The importance of intangible assets to corporate value is ever-soaring, as are the potentially devastating consequences of commercially sensitive data falling into the wrong hands. The topic is once more in the spotlight following reports that a former Tesla employee has admitted in a US court to uploading his company’s trade secrets to his personal iCloud account.
It is claimed that at the end of 2018, Guangzhi Cao, a former Tesla engineer, stole more than 300,000 files and directories, including the source code underpinning the company’s Autopilot technology, then sought to cover his tracks by deleting more than 120,000 files and erasing his browser history. It is suggested that Cao did this at around the same time he accepted a job with Alibaba-backed Chinese start-up Xiaopeng Motors (also known as Xmotors or Xpeng), a Tesla rival, where he now works as head of perception.
On the face of the reports – and somewhat unusually for disputes of this kind – there appears to be no argument over whether the information in question is of a nature and quality to truly constitute ‘trade secrets’ that are capable of protection. Instead, with Cao admitting to taking copies (albeit denying theft), the focus has been on the extent to which Cao’s possession of this data poses a risk to Tesla.
Cao’s lawyers have reportedly asserted that he has done ‘precisely nothing’ with Tesla’s intellectual property, other than to ‘diligently and earnestly’ attempt to remove the information from his own personal devices. But let us say your bag is stolen from under your nose while dining in a restaurant: would you consider this acceptable provided the thief simply held onto your property for you?
Readers can draw their own conclusions over Cao’s conduct and his arguments. However, from a legal point of view while Tesla may not be in a position to evidence actual loss or damage arising from Cao’s actions, it is entitled to understand what Cao has done with the information, to seek injunctive relief against him to prevent its potential misuse and to request a court order that Cao will delete (under supervision) any copies of the information that may exist.
The same would be true on these shores. The UK affords businesses a good level of protection against misuse of confidential information. Alongside ancient common law rules, the UK also implemented the EU Trade Secrets Directive a little over 12 months ago. Essentially, the totality of this regime enables employers to prevent errant employees from stealing business secrets, provided they have taken reasonable steps to keep the information secret. This factor of ‘reasonable steps’ is a vital one, often ignored.
If a company wants sympathy from the courts, it will have to prove not only that the information is of a nature deserving of trade secret status, but also that it has always treated the information in that way. Regrettably, experience shows that too few do this, leaving them exposed.
One of the problems in this area is ambiguity over who within an organisation should take lead responsibility for driving through the necessary changes. However, I believe – and as the Tesla case demonstrates – it is very much a ‘people’ issue. The insider threat undoubtedly poses the single biggest risk to the security of trade secrets. Accordingly, HR practitioners should be front and centre in developing strategies to combat abuse.
It is recommended that businesses undertake an audit of confidential information to identify and categorise their trade secrets. Only once this is done can they then put in place safeguards to ensure secret information is treated accordingly. Examples of steps to take include restricting access to certain information, making it available only to those who really need it to do their jobs, password protecting relevant files, marking files as confidential, and putting in place written policies that explain to staff why it is important to ensure confidentiality and how that can be achieved and maintained. Developing a culture of protection is critical.
Imagine the damage that could have been done to Tesla’s business if it were unable to rely on trade secrets protection. Cao might have killed its autopilot ambitions and, with it, potentially, the long-term future of the company. Employers should be aware of falling asleep at the wheel where confidential information is concerned.
James Froud is head of employment at McCarthy Denning