Compliance lessons from the Google/Uber trade secrets mess

Levandowksi’s latest legal problems and a preceding lawsuit (since settled) between Waymo, the self-driving car unit of Google parent Alphabet Inc., and Uber over the whole matter may indeed be a comeuppance of sorts for an industry that boasts of its ability to “move fast and break things.” At the same time, the entire sordid affair is a reminder to the corporate world as a whole, and to the tech industry in particular, to be more proactive in deterring the theft of trade secrets. They might also take notice of a federal government seemingly more willing to pursue intellectual property thiefs.

The government’s indictment of Levandowski “most certainly represents expansion of the what the Department of Justice has historically left for former employers to handle in civil lawsuits against future employers and former employees,” observed Valerie Charles, general counsel at GAN Integrity. Yet that increased scrutiny can also bring repercussions for the corporate victims of these crimes.

The fall of a star?

The DOJ announced on Aug. 27 the charges against Levandowski, a founding member of the group that worked on Google’s self-driving car project. Levandowski, who began working at Google around 2007, resigned without notice in 2016 after developing his own self-driving company, which Uber bought in 2016.

The government maintains that before departing Google, Levandowski, who had signed multiple confidentiality agreements, downloaded thousands of files containing engineering information about Google’s self-driving vehicles and transferred that data to his personal laptop.

“All of us have the right to change jobs,” said U.S. Attorney David Anderson when Levandowski’s indictment in federal court in California was announced. But “none of us has the right to fill our pockets on the way out the door,” he continued. “Theft is not innovation.”

Uber fired Levandowski in 2017 and settled with Waymo the following year. As part of its arrangement with Waymo, Uber promised to make sure it did not use Waymo’s confidential information.

Levandowski, who is 39 years old, has pleaded not guilty. The government filed charges against him following an investigation by the FBI.

How worried should corporations be?

“Trade secret theft, whether prosecuted civilly, criminally, or both, is a serious problem facing chief compliance officers,” observed Mindy Morton, a partner at Procopio. “According to the Office of the National Counterintelligence Executive, companies collectively lose as much as $300 billion per year due to theft of trade secrets.”

Companies losing their talent as well as those recruiting it should beware.

“There is no doubt that the Levandowski indictment sends a clear message to the tech industry—both innovators and their corporate employers,” Charles said. “Employers dealing with departing innovators and those hiring them must take note and adopt more assertive and involved approaches to address potential theft of trade secrets.”

While it may be tempting for companies to seek government prosecution of former employees gone rogue, doing so does risk the airing of a lot of dirty laundry, particularly given that defense counsel can use broad discovery rights to determine if stolen information actually is a trade secret. That this particular Google-Uber mess has been widely reported may give other organizations pause in thinking how they might approach a damaging or blatant theft of intellectual property.

Deterrence is the best protection

Of course, it’s preferable that intellectual property not be stolen at all. To that end, “companies should have a policy in place to handle trade secrets that governs how trade secrets are identified, stored, protected, and accessed,” Morton said. Restrict access to trade secrets only to those employees with a need to know, she suggested.

Also use technology to limit the likelihood of a theft and to track it should one occur. “Although BYOD [(Bring Your Own Device)] policies are popular, any computers or servers storing critical trade secrets should not allow flash drive access or downloads to e-mail,” Morton said.

Monitor and limit access

Compliance will need to work with IT to finger wrongdoers. A corporate IT team “should monitor access to critical files and servers and alert the compliance officer if there is any unusual downloading activity,” Morton suggested. “Also, there are several apps that companies can require employees to have on personal devices if used for work purposes that can easily delete company e-mails and files remotely.”

Companies might also beef up departure strategies when an employee resigns. “Take action the moment an employee gives notice,” Morton said. “Exit interviews should be standard with all employees, and companies should consider imaging hard drives for any employees with access to trade secrets or other critical IP.”

Make sure to have “well-documented policies and procedures in place to ensure that departing employees know and have acknowledged that they are prohibited from leaving with and/or using trade secrets,” Charles said. Require the speedy return of company equipment and prevent employees with one foot out the door from accessing trade secrets and from downloading e-mails or other information from the cloud, she suggested.

There is always an employee who will have trade secrets, Charles acknowledged. To that end, “there is no substitute for unambiguous and carefully drafted noncompete provisions,” she said.

Because noncompete clauses are sometimes disfavored by courts for being too restrictive, care should be given to their drafting. “Appropriately limiting the scope of noncompete provisions is the best way to ensure such provisions will be upheld by a court evaluating enforceability,” Charles said. “Consider geographical scope, duration, scope of prohibited conduct, and clarity.”

Limit liability when hiring talent

Companies might also be cognizant of their own vulnerability should new hires arrive with their former employer’s intellectual property stored on a thumb drive. To thwart that possibility, “any company hiring new employees should require them to affirm that they are not bringing a former employer’s trade secrets,” Morton said. Going a step further, hiring companies might also “have all new employees sign proprietary agreements that require the employee (and not the new employer) to assume liability arising from use of trade secrets of prior employers,” Charles suggested.

Be ready to act if an employee is accused. “All companies should have a process in place to quickly respond to claims of trade secret theft,” Morton said. At a minimum, the employee’s network access should be restricted, sensitive information should be identified and isolated, and counsel should become involved, she explained.

Lori Tripoli is a writer based in the greater New York City area who focuses on legal and regulatory issues.