, but perhaps also the most damaging, way forward is to restrict the flow of information within the employee pool. This doesn’t come without its costs, though. For one, there’s increased workload and cost on the IT function in ensuring that company drives, databases, etc. are properly permissioned under a principle of least privilege (PoLP) framework, and really drilling into what “least privilege” actually entails. On the person-to-person side, there’s also going to be a need of ongoing employee training regarding intra-company confidentiality, and ensuring that information is shared only between employees / units needing to know such information, authorized to have such information, etc.
Sound dystopian? It is.
In the real world, companies often use principles of least privilege in their IT environments, but the definition of “least privilege” is pretty expansive. E.g., a software developer at a startup might not have access to sales lead spreadsheets, but might have access to other projects in the software development pipeline other than whatever they’re working on. This allows for flexibility, better development, seeing the bigger picture, etc. And in terms of inter-personal interactions, moreover, the “hey, what’re you working on?” conversations that take place within companies are frequently great sources of value to the company. Implementing a least-privilege environment in that context would conceivably disrupt workplace culture, with potentially catastrophic outcomes.
But what’s the alternative? Let people walk around knowing all the things and then trusting that they, out of the goodness of their hearts, won’t misappropriate that information at their next employer? I’m just not sure that works. I’m not sure any of this works.
But I guess we’ll see.
