Customer data and trade secrets


Crystal Chen

Online job banks continue to play an important role in the employee recruitment market due to their convenience and the accelerated growth of the internet. A typical business model of a job bank is that it offers online space for job applicants to upload their resumes. It’s free, so the job bank can collect as many resumes as possible.

The job bank then edits the resumes according to its customer database requirements, publishes them, and subsequently provides access to its authorised members, usually recruiters or human resource managers. If these recruiters want to browse and review the customer database owned by the online job bank, they are required to pay user fees and a contract with the job bank will be necessary.

As a protective measure, the job bank will prohibit recruiters from providing its member accounts and passwords, and from disclosing customer data, to any unauthorised third party. Recruiters that violate the contract terms are liable for breach of contract. Let’s take a look at the liability of any unauthorised third party that obtains customer data from existing job bank members—in this case, recruiters.

In a judgment of the Taiwan Intellectual Property Court released in December 2014, the court opined that the customer data of a job bank should be deemed a trade secret. If customer data is misappropriated by a third party, it has infringed the trade secrets of the job bank and is criminally liable.

The facts in this judgment are summarised as follows. Recruitment firm A and job bank D signed a contract under which A agreed not to provide its member account and password to any third party. However, A provided its member account and password to the employees of company B and company C to publish recruitment messages on the job bank’s website. Since the available positions published by B and C did not seem to be the manpower A would need, job bank D investigated this matter and found that the contact information in the said recruitment messages belonged to the employees of B and C. Obviously B and C had accessed D’s customer data by means of A’s member account. Therefore D filed a lawsuit claiming trade secret misappropriation and infringement against A, B and C.

To constitute trade secret infringement, the appropriated information must be a trade secret and the information must be illegitimately acquired, disclosed or used. In this judgment, the court held that neither the existence of a legal relationship between the parties nor actual damages being incurred is a necessary factor for trade secret infringement. According to a judgment by the Supreme Court in 2008, the burden of proof upon the plaintiff can be lowered to balance the burden of proof borne by both parties, since it is not easy to acquire evidence of trade secret misappropriation.

"Job bank D did take reasonable methods to protect the secrecy of its customer data since only contracted members have access to its database."

Trade secrets as defined by the Trade Secrets Act shall fulfil the following three factors: “non-publicity”, “economic value”, and “secrecy.” In this judgment, the court held that recruiters must contract with job banks to acquire their own accounts and passwords in order to review the customer data, so that customers’ data is protected and is not freely available to the public.

The customers’ data has economic and commercial value since job banks must spend significant amounts of resources collecting and editing the customer data, as well as maintaining their database. The court also found that the job bank D did take reasonable methods to protect the secrecy of its customer data since only contracted members have access to its database. Therefore, the customers’ data in the job bank’s possession can be identified as trade secrets.

The court ruled that since A violated its contractual obligation by offering its member account information to B and C to facilitate B and C’s misappropriation of D’s trade secrets, A, B and C all infringed D’s trade secrets and are jointly liable to D.

This judgment is valuable because the court acknowledged that the customer data of a job bank must be regarded as trade secrets, and confirmed that an unauthorised third party has infringed the trade secrets of a job bank if it uses another person’s account and password to appropriate the customer data of the job bank. 

Crystal Chen is a partner at Tsai, Lee & Chen. She can be contacted at:  

Crystal Chen, Tsai, Lee & Chen, IP, trade secrets