Customer lists are often among a company's most valuable assets, especially in the era of digital marketing and online purchasing. If you advertise on social media, sell products on a mass scale online, or even run a small internet-based business, tracking information about the purchasers of your products or services can translate into real dollars for your company. Guarding that information is critical to the success of your business—theft of trade secrets amounts to the loss of hundreds of millions of dollars each year in the United States alone. Protecting customer lists as trade secrets, though, can be challenging. Until recently, if a company wanted to sue for theft or other misappropriation of its customer lists, state court was the sole avenue for litigation (unless the company had another claim under federal law or could establish diversity jurisdiction). Because each state has its own trade secret statutes, with different definitions of trade secrets and standards for misappropriation, the outcome of litigation could vary significantly from state to state. But now, such disparity in results may be coming to an end, as federal courts begin to evaluate trade secret misappropriation cases under a new federal statute.

Federal Protection Under the Defend Trade Secrets Act

The federal government took a major step toward uniformity in trade secret protection in May 2016, when President Barack Obama signed into law the Defend Trade Secrets Act of 2016 (DTSA). The DTSA gives private parties a federal cause of action for trade secret misappropriation, regardless of the amount in controversy, in an attempt to provide uniformity across state laws. The DTSA supplements state law remedies, rather than pre-empting or eliminating them. The statute also provides a uniform definition of trade secrets and a uniform standard of misappropriation, and it expedites the litigation process by allowing for nationwide service of process and execution of judgments. Ultimately, the DTSA is a powerful tool for American companies with a national reach to protect and enforce their intellectual property rights. Although the DTSA does not explicitly include customer lists in its definition of a trade secret, the definition is quite broad. It covers a wide range of proprietary information, including any valuable business information for which a party takes reasonable measures to maintain secrecy. Congress also explicitly named customer lists as an example of trade secrets in the legislative history accompanying the statute. Customer lists therefore constitute trade secrets under the DTSA. Under the DTSA, a company whose customer lists are misused is entitled to equitable relief, actual damages, punitive damages, and attorney fees.

How to Ensure DTSA Protection for Customer Lists?

A company must do more than just guard the secrecy of a list of customer names to ensure that it is entitled to protection as a trade secret under the DTSA. Under the statute, a trade secret must derive economic value from not being generally known to the public, so customer lists must contain more than just publicly available data—even if that data took time and effort to compile. The lists must include additional information, such as customer preferences, or somehow represent the company’s work in creating a market for a new service or product. With respect to customer lists, courts often use the “five-column” rule of thumb: if the customer list contains fewer than five categories of information about each customer, it may not be detailed enough to warrant protection under trade secret laws. Such columns might include, in addition to names and contact information, the following kinds of data about customers:

• Credit history.

• Purchasing habits and history.

• Sales volumes.

• Pricing data.

• Product preferences.

• Demographics (age group, gender, geographic region, etc.).

• Communication preferences (email, text, phone, etc.).

Protecting Your Customer Lists

While the DTSA gives you more options for litigation, prevailing in a lawsuit requires that you can prove your customer lists constituted trade secrets. Protecting information that your company has taken time and effort to create requires planning and diligence. Consider taking the following steps to protect your information, both for the company’s own business practices and to prepare for the strongest legal claims possible:

• If your customer lists are stored on a server, allow access only on a “need to know” basis, and protect files with passwords.

• Ensure that all employees sign a written nondisclosure agreement covering employment with your company and obligations after employment.

• Require third parties who need access to the customer list (vendors, clients, etc.) to sign the nondisclosure agreement.

• Ensure that all employees sign a noncompete agreement so that they cannot use information obtained from your customer lists after they leave your employment. Consult state and local laws to ensure that your noncompete agreement includes geographic and temporal terms that courts will consider reasonable.

• Have a general policy, available in your employee handbook/your company’s intranet/a communal space, defining what the company considers to be trade secrets and in what situations the information may be used.

Emily Newhouse is a commercial litigator in the Chicago office of Arnold & Porter Kaye Scholer. She has brought and defended trade secret misappropriation claims in state and federal court on behalf of her clients.