In the dynamic landscape of business, where consumer preferences and market trends constantly evolve, customer lists can be a cornerstone of a successful business strategy. When a customer list falls into the wrong hands, the impact can be devastating. Is a customer list a trade secret in Connecticut? How can businesses protect their customer lists from misuse by current employees, past employees, or others?
Connecticut has adopted the model Uniform Trade Secrets Act with slight alterations. The Connecticut Uniform Trade Secrets Act (CUTSA) includes an expanded definition of “trade secret” that provides for “customer lists” in certain circumstances.
The CUTSA supersedes any Connecticut law regarding trade secret misappropriation. The CUTSA, however, does not affect contractual remedies or other civil liability based on trade secret misappropriation; criminal liability for trade secret misappropriation; or the duty of a person, state, or municipal agency to disclose information (e.g., under the Connecticut Freedom of Information Act).
Courts treat the question of whether a customer list is a protected trade secret as a fact-intensive inquiry. There is no simple legal rule to apply, meaning that it is possible for a business to find itself lacking the protection it anticipated.
Courts applying Connecticut law have held that a customer list may be entitled to trade secret protection when:
- The customer list was developed from years of business effort, advertising, time, and money.
- Customers’ names cannot be readily learned through ordinary business channels or reference resources.
- The individual received the list from the employer in confidence.
On the other hand, courts have denied trade secret protection to customer lists when:
- The list includes only names and addresses of customers, and the information is readily ascertainable.
- The employer does not attempt to hide the customer list from persons not authorized to view it.
- No special relationship of trust and confidentiality exists between the employer and the individual with the list.
Protecting Customer Lists
To gain legal protection for your customer list, it would be prudent to consider the following strategies:
- Don’t allow the information in your customer list to be easily ascertainable. Include in the customer list more than mere contact information. For example, incorporate types of services provided, notes from client meetings and phone calls, individualized needs or preferences, or specific individuals with purchasing authority.
- Make a concerted effort to gather customer information beyond routine information gathering.
- Document the specific marketing strategies and costs associated with creating the client list.
- Inform all employees that the customer list and related information is highly confidential. Ensure that only the employees requiring the information to perform their functions can access it, and impose security, such as password protection. Include this in the employee manual information in employee manuals. Consistently monitor compliance and take corrective action for non-compliance.
- Require employees to sign a confidentiality agreement providing broader protection than trade secret laws. Unless the employee has a right to disclose certain information by law (e.g., a right to discuss safety concerns), a confidentiality agreement can create a contractual commitment to keep sensitive information confidential, even if that information does not possess trade secret status. An important benefit of a confidentiality agreement is that it provides a remedy after employment ends since it is no longer useful at that stage to have termination of employment as an enforcement tool. Employers generally must offer some consideration in connection with such an agreement if it is not entered into at the time of hire.
- Require vendors and consultants to sign a confidentiality agreement protecting customer lists.
Customer lists may or may not be classified as trade secrets, depending on the circumstances, but employers can still take steps to protect their confidential information. A strong preventive strategy can deter misappropriation of this information and provide legal remedies if needed.