Zoom calls have become one of the most common ways to conduct business during the COVID-19 pandemic. However, businesses must ensure that they are taking the proper steps to safeguard their confidential data, including trade secrets, when using the popular technology.

A Delaware business recently found out the hard way that failing to take reasonable steps to protect the confidentiality of trade secrets during a Zoom call can destroy their legal protection. The court denied the company’s request for an injunction that would have halted the operation of a competing business that had allegedly misappropriated its trade secrets because the company failed to take adequate precautions.

“At this stage of the case, the record does not support a business-stopping injunction. All of the information that the defendants received was publicly available, freely shared by Smash's franchisees, or provided by Smash without taking adequate precautions to protect its confidentiality,” the Chancery Court of Delaware held in Smash Franchise Partners, LLC v. Kanda Holdings, Inc.

Lawsuit Seeks Injunction Against Competing Business

According to the court’s decision, Plaintiffs Smash Franchise Partners, LLC, and Smash My Trash, LLC (jointly, "Smash") operate a mobile trash compaction business and sell franchises to entrepreneurs who want to run a Smash-branded franchise in a protected territory. The core business involves using a truck-mounted mobile trash compactor to smash trash in a customer's dumpster, which enables the customer to pack more trash into each dumpster load and save on fees paid to the waste management company that provides the dumpster and hauls away the waste.

Defendant Todd Perri expressed interest in a Smash franchise. He soon concluded that with his engineering background and business experience, he could create his own mobile trash compaction business. Despite deciding to form his own business, Perri continued to feign interest in a Smash franchise and gather information about Smash. One of the sources of information Perri relied upon was weekly Zoom calls, one of which was conducted by Smash and another conducted by its franchisees. In total, Perri participated in approximately ten hours of Smash-sponsored calls. He took detailed notes and often wrote down the names of the participants.

Perri and his college fraternity brother, Kevin McLaren, ultimately went on to form Dumpster Devil LLC as a competing mobile trash compaction business. Smash filed suit, seeking a preliminary injunction to shut down Dumpster Devil's business.

Court Rules Business Failed to Protect Confidentiality

The Chancery Court denied the injunction, concluding that Smash had failed to show that the defendants obtained and used highly confidential and valuable information from Smash. With regard to the information obtained via the Zoom calls, the court held that any confidential information they obtained was freely shared by Smash’s franchisees on the calls or provided by Smash without sufficient safeguards to protect confidentiality. As explained by the court:

Smash did not take reasonable steps to protect their secrecy. Smash freely gave out the Zoom information for the Franchisee Forum Calls and the Founder Calls to anyone who had expressed interest in a franchise and completed the introductory call. Smash used the same Zoom meeting code for all of its meetings. Smash did not require that participants enter a password and did not use the waiting room feature to screen participants. Anyone who had expressed interest and received the code could join the calls, and participants could readily share the code with others.

The court also noted that Smash failed to follow its own procedures. For instance, the call moderator was supposed to take roll at the beginning of each call and remove anyone who did not belong, which she did not. “The record establishes that twenty participants who cannot be identified listened to the meetings,” the court added. “There is no evidence that these individuals signed NDAs.”

Best Practice for Safeguarding Confidential Information on Videoconferences

Because the legal protections afforded to trade secrets hinge on the information being kept secret, it is imperative that businesses take precautions to keep sensitive business data confidential while conducting videoconferences.  In April, the Federal Trade Commission (FTC) published a list of videoconferencing privacy tips that can be helpful when creating your own best practices. They include:

1. Take steps to ensure that only invited participants are able to join your meeting. People may call it “zoombombing,” but it’s a consideration across all kinds of platforms: uninvited people showing up on video conferences. What can your company do to reduce the risk? Some services allow hosts to password-protect a meeting. Others limit access by providing unique ID numbers for each meeting or for each participant. These features may not be enabled by default, so look carefully at what settings are available. If you host recurring meetings, most services allow you to create new passwords or ID numbers for each meeting. That method is more secure than reusing old credentials, so establish that as the policy for your employees.
2. Take advantage of other tools to limit access to meetings. Conferencing services may give the host the option to lock the meeting once the expected participants have arrived, preventing others from joining. For the greatest level of control, hosts can enable settings allowing them to approve each participant trying to join in. You also may have the ability to remove individual users from the meeting should the need arise.
3. When you join a meeting, your video camera and microphone may be on by default. Be aware that participants may be able to see and hear you as soon as you join a meeting. If you don’t want to share sound or video, most services allow you to mute yourself or turn off your camera. You may be able to adjust the default settings so your preferences are stored for the next meeting or – depending on the service – you may need to adjust your settings at the beginning of each call.
4. Check to see if your video conference is being recorded. Many services allow the host to record the meeting for future reference. The service should display some indicator you’re being recorded – for example, a bright red circle or the word “recording.” But remember that a meeting may be recorded even if these indicators don’t appear. We’ve heard reports of video conferences that have been shared online without participants’ knowledge. The safest strategy is to assume you might be recorded and, if possible, avoid sharing private information via video conference,
5. Be careful before sharing your screen. Most services have functions to allow you to share with the group what’s on your screen – for example, a slide show. But before sharing your screen, make sure you don’t have open documents, browser windows, or other things on your screen you don’t intend for others to see. Some services have options that allow the host to turn off screen sharing or to limit its use to the host.
6. Don’t open unexpected video conference invitations or click on links. With the upsurge in video conferencing, malicious actors are sending emails mimicking meeting invitations or other communications from conferencing services. To add authenticity, they may copy the logo and look of familiar names in the business. But instead of taking you to a conference, those links may contain viruses or install malware on your computer. The safer practice is to tell your staff or your clients in advance that you have a teleconference planned for a certain time and they should expect an invitation with your name.
7. If confidentiality is crucial, video conferencing may not be the best option. No conferencing service can guarantee the security of your information, so consider alternatives if you need to talk about particularly sensitive topics. If you’re conferencing remotely with a health care provider, ask about dedicated telehealth conferencing services that can include more safeguards to keep information private.
8. Before using a conferencing service, review key provisions in the service’s privacy policy to understand how your information will be handled. What information does the conferencing service collect about you? Does the privacy policy limit the company from using your information for purposes other than providing their conferencing service? Finally, does the conferencing service share your information with advertisers or other third parties?
9. Update your video conferencing software. As security issues arise, many video conferencing companies are updating their software with patches and fixes. That’s why it’s important for your business to use the improved version. Only accept updates directly from the service’s website.
10. Establish preferred video conferencing practices at your business. Your employees are doing their best to maintain productivity during a trying time. But a well-meaning staffer may inadvertently put sensitive data at risk by enabling video conferencing services that don’t meet your company’s privacy or security standards or that could be out-and-out malware. Share these ten tips with your team, establish company-wide video conferencing dos and don’ts, and emphasize the need to select the more secure options when hosting or joining video conferences.

Key Takeaway

Much like a live meeting, when using technology like Zoom, businesses must take steps to safeguard trade secrets and other confidential information. That includes limiting the participants, controlling who hears the conversation, and setting limits on whether the meeting is recorded or notes are taken.  If proprietary or trade secret information is to be discussed with others, do not proceed absent a signed non-disclosure agreement.

If you have questions, please contact us

If you have any questions or if you would like to discuss the matter further, please contact me, David Einhorn, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.