Recently, the Second Circuit Court of Appeals provided its first detailed treatment of the definition of trade secrets under the Defend Trade Secrets Act of 2016 (‘DTSA’) in Turret Labs USA, Inc. v. CargoSprint, LLC, No. 21-952, 2022 WL 701161 (2d Cir. Mar. 9, 2022). By way of background, the DTSA is modeled upon the Uniform Trade Secrets Act (UTSA), which has a two-prong test for identifying trade secrets that has been adopted in 49 states. Turret Labs is particularly significant for New York courts because New York is the only state that has not adopted the UTSA trade secret definition. As a result, New York courts have scant precedential authority when called upon to define trade secrets under the DTSA and many resorted to New York common law for guidance. See Zirvi v. Flatley, 433 F. Supp. 3d 448, 464 (S.D.N.Y.), aff’d, 838 F. App’x 582 (2d Cir. 2020), cert. denied, 142 S. Ct. 311, 211 L. Ed. 2d 147 (2021) (“Courts in the Southern District of New York often use New York state law cases when discussing misappropriation claims under the DTSA because the Second Circuit Court of Appeals has not yet addressed the DTSA…”).
Turret Labs has two significant takeaways. The first is its interpretation of “what constitutes ‘reasonable measures’ to keep information secret” – such “reasonable measures” are required under the second prong of the DTSA’s trade secret definition. Turret Labs at *2. On that point, the court held that “what measures are ‘reasonable’ must depend in significant part on the nature of the trade secret at issue.” Id. That holding heralds a new era of scrutiny toward the nature of trade secrets when evaluating the measures taken to protect them. It is also telling that the cases cited by Turret Labs on this issue were all federal cases less than three years old – both emblematic of how rapidly this area of law is evolving and a subtle signal that courts in New York should wean themselves off state common law when addressing the DTSA. The second significant takeaway comes from how the court addressed the alleged trade secret which “consists primarily… of a computer software’s functionality… that is made apparent to all users of the program.” Id. While the Plaintiff had provided an “extensive list of security measures” which included “servers kept in monitored cages within a data center with restricted access” and “access to the software [being] limited to those with usernames and passwords,” such security measures were held to be irrelevant because end-users of the Plaintiff’s software could view and replicate the software’s functionality free of any non-disclosure agreement or confidentiality agreement. Id. The court affirmed the dismissal of the misappropriation of trade secrets claim and drove the lesson home: physical, digital, and legal protection forms the chain that gets you from confidential information to trade secret, and a chain is only as strong as its weakest link.