Assist a client with evaluating and information security program and whether a firm was entitled to trade secret protection based on reasonable security measures.
Our client was the defendant in an ITC Theft of Trade Secrets matter. The plaintiff alleged that they had taken critical documents from a secure and protected environment. Among other things, our client did not believe that the information qualified as a trade secret.
iDS was tasked with:
Evaluating plaintiff’s cybersecurity policies and practices at the time of the alleged theft
Evaluating the overall state of the Information Security Program (“ISP”) and employee training practices
Comparing and contrasting the ISP with industry standards such as ISO 27001 and NIST
Using a team of experts evaluate the security measures in place versus industry standards. Compose an expert report describing our conclusions.
iDS was selected for this engagement because we have deep experience in both critical dimensions – ISP program design and implementation as well as expert witness testimony specifically related to cybersecurity.
A project plan was drawn up which included:
Assisting counsel with their deposition preparation for plaintiff’s cybersecurity experts
Developing an expert report that compared and contrasted plaintiff’s practices with industry standards
Determining whether the ISP meant that the plaintiff had taken reasonable measures to protect their intellectual property
Plaintiff systems, policies and practices were inspected. An expert report was provided. Ultimately a deposition was given.
iDS’ conclusions in both the report and deposition resulted in plaintiffs dropping one expert for trial and the other conceded real issues with the security measures
One of the plaintiff’s cybersecurity experts was withdrawn prior to trial. Although the matter was adjudicated against our client based on spoliation, even the remaining opposing expert conceded that plaintiff had failed to reasonably protect much of what had been claimed as a trade secret.