How Videoconferencing Can Put Trade Secrets at Risk | Tech Law
Like many companies in these pandemic-ridden days, the Smash My Trash group uses videoconferencing in its business dealings.
The Smash group consists of Smash My Trash LLC, which uses mobile trash compactors to compress trash in customers’ dumpsters, and Smash Franchise Partners, LLC, which sells the company’s franchises.
One potential franchisee, serial entrepreneur Todd Perri, used the information gleaned from Smash’s videoconferences to help set up a direct competitor.
Smash Franchise Partners last year filed suit in the Delaware Court of Chancery — the Nation’s preeminent forum for determining business disputes — alleging Perri breached its trade secrets and used confidential information.
The court denied the injunction because it found security around and during the videoconferences was sloppy.
Smash’s Franchise Purchase Process
Prospective Smash franchisees must first participate in two sets of videoconferencing presentations on Zoom after, among other things, taking a phone call about the economics of running a franchise and getting an Excel workbook containing relevant economic data.
One set of Smash videoconferences has current franchisees describe how they run their franchise and answer questions about their business. The other set is hosted by company founder, president and CEO Justin Haskins, who discusses various business and technical issues, such as fleet management and maintenance, and answers questions.
Franchise FastLane, an independent contractor that markets Smash’s franchises, handles the videoconferences.
Potential franchisees then sign a non-disclosure agreement and travel to Smash’s headquarters in Indiana to learn proprietary information — which the firm calls its “secret sauce.”
‘Devil’ at the Door
In 2019, Perri responded to an ad about Smash posted by independent franchise broker The Franchise Collective, and got a broad overview of Smash’s business and equipment.
This included where the equipment was purchased, franchise locations, available territories, the identity of one national account, the startup and operating costs, and the software needed to run a franchise.
He was also directed to Smash’s website and its YouTube channel, and given a pitch deck — an introductory presentation — that discussed Smash’s business model and business strategy.
Perri later called fraternity brother Kevin McLaren, who operates a roll-off dumpster business, and the two formed Dumpster Devil, LLC to compete with Smash.
Meanwhile, Perri continued to gather information about Smash’s operations. He signed an NDA but did not attend the presentation at Smash headquarters because that was confidential.
After failing to purchase equipment from Smash’s supplier, Perri and McLaren signed an exclusive supplier agreement with trash compaction and handling equipment manufacturer Packmat System.
Dumpster Devil’s business model closely resembles that of Smash but uses an exclusive licensing arrangement for branded equipment instead of selling franchises.
Perri attended two more Smash videoconference calls after signing with Packmat, and launched Dumpster Devil with McLaren in March 2020.
Their website compares Dumpster Devil’s equipment and return on investment to those of Smash. They also bought the name “Smash My Trash” from Google AdWords, so that a Dumpster Devil ad was the top result for Google searches in certain geographic areas using that name.
Why Smash Lost
The Delaware Court of Chancery ruled that Smash freely gave out the Zoom logon information for the videoconference calls to potential franchisees and used the same Zoom meeting code for all its meetings.
It did not password protect the meetings or use the waiting room feature to screen participants, so anyone who had the code could join the calls and share the code with others.
Franchise FastLane, which ran the conferences, did not take roll at the beginning of each call and remove anyone who did not belong; and 20 participants who could not be identified attended the videoconferences. There was no evidence they signed the NDAs.
“If the meeting content is proprietary, it’s the responsibility of the owner to protect it,” Michael Jude, a research director at market research firm IDC, told the E-Commerce Times. “That’s why Kentucky Fried Chicken maintains its secret recipe in a vault.”
The carrier — in this case Zoom — has no responsibility to protect what has been discussed on an open line, Jude noted.
Security and Compliance Measures
It’s important to “actually monitor what happens in the meeting to detect when sensitive data is exposed, ensure that proper disclaimers are used, identify behavior that could led to liabilities, and prevent security risks in what is spoken, shared, shown or typed in a video meeting session,” Devin Redmond, CEO and co-founder of Theta Lake, told the E-Commerce Times.
Theta Lake provides collaboration security and compliance for Microsoft Teams, Cisco WebEx, Zoom and RingCentral.
“Companies should assume by default that anything shared in a meeting is exposed or leaked,” Redmond observed. In addition to close monitoring of videoconferences, they should train staff on proper procedures while implementing security and compliance technologies purpose-built for video collaboration.
Trade secret law requires trade secret owners to take “reasonable efforts” to secure that information, wrote Milton Springut, a partner at Springut Law.
However the definition of reasonable is not carved in stone.
“What constitutes ‘reasonable’ evolves over time, as both technology and challenges to security advance,” Springut stated. “What was science fiction yesterday can become standard operating procedure today.”