To contact us please call 760.722.6582 or by e-mail.
Free Consultations.

 


SIGN UP FOR THE
MORTON MEMO

 

 

 

December 2011 | May 2012 | July 2012  |  October 2012 |  December 2012     

The Morton Memo - APRIL 2013

Our two articles concern the on-going quest to keep information confidential, both business and personal. The first concerns confidentialty contracts signed by employees and their dangers for the employer. Businesses frequently don't realize how easily they can over-reach with such agreements.
The second concerns personal privacy requirements from the State of California and the Federal Trade Commission for mobile apps.
The Morton Memo is for you, so kindly email me those topics of interest to you.

>> Strictly "Confidential"  

>> Privacy for Mobile Apps

 

strictly "confidential"

By Kellie M. Delaney

Confidential

A recent client matter underscores some interesting trends in California regarding the protection of so-called “confidential” information.  It has long been the law in California that non-compete agreements are unenforceable except in limited circumstances.  But business  owners often have employees sign a Business Confidentiality or Nondisclosure Agreement to protect information such as customer lists, formulas, and any other non-public information that has economic value for the business.  These agreements usually specify categories of confidential, proprietary, or “trade secret” information to which the employee, consultant, or business partner may have access during the employment or business relationship.  These agreements, properly used, are an important tool to identify confidential or trade secret information and protect that information from unauthorized disclosure or misuse.

However, not all confidentiality agreements are created equal.  In fact, these agreements may be unenforceable if they define broad, all-encompassing categories of information and preclude an employee from ever using that information for any reason.  Case in point.  While defending a small business owner who was sued by her former employer based on just such an agreement, we were successful in having the court declare the agreement to be an unlawful restraint on trade (see Business and Professions Code section 16600) that would have precluded our client from practicing her profession.

We defeated the breach of contract cause of action on demurrer because the agreement our client signed at the onset of her employment had defined everything but the kitchen sink as confidential or trade secret information.  Then, just prior to terminating her employment, the employer required her to sign an “enhanced” version of the agreement that expanded the definition to include the kitchen sink, and then some.  Based on recent case law in California, the court agreed with us that because the employer had not made a meaningful attempt to specifically identify what it considered confidential or trade secret information.  Instead, the employer defined only broad and overly inclusive categories that would pretty much cover anything the employee had ever learned, seen, heard, read, or been exposed to in the course of her employment.  And that, the court said, is unenforceable because an employer cannot “lock down” an employee to such an extent that the employee could never meaningfully practice his or her profession for any competitor. 

Employers can, and should, continue to protect their trade secrets and confidential information.  However, they need to do this in a thoughtful, deliberate way that is tailored to meet their goals.  The following considerations are central to making that happen:

      1.    Who.  It’s important to understand the type of relationships in which you are sharing confidential or trade secret information so you can anticipate the type of exposure you might have and craft appropriate agreements.  For example, an account manager who has access to customer lists and sensitive marketing data could easily take that information with him upon termination and immediately use it to unfairly compete with a former employer.  An engineer who is working on product design may have access to research and proprietary data.  Or you may want to share future product plans—which could be detrimental if they are made public—with a strategic partner who is going to help you enter a new market.  Using an identical, boilerplate confidentiality agreement in all these relationships is not appropriate because there are different risks inherent in each one.

      2.    What.  Probably the most important thing you can do is to think through and identify the specific types of information to which the employee or other party will have access.  By calling out this information, you not only protect your intellectual property but you also foster more understanding between the parties and this kind of transparency is apt to reduce your risks.

      3.    When.  Include a time limit.  An agreement that is open-ended about what, and for how long, information must be kept confidential, could be challenged on that basis alone.

4.     For What Purpose.  Information is rarely disclosed without some context.  We recommend that you state that specific context in the agreement because these details will help to prevent misunderstanding and, if a bona fide dispute does ensue, may help to establish the parameters of that dispute.  It is far more cost-effective to prosecute or defend a claim that is well-defined than a claim that is open-ended because there was no meeting of the minds about the scope and purpose of the agreement.

If you are routinely using a boilerplate Business Confidentiality Agreement or NDA (Nondisclosure Agreement), consider whether it is narrowly tailored to the scenarios in which you share non-public information with your employees, consultants, or business partners.  There may be some simple changes you can make in handling these agreements that will better protect your business assets.

 If you would like more information about keeping information confidential, please contact us at at info@ericmortonlaw.com or (760) 722-6582. 

Back to Top

 

                                                                                                    

privacy for mobiles appsMobile Phone and tablet

By Eric D. Morton

Mobile apps are increasingly popular.  More and more companies have mobile apps for their services.   Consumers and businesses are using their smart phones more frequently to access information and services.  However, the State of California and the Federal Trade Commission are taking actions to ensure the privacy of consumers. Businesses that have mobile apps face legal exposure if they don’t comply with new requirements for privacy policies.

The California Attorney General’s Office is enforcing the California Online Privacy Protection Act of 2003 (“CalOPPA”) against developers and owners of mobile apps.  CalOPPA requires any operator “of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California” to make a privacy policy readily available to those consumers.  Among other things, the privacy policy must identify the specific categories of personal information collected, as well as the third parties with whom such information may be shared.

 In December 2012, the State of California sued Delta Airlines.  The basis for the suit is Delta’s mobile app, Fly Delta, which allows a user to view and manage his or her flight, take pictures, and locate Delta services based on his or her location.  The state claims that Delta violated CalOPPA because its privacy policy, while available on the company’s website, is not accessible within the Fly Delta app and does not discuss how Delta uses the photographs and location data collected by the app.  If the Attorney General prevails, Delta could face fines of $2500 for each time the app has been downloaded.

The California Attorney General issued recommendations this year to the mobile app industry.  The recommendations include a number of changes to how apps collect and share personal information, including using non-persistent device identifiers, higher security measures, and “enhanced” means of notification, such as special pop-up windows, when certain information is collected.  A copy of those recommendations is available here.

 In March 2013, the Federal Trade Commission released a report with its recommendations for privacy policies for mobile apps.  The FTC recommended:

Just-in-Time Disclosures. These are disclosures that are made immediately before consumer information is accessed. The FTC would like platforms to ensure that apps provide these disclosures whenever they are about to access geo-location information, and other potentially sensitive consumer information such as photos, contacts and calendar entries, and that consumers affirmatively consent to the data collection after receiving the disclosure. Further, to ensure clarity, the Just-in-Time Disclosures should be made clear and understandable by use of language simple enough for any ordinary person to understand.

The report recommended that platforms provide users with a privacy dashboard, which would show users which apps have access to which data in one centralized location. This would provide consumers with the opportunity to occasionally revisit previous choices that they made and stay abreast of who is accessing what.

The FTC referenced the use of icons employed by some app developers that appear whenever an app is accessing a user's geo-location information. The Commission endorsed the use of icons in this manner and encouraged more of it.   

A copy of the report is here.

Businesses that have mobile apps should ensure that their apps comply with the state and Federal guidelines. 

For more information about mobile app privacy policies, please contact us at (760) 722-6582 or info@ericmortonlaw.com.