Privacy Plus+

Privacy, Technology and Perspective

Legal Issues Surrounding Customer Lists.  This week, let’s examine the numerous legal issues surrounding Customer Lists. Customer lists are often among the blue-ribbon prizes in fights among competitors or between employers and their departing employees. “Customer List Litigation” has become almost a specialty, standing in an explosive space where nine (9) or more areas of law intersect.

Especially for lawyers new to the field, obsessing over one of these areas may distract from the others’ useful (or dangerous) aspects.  So let’s step back and consider what these different areas are.

  1. Intellectual Property:  Trade Secrets and Confidential Information (of course).  Under the Uniform Trade Secrets Act followed in 49 states and D.C., Section 757 comment b of the Restatement of Torts (1939) still followed in New York, and the federal “Defend Trade Secrets Act,” a customer list may fall within the definition of a “trade secret” but doesn’t necessarily.  It must still be a “secret” (not generally known or readily ascertainable in the industry), valuable, and the subject of reasonable measures to keep it under wraps. Usually—but not always—the more detailed, valuable, obscure, and protected the customer information is, the more likely it is to constitute a trade secret.

    It may be tempting to bootstrap your facts up to the level of a trade secret, quickly tie the laces of your trade secret’s “misappropriation,” and race straight into court, especially since in many states, the UTSA is preemptive of some—not all—other remedies. But first, consider also:

  2.  Employment Law/Fiduciary Duties.  Fiduciaries, both formal and informal, owe their principals the highest duties of care and loyalty, including protecting their trade secrets during the fiduciary relationship and after it ends. All employees—of high position or low—owe duties not to compete with their employers while in their employ or to spirit away those employers’ trade secrets when they leave. But employees generally can take their “general industry skills, knowledge, and information” with them when they leave and use those skills to compete against their former employer, even if they improved those skills while in the former employer’s workforce. This may extend to skills or information they already had when they joined the former employer.

  3. Contract.  Many legal duties can be rearranged by contract, though not all. For example, employers and others often use Non-Disclosure Agreements (NDAs) to specify what their trade secrets are and hopefully to expand their grasp beyond the prevailing judicial definitions of “trade secrets” and also capture “[merely] confidential information” — information which may not constitute “trade secrets” strictly speaking, but which the employer nevertheless considers confidential as between it and its employee and does not want its employee to misuse.

  4. Business Competition Law.  Customer lists may also be the subject of much business competition law, either directly or indirectly. Indirectly, in most states (not Louisiana) misuse of customer lists or information may form the basis for a claim of tortious interference with actual or prospective contracts. Many employers require Non-Compete Agreements (NCAs) and/or non-solicitation agreements from their employees to enforce the protection of their trade secrets by keeping the former employee out of the relevant industry long enough for the trade secrets to become stale and valueless.  But be careful: while some states think NCAs are good for “bidness,” other states consider them void as a matter of public policy and won’t enforce them at all. (And when California and Alabama agree on public/business policy, that should get our attention!)

  5. Electronically Stored Information.  By now, most customer lists are stored and transmitted electronically. So how the lists are poached may trigger any number of electronics-related statutes, such as the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the Wiretap Act (18 U.S.C. § 2511), the Stored Communications Act (18 U.S.C. Chapter 121 §§ 2701-2712), and others – which may impose their liability or defenses apart from the issue of “misappropriation” of trade secrets.

  6. Unfair Competition.  All states have a “Little FTC Act.” Some of these offer businesses a cause of action against their competitors for acts of unfair competition, which may include purloining customer lists.  Other states’ “Little FTC Acts” do not, but those states (including Texas) often permit a derivative cause of action for “common law unfair competition” which usually applies whenever some other cause of action which sounds in unfair competition has been established, subject however to issues of preemption.

  7. Copyright.  “Copying” customer lists may also constitute copyright infringement, but be careful.  Copyright is exclusively federal, requires prior registration, and is sweepingly preemptive of all other actions which purport to give equivalent remedies or affect equivalent rights.  Preemption especially may offer defendants an opportunity for jurisdictional challenges in state court or outright dismissal where the complaint concerns activity that the Copyright Act would permit.

  8. Criminal Liability.  Under the Theft of Trade Secrets Act (18 U.S.C. § 1832), state criminal statutes such as the Texas criminal prohibitions against theft of trade secrets (Tex. Penal Code § 31.05), and many other state and federal statutes, theft or misappropriation of customer lists which meet the necessary definitions may lead to horrendous criminal consequences, including serious prison time.

  9. Privacy.  For a moment, forget whether your customer list is protected from your competitors or former employees. Instead, consider whether personal information is contained in the list.  If it is, your collection, use, sharing, and protection of that personal information will also implicate your organization’s privacy notice, the FTC Act, and potentially other federal, state, and even international privacy laws, like the EU’s General Data Protection Act (“GDPR”). Have you accurately represented your organization’s privacy practices concerning the personal information in your Customer List?  Were you required to get consent to use that information in the way that you are using it?  Can you prove it?

Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.