Businesses invest significant time and resources toward creating and maintaining customer lists. While customer lists were historically relatively simple and straight-forward documents listing customer names and contacts, companies today often use customer relationship management (CRM) tools to compile, organize, and analyze large amounts of customer data – including contact information, personal information, products, marketing materials, social media information, purchase history, buying preferences, and more. Such data can be crucial for maintaining current customer relationships and soliciting prospective business relationships. For this reason, customer lists are more and more frequently being deemed a significant intellectual property. Likewise, should such intellectual property fall into the wrong hands, it can be very damaging to the business. So what steps can businesses take to protect their valuable customer lists? This article discusses recent case law on trade secret protection of customer lists and offers a checklist for businesses to ensure that they are taking appropriate steps to protect their information. For purposes of this article, we use the term “customer list” broadly, referring to any compilation of the above-listed categories of data and information relating to customers.
Why Trade Secret Protection?
There are various types of intellectual property protection in the United States. However, unlike patent, copyright, or trademark protection, trade secret protection is the only type of intellectual property right that does not require disclosure of the information itself in order to avail protection. As customer lists hold their value only when they are confidential, trade secret coverage is the appropriate protection for this type of intellectual property.
There are numerous laws protecting trade secrets in the United States, both at the federal and state level. Though there is some overlap, this article focuses on federal trade secret law. Specifically, the Defend Trade Secrets Act (DTSA), 18 U.S.C. §§1839 et seq., which became law in 2016, created the first federal cause of action for misappropriating trade secrets. The DTSA defines a trade secret as all forms and types of “financial, business, scientific, technical, economic, or engineering information.” 18 U.S.C. § 1839. To enforce a trade secret, its owner must prove the following: (1) that it has taken reasonable measures to keep the information secret; and (2) the information has independent economic value from being generally not known and not reasonably ascertainable.
Is a Customer List a Trade Secret Under Federal Law?
In the few years since the enactment of the DTSA, courts have been busy interpreting what kinds of information constitute a trade secret under the DTSA. As of the writing of this article, more than 100 court orders have referenced both the DTSA and customer lists. Courts have generally relied on precedent in their circuit in determining whether a customer list generally qualifies as a trade secret. As a result, the outcomes and interpretations have not been consistent. In the Ninth Circuit, for example, courts have explained that they have previously granted trade secret protection to customer lists because such a list “allows a competitor . . . to direct its sales efforts to reach those potential customers that are already doing business with the” trade secret holder. Chartwell Staffing Servs. Inc. v. Atl. Sols. Grp. Inc., No. 819CV00642JLSJDE, 2019 WL 2177262, at *5–8 (C.D. Cal. May 20, 2019) (internal quotations omitted). However, other courts have found that “[c]ustomer lists, pricing information, long-term sales strategies, and customer buying habits do not necessarily constitute trade secrets.” See CH Bus Sales, Inc. v. Geiger, No. 18-CV-2444 (SRN/KMM), 2019 WL 1282110, at *9 (D. Minn. Mar. 20, 2019).
What steps can a business then take in order to maximize the likelihood that its customer lists will be deemed worthy of trade secret protection? We have developed the following checklist of steps, based on recent federal court cases, to assist businesses interested in taking precautions with respect to their customer lists:
1. Ensure that the customer list is maintained in written form.
It is difficult for a court to deem something a trade secret if its actual existence cannot easily be proven. Unless a customer list is maintained as an actual list of some sort, a misappropriating party may successfully argue that it compiled the list from memory as a result of his or her former employment rather than by misappropriating it.[i]
2. Protect the customer list through technology and employee restrictions.
While it may be necessary for a customer list to be in written form, a trade secret owner will also need to demonstrate that it has taken reasonable precautions to keep the list confidential. In fact, some courts require double layers of protection, i.e., through password protection as well as signed nondisclosure agreements.[ii] Companies should also be sure to immediately remove employee access credentials, including to cloud-based CRM tools, upon termination or resignation of that employee, and conduct an exit interview to reiterate trade secret compliance.[iii]
It is also important for companies to ensure compliance with its trade secrete protection policies. For example, where it is disputed that employee handbooks are actually enforced and where some employees do not actually receive or sign confidentiality agreements, courts are less likely to find trade secret protection.[iv]
3. Limit the number of employees who have access to the customer list.
Courts are reluctant to extend trade secret protection to a list to which all employees have access. This suggests that businesses should ensure that customer lists be accessible on an “as needed” basis only, i.e., only to those who need the information to fulfill their job responsibilities.[v]
4. Ensure that the customer list contains more than just the identities of customers.
In order to be eligible for trade secret protection, courts often require that customer lists include more information than just the identities of the customers. For example, courts are more likely to find that a customer list is a trade secret when it contains nonpublic contact information.[vi] Other confidential information that will help a customer list achieve trade secret protection includes sales history, customer needs and preferences, pricing guidelines, and historical purchasing information.[vii]
5. Ensure that the customer list is current.
Courts appear unwilling to find that outdated customer lists are trade secrets as out-of-date information cannot have independent economic value as required by statute. Whether a customer list is sufficiently up-to-date depends on whether the information in the list has independent economic value recognized by the relevant industry. For example, Courts have stated that customer lists including pricing information may lose their economic value over the course of a few months.[viii] To prove that information is not out of date, a trade secret owner may need to put forth evidence that portions of the customer list change very slowly and very little in the relevant industry.[ix]
6. Do not publicly disclose information from the customer list.
While this one might seem obvious, it can sometimes be overlooked in the context of marketing efforts. For example, companies often list representative customers as a business development tool. As a general rule, a company should not publicly disclose information it is trying to keep secret. Veronica Foods Co. v. Ecklin, No. 16-CV-07223-JCS, 2017 WL 2806706, at *14 (N.D. Cal. June 29, 2017) (declining to find a trade secret where a company disclosed at least some of its customers).
7. Keep track of company time and resources used in the creation of customer list.
Courts are more likely to deem a customer list a trade secret where its owner is able to show “the difficulty and expense of compiling the information.”[x] Note, however, that where a customer list is merely a compilation of public information that is easy to find, even if a company spends “hundreds of hours” developing that list, it is not likely to be a protectable trade secret.[xi]
This checklist is, by no means, conclusive or exhaustive. These are merely some ideas, based on case law post-DTSA enactment, of steps that business can take. A proper assessment of whether a business has taken sufficient precautions to protect its trade secrets should be company-specific. Fish & Richardson P.C. is happy to assist in that endeavor. Download the checklist here.
[i]Miner, Ltd. v. Anguiano, No. EP-19-CV-00082-FM, 2019 WL 2290562, at *15 (W.D. Tex. May 29, 2019) (declining to find a trade secret where the plaintiff did not produce a customer list and it was unclear that list ever existed). But see WHIC LLC v. NextGen Labs., Inc., 341 F. Supp. 3d 1147, 1162–64 (D. Haw. 2018) (“[T]he mere fact that the information is not in a written list is not dispositive[.]”).
[ii]Way.com, Inc. v. Singh, No. 3:18-CV-04819-WHO, 2018 WL 6704464, at *10–11 (N.D. Cal. Dec. 20, 2018) (declining to find trade secret protection where a company required its employees to sign an employee handbook and IP agreement, but had no other protections).
[iii]Chartwell Staffing Servs. Inc. v. Atl. Sols. Grp. Inc., No. 819CV00642JLSJDE, 2019 WL 2177262, at *5–8 (C.D. Cal. May 20, 2019).
[iv]Weather Shield Mfg., Inc. v. Drost, No. 17-CV-294-JDP, 2018 WL 3824150, at *2–3 (W.D. Wis. Aug. 10, 2018).
[viii]CH Bus Sales, Inc. v. Geiger, No. 18-CV-2444 (SRN/KMM), 2019 WL 1282110, at *9 (D. Minn. Mar. 20, 2019).
[ix]Katch, LLC v. Sweetser, 143 F. Supp. 3d 854, 869 (D. Minn. 2015).
[x]Complete Logistical Servs., LLC v. Rulh, 350 F. Supp. 3d 512, 517–19 (E.D. La. 2018).
[xi]Art & Cook, Inc. v. Haber, No. 17CV1634LDHCLP, 2017 WL 4443549, at *2–3 (E.D.N.Y. Oct. 3, 2017).
Author: Ann Motl
The opinions expressed are those of the authors on the date noted above and do not necessarily reflect the views of Fish & Richardson P.C., any other of its lawyers, its clients, or any of its or their respective affiliates. This post is for general information purposes only and is not intended to be and should not be taken as legal advice. No attorney-client relationship is formed.