With the shift to remote work, companies and their employees are regularly relying on communication platforms like Zoom, WebEx, and Google Meet to conduct business—including to discuss confidential or trade secret information. But, companies should be aware of a recent decision from the Delaware Chancery Court, which held that information can lose its status as a trade secret if it is disclosed during video conferences that are not sufficiently secure or password protected.
In Smash Franchise Partners, LLC v. Kanda Holdings, Inc., No. 2020-0302-JTL, 2020 Del. Ch. LEXIS 263 (Ch. Aug. 13, 2020), Plaintiff brought claims for misappropriation of trade secrets, conversion, unfair competition, and breach of a non-disclosure agreement, based on allegations that Defendant Todd Perri, a potential franchise purchaser, had started a competitor company with stolen trade secret information that he learned during confidential meetings conducted via Zoom. On April 23, 2020, Smash filed a motion for a preliminary injunction barring Defendants from using or disclosing its confidential and trade secret information or otherwise competing with Smash.
In its August 13, 2020, Order, the Court held that Smash was not reasonably likely to succeed on the merits of its misappropriation claim because, even assuming trade secrets existed, Smash failed to take reasonable measures to protect them. In support of this, the Court pointed to Smash’s disclosure of confidential and trade secret information via Zoom video calls with potential franchisees, during which Smash failed to use available security measures.
Specifically, the Court noted that:
“Smash freely gave out the Zoom information for the Franchisee Forum Calls and the Founder Calls to anyone who had expressed interest in a franchise and completed the introductory call. Smash used the same Zoom meeting code for all of its meetings.”
“Smash did not require that participants to enter a password and did not use the waiting room feature to screen participants. Anyone who had expressed interest and received the code could join the calls, and participants could readily share the code with others.”
“Smash and Fastlane also did not follow their own procedures. Bode was supposed to take roll at the beginning of each call and remove anyone who did not belong, but she did not.”
“The record establishes that twenty participants who cannot be identified listened to the meetings. There is no evidence that these individuals signed NDAs.”
Based on this, the Court denied Smash’s motion for a preliminary injunction relating to the trade secret and confidential information claims.
While not binding authority in most jurisdictions, Smash serves as a reminder for practitioners and companies alike, that it is critical to learn and use security measures on remote communication platforms, including video platforms like Zoom. While the security measures will vary based on the information discussed and platform used, best practices could include steps such as password protecting meetings, monitoring attendance, removing uninvited participants, and/or ensuring individuals with access to the meeting links are subject to non-disclosure agreements or other confidentiality obligations.
Finally, with the current numbers of workers conducting business remotely, practitioners should consider seeking discovery for video/call logs and other records relating to conversations where confidential or trade secret information may have been discussed, and asking for identification of the participants.