Reminder: Zoom Needs to Be Set Appropriately to Protect Your Trade Secrets

You’ve heard the warnings: Set your Zoom settings to require a new ID for each meeting; require a password for entry; put people in waiting rooms; blah, blah, blah. I suspect we often just sound like Charlie Brown’s teacher on the show Peanuts.

Well, it actually matters. And not just in theory, but in real life.

Learn from the recent experience of Smash My Trash in their failed effort to convince the Court of Chancery of Delaware to issue a preliminary injunction in Smash Franchise Partners, LLC v. Kanda Holdings, Inc., 2020 WL 4692287 (Del. Chancery 2020).

The story is short, though the decision is long.

Smash operates a mobile trash compacting franchise business. As the court explained, the founder of the company “developed a plan to ‘disrupt the commercial waste industry’ by providing trash compaction services at the customer’s place of business rather than at a centralized location.”

Defendant Todd Perri, a serial entrepreneur with an engineering background, learned about Smash, after which, he contacted a college fraternity brother, Kevin McLaren, to discuss whether they could operate their own mobile trash compacting business without a Smash franchise. To do that – in the words of the court – they “embarked on a campaign of deception . . . feign[ing] interest in purchasing a Smash franchise,” and using that “pretense . . . to collect information about Smash,” while “setting up their own mobile trash compaction business to compete with Smash.”

The court spared no opportunity to comment on defendants’ “disingenuous and underhanded conduct . . . .”

However, the court found that the information disclosed during Zoom calls was not confidential if for no other reason than Smash’s failure to take reasonable measures to protect its secrecy during the calls. Specifically, the court said,

Assuming for the sake of analysis that Smash had protectable trade secrets, Smash did not take reasonable steps to protect their secrecy. Smash freely gave out the Zoom information for the Franchisee Forum Calls and the Founder Calls to anyone who had expressed interest in a franchise and completed the introductory call. Smash used the same Zoom meeting code for all of its meetings. Smash did not require that participants to enter a password and did not use the waiting room feature to screen participants. Anyone who had expressed interest and received the code could join the calls, and participants could readily share the code with others.

Smash and Fastlane also did not follow their own procedures. Bode was supposed to take roll at the beginning of each call and remove anyone who did not belong, but she did not. The record establishes that twenty participants who cannot be identified listed to the meetings. There is no evidence that these individuals signed NDAs.

Because Smash did not take reasonable steps to protect its trade secrets, Smash has not established a reasonable likelihood of success on the merits of its claim for misappropriation of trade secrets.

(Emphasis added.)

As a result, even if the information disclosed during the Zoom calls had qualified as a trade secret before the call, the slack protection measures eliminated any such trade secret status.

The takeaway: As explained in our “Ten Minute Training” series video, Protecting Trade Secrets – Working at Home, “you should always limit sharing confidential information to the extent possible. That means limiting the audience to those who need to know the information, and limiting the information that is discussed to just the information essential to accomplish the business purpose. In addition, each service typically has security settings that can reduce the risks posed by the particular platform. For Zoom and other video conference platforms, for example, ensure that, to the extent available: you permit authorized users only; require a password for entry; use the ‘waiting room’ to exclude people until you are ready for them to enter; use non-guessable meeting IDs generated for each meeting; turn off automatic recording and prohibit recording. You should also ask all invitees not to forward access information for the call, or to take screen shots during the call.”

If you would like to learn more about protecting your trade secrets in a remote-work environment, now is the time. The courts are watching.

Feel free to contact me for the link to the video, if you would like to watch it. (Please note that we are limiting distribution of the video to our clients and other companies.)

Bonus takeaway: Another lesson to be learned from the case is that bad conduct alone will not carry the day in a trade secret misappropriation case.

We talk a lot about the impact of misconduct (i.e., the who’s “wearing” the “black hat”) on the likelihood of obtaining (or successfully defending against) an injunction. As is typically the case, the party wearing the white hat has a leg up on the party wearing the black hat. But that is just one (albeit significant) factor in establishing entitlement to a temporary restraining order or preliminary injunction. You still need to be able to make out the prima facie case. And, you won’t get your injunction if you can’t make out your case.

Smash is a clear reminder. There was no question who was wearing the black hat. It was the defendants, loud and clear. But that did not warrant an injunction. As the court explained,

The fact that Smash is not entitled to a business-stopping injunction does not legitimize Perri and McLaren’s conduct. Their actions were disingenuous and underhanded. They did not, however, acquire legally protected information that could support the type of broad preliminary injunction that Smash seeks.

(Emphasis added.)