As executive vice president, corporate and general counsel for TransCanada Pipeline Ltd. in Calgary, Sean McMaster is charged also with overseeing the company’s security strategies. It’s not a routine responsibility for an in-house lawyer, but in an industry as highly regulated as the transfer of fuel via pipeline, the purview of his role makes sense.
Working closely with TransCanada’s director of corporate security Glenn Reierson, McMaster must ensure security is tantamount. One of the company’s key focuses is protection for executives who travel carrying with them valuable information that can be subject to theft.
“It’s not something that would normally be on the corporate counsel side of things but I also am responsible for the security end of things at TransCanada,” McMaster says.
“It’s more important these days than it has been in the past, but more so from a security and protection perspective than pure espionage, so we do pay attention to it.”
Although TransCanada has not experienced an incident in which confidential information has been compromised, Reierson acknowledges the threat is omnipresent.
Laptops, BlackBerrys, memory stick devices that hold volumes of data are toted along by executives to far-flung reaches of the world. “I’ll do specific briefings for [executives], when they travel, about some of the risks, and corporate espionage is certainly part of that, because when you travel internationally there are things that come up,” says Reierson, who has experience working in South America and Russia, where, he says, even the government will place listening devices in hotel rooms to monitor business transactions.
“We take a very much proactive approach,” he says.
With the proliferation of electronic information coupled with a highly competitive global economy, opportunities for the theft of data are rife. Oftentimes a breach is difficult to detect and easier to execute.
Multinational giants such as Coca-Cola, Wal-Mart, and Dell have fallen victim to corporate espionage, resulting in protracted and much publicized litigation. Here at home, notable cases include a lawsuit by Air Canada against WestJet Airlines Ltd. and an action launched by Murphy Oil Company Ltd. against a small U.S.-based contractor that suddenly began purchasing land in the vicinity of a significant oil and gas reserve.
Corporate Canada is thus taking note at where corporate intelligence-gathering crosses into to the realm of espionage.
Earl Cherniak, a partner at Lerners LLP, represented Air Canada in its suit against WestJet. Speaking in general terms about the topic, he affirms there should be no grey area between corporate intelligence-gathering to glean an edge in the market and outright espionage. “It’s not a fuzzy line. There’s what’s legal and what’s not legal,” he says. “To get an employee to pass along the secret recipe for Coke, that’s not market research.”
Yet employees of all rank and file are perhaps the most likely candidates to pilfer data, says Cherniak. It was an employee at Coca-Cola who stood trial in 2006 on charges she stole trade secrets from the company — secrets she’d hoped to sell to PepsiCo. In the case of Air Canada, it was a former employee who’d facilitated regular access to the airline’s database by a WestJet executive.
Accordingly, Cherniak says it is imperative for in-house counsel to exercise diligence to protect the company, particularly when employees leave. “Once an employee becomes an ex-employee, you’ve got to ensure that under no circumstances — unless they’re a very trusted person, but you never know — they have access to information. They’ve got to be cut off.”
That means everything from access cards to laptops to BlackBerrys have to be confiscated from a departing employee at the earliest opportunity, he says. To effectively implement such measures, counsel should work closely with the IT department.
Contractual provisions at the outset of an employee’s hiring should also be standard fare at the workplace.
“In employee contracts, especially for employees who have access to sensitive information, it would be a good thing to have clauses of confidentiality both during the employment and in the event of termination,” Cherniak says. “Not every company thinks of that, but you then have a contractual obligation to maintain confidence during and after employment.”
Companies also should regularly monitor the usage and access of their electronic information, he says.
During the breach at Air Canada, court documents show its internal web site was tapped into nearly 250,000 times inside of one year; an astounding 4,973 times in a single day.
So most importantly, says Cherniak, once an anomaly is detected, counsel and their companies must enact a swift response. “The first thing you need to do is get your ducks in a row before you do anything public,” he cautions. Top of the list is to deploy a good investigator, whether in-house or contracted, who knows what evidence a court will require to pinpoint the culprit, and who can obtain an Anton Piller order to exercise a search for evidence that could be used in a trial.
But not all cases of corporate espionage are exacted in the spirit of malcontent or competition. Take the case of Murphy Oil Company Ltd. v. Predator Corporation Ltd. Murphy Oil and two partner companies had invested millions in the exploration and testing of British Columbia’s Ladyfern field to find one of the largest-yielding sources of oil and gas in Western Canada. Before its findings were made public, a small company, Predator, appeared on the radar bidding on parcels of Crown land that bordered the Ladyfern field.
The oil giant hired an investigator to find out why such an insignificant player in the industry was suddenly willing to pay tens of millions of dollars for nearby lands. Something had to be amiss.
Indeed there was. Through interviews by the investigator, it was discovered an engineer, who was contracted to conduct the pressure-data testing that disclosed the magnitude of the underlying reserves, was a buddy of an engineer at Predator; through a bit of prodding, the engineer had turned over the test results.
Murphy Oil successfully sued based on the argument that Predator had acquired the information based on the misuse of confidential data.
“You spend quite a bit of money to acquire these pressure tests,” says Jack Marshall, partner at Macleod Dixon LLP in Calgary, who represented Murphy Oil. “An investigator was brought in to find out how was it that an unknown company all of a sudden bids unprecedented amounts of money to acquire the acreage offsetting the discovery well.
“In this case, it’s akin to my phoning up your bank and saying, 'You know, she’s a friend of mine. We had lunch the other day, so why don’t you give me some of her money?'”
In her reasons for judgment, Justice R.E. Nation acknowledges the energy industry is “highly competitive” with much financial risk. In her judgement, she affirms, “Any use of the information against the owners’ interest is wrongful.”
Says Marshall: “I guess the lesson is you’ve got to make sure everybody understands this is confidential,” adding that, for the most part, professionals involved in oil-patch exploration know the sensitive nature of results.
The possible perils of falling victim to espionage or aggressive competitive intelligence can increase measurably in an outsourced division of a corporation.
“From the perspective of offshore outsourcing, it’s a much bigger risk because the personnel in those countries, their standard of living is much lower than ours, and they may be able to gain much more by disclosing and breaching contracts and not suffer the same repercussions as they would here,” says Lisa Abe, a partner at Fasken Martineau DuMoulin LLP in Toronto.
“That’s why it’s also important to investigate the culture of the country. In some countries, the culture of respecting a contract may not be as important,” says Abe. Corporate counsel become instrumental in deciding the outsource location to ensure the country’s laws are respectful of contract obligations “and the enforcement is possible and convenient because, otherwise, if it doesn’t have any teeth, it’s useless.”
She notes that trade secrets aren’t limited to executive-level innovators or always subject to protections under IP laws; rather, they can be as ubiquitous as the residual knowledge of everyday employees.
“It’s very important they have in place confidentiality agreements with the outsource service provider. Especially those that have subcontractors; we have to make sure it flows right down the chain,” she says.
“Corporate counsel has to watch out for how confidential information is defined and what the exclusions for disclosure are,” such as general knowledge at the workplace, she says.
She also says the survival terms of a confidentiality agreement should be indefinite and exclusivity is often included in a contract to protect proprietary information from possible competitors retaining the same outsourcer. Contracts can also include security controls and audits of the books and procedures at the outsource provider, and require specific background checks on employees who are hired to work amidst the division, says Abe.
“Then, on top of that, just to make sure the outsource service provider indeed has all these in place, you should have some indemnities so if there is a breach or a failure, they will indemnify the customer for damages that are suffered,” she says.
“And when you’re drafting indemnities, as a customer you want to make sure that you get covered for the loss of profits or reputation that could cost severe damage.” IH