For the good of the credit union movement, many cooperatives saythey collaborate and cooperate with other credit unions.

But it's a far different story for credit unions that arecompetitors in a crowded metropolitan market such as Tampa, Fla.The midsize city with a population of about 377,000 has nearly 50local and out-of-state commercial banks, eight out-of-town creditunions and a dozen credit unions that are headquartered there.

Competitive pressures have apparently forced a fierce riftbetween $2.3 billion Grow Financial Federal Credit Union and the$1.8 billion GTE Federal Credit Union, which is playing out in afederal lawsuit that involves serious accusations of unauthorizedaccess to confidential and proprietary information and disclosuresof trade secrets. What's more, legal experts, who weighed in onthis case after reviewing its court filings, say all too oftenbusinesses don't do enough to protect their confidentialinformation and offered their insights on what credit unions shoulddo to protect themselves.

In a lawsuit filed in May in U.S. District Court in Tampa, Growis accusing a former credit union employee of jumping ship to a newjob with GTE who allegedly took with her reams of confidentialfiles, proprietary reports and trade secrets, which includedpersonal information of Grow's members. What's more, Grow alsoalleges these documents were taken unlawfully at the request of aGTE employee who used to work for Grow.

Although GTE admitted some documents were taken by the formerGrow employee, none of them contained proprietary or any personalmember information. In addition, GTE contends that the informationthe former Grow employees disclosed was part of the normalinformation sharing practices utilized by Grow, GTE and othercredit unions in the area. The story that led tothis lawsuit begins on Aug. 23, 2016 when James Esner, GTE'sassistant vice president of indirect lending, contacted EricaPierson Holliday. She was working as Grow's underwriting supervisorand was responsible for supervising employees whose day-to-dayduties were to approve or deny consumer loan applications based ona members' credit profile and the credit union's lendingparameters.

Esner asked her to search Grow's secure computer system and tosend him the credit union's customized lending strategy materialsand its internal procedures and processes for loanapplications.

Holliday, who worked from her home, allegedly emailed a copy ofthose documents to her personal email addresses and then forwardedthem to Esner.

Before joining GTE in April 2016, Esner served as Grow'sunderwriting manager from 2011 to March 2016. During that time,Holliday reported directly to Esner. He was not named as adefendant in this lawsuit.

About a week after contacting Holliday, Esner asked her to sendhim Grow's dealer scorecard, a document that enables credit unionsto assess the performance of auto dealers they work with. Again,Holliday allegedly sent the dealer scorecard to her personal emailand then forwarded it to Esner.

“The documents Pierson (Holliday) provided to GTE containedconfidential and proprietary information including PII (personalidentifiable information) materials customized for Grow Financial,market research and other documents and/or information that maycompromise the security of credit union members' identity, thesecurity of the credit union's technology and information system ordetract from its competitive advantage or reputation as a leader inthe marketplace,” David Brafman, a West Palm Beach lawyer for GrowFinancial, wrote in the civil lawsuit.

Brafman also alleged that Holliday used her personal email toconceal that she was sending the documents to Esner. On Sept. 20, Holliday submitted her two-weeknotice that she was leaving the credit union. But she didn't sayanything about landing a new job at GTE, according to Brafman.

But in the days leading up to Sept. 20 and through Oct. 7, herlast day on the job at Grow, Holliday emailed from her credit unionemail to her personal email dozens of reports and otherdocuments.

Brafman alleged the documents contained Grow's confidential orproprietary information, which included personal information ofGrow members, joint owners, beneficiaries and co-borrowers;historical loan ratio and performance reports; bankruptcy reports;collection files; indirect lending production mortgage and realestate owned members; loan application volume data; loan productiondata; employee coaching guides and charge-off statistics.

Grow accused GTE and Holliday of violating federal and statecomputer fraud, abuse and data recovery laws, state and federallaws that protect trade secrets and other violations such asconversion of documents and unfair competition.

Richard Salazar, a Tampa lawyer who is representing GTE, asked ajudge to dismiss four of the nine alleged violations claimed byGrow. However, G. Wrede Kirkpatrick, a Tampa attorney, who isrepresenting Holliday, asked a federal judge to toss the entirelawsuit because it does not meet the legal standards of providingfactual allegations and that federal rules “demand more than an“unadorned, the defendant-unlawfully-harmed-me accusation.”

Christopher Hohn, a lawyer at Silicon Valley law firm Hopkins& Carley, who focuses on complex commercial and intellectualproperty litigation, said Grow's trade secret claims depend onproving that the misappropriated documents and other materials aretrade secrets.

“To qualify as a trade secret, the information must be [amongother things] both secret and subject to reasonable efforts tomaintain its secrecy,” he said. “Having employees signconfidentiality or non-disclosure agreements at the outset of theiremployment is a common precaution to help protect trade secrets andother sensitive information, but it is not the only way to do so.” For example, Grow may be able to show that ittook reasonable measures to maintain the secrecy of themisappropriated data by including confidentiality provisions inother agreements with its employees and used technical means tolimit access to the data to only those employees who really need itfor legitimate business reasons. The credit union also may be ableto show that it made clear what data it considers to be a tradesecret and regularly trained its employees on the importance ofprotecting trade secrets, and the legal consequences ofmisappropriation.

While Holliday's lawyer said that she did not sign any specificnon-disclosure or confidentiality agreements, which are standarddocuments for ensuring the protection of trade secrets, she didsign a telecommuting agreement with Grow that required Holliday tomaintain the security, condition and confidentiality of the creditunion's documents, information, data and files.

“Unfortunately, it's always better to be overcautious and haveemployees sign a separate document for each major requirement, orto have one that at least breaks each thing out very specifically,”Anne P. Mitchell, an Internet Law and policy attorney in Boulder,Colo., explained. “That said, if I were the judge in this case, Iwould not let someone who signed that telecommuting agreement, withthat language, off the hook just because there was not a separateNDA or trade secret agreement. Regardless of what standard practicemay be, assuming the language is accurate, what she signed ispretty clear.” Additionally, even though telecommuting is more common today, employeeswho work from home who are handling confidential information shouldnever be allowed to easily take that information off the creditunion servers.

“And it should be encrypted with a system that can only bedecrypted on company-owned devices, which renders it useless toanyone who doesn't have an encryption key,” Mitchell said.

In his experience, Hohn has seen that businesses often neglect to take appropriateactions to protect their trade secrets and other confidentialinformation that can be valuable to their business growth.

While it is important to invest in good confidentiality andemployment agreements, it is also a good idea to identify allvaluable trade secrets, label them as such and ensure that onlyemployees who need this information have access to it, and thatthey understand how to handle this information appropriately.

“You might also consider investing in software tools to prevent ormonitor the copying or transfer of your trade secrets and othersensitive data,” Hohn said. “Imagine if technical limitations inGrow Financial's computer systems blocked the accused employee fromcopying the sensitive data, or notified her supervisor when thetransfer occurred. Grow Financial could have put an end to thealleged misconduct before much of the alleged harm was done.”