The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
If you want evidence that the U.S. faces a dire threat from the theft of trade secrets and intellectual property, look no further than the case of 43 year old Wenfeng Lu of Irvine, California.
Mr. Lu was the subject of an indictment handed down by a federal grand jury last week linked to the theft of trade secrets from two different medical device companies in Irvine, where Lu worked between 2009 and 2012. According to the indictment, during his time working with the companies:
“Lu travelled to the People’s Republic of China (PRC) multiple times – sometimes soon after allegedly downloading trade secrets from an employer’s computer and emailing information to his personal email account. Lu was arrested as he prepared to board a plane to the PRC in November 2012, according to court documents. Lu appeared ‘to be in the process of setting up a company with other individuals in the PRC to manufacture medical devices,’ according to an FBI affidavit.”
Despite the clear-cut nature of the crime, Lu’s employers would previously have had a difficult time seeking redress in federal court for the theft of their secrets. That’s because, amazingly, there was no specific federal criminal statute dealing with the theft of trade secrets – only their “misappropriation.”
Companies could still pursue legal action in State courts but, as this article notes, state courts’ jurisdiction is limited, especially with regard to crimes that cross state and national borders.
The Defend Trade Secrets Act, signed last week by President Obama, goes a long way to correcting that. Among other changes, the law establishes a federal civil cause of action for trade secret misappropriation. The new law creates a consistent, federal law governing intellectual property theft. Importantly, it also allows the owner of a stolen or misappropriated trade secret to obtain an ex parte seizure to prevent disclosure of the trade secret – in other words: authorities can seize goods and materials from firms believed to be trying to benefit from misappropriated trade secrets.
The new legislation – long overdue – will come as welcome relief for technology companies, in particular. The growth of remote workers, porous corporate IT perimeters and the advent of small, high capacity storage devices and cloud based storage services make it easier than ever to abscond with huge volumes of sensitive corporate information. And, while technology can provide some protection against data theft, companies also need to be able to rely on the courts to enforce their intellectual property rights.
As this article at EETimes points out, the DTSA also establishes a formula for calculating damages from intellectual property theft based on the actual loss to the injured, the amount of its unjust enrichment, or a reasonable royalty. Willful misappropriation of trade secrets, as was the case with Mr. Lu, may result in damages being multiplied.
There has been no shortage of headlines in the last decade about cutting edge technology firms undone by the theft of intellectual property. The new DTSA certainly won’t end the process, but it may provide a significant disincentive and a way for aggrieved firms to have their day in court.