Business Defamation/Trade Secrets

Someone asked me an interesting question about a customer contact/relationship database. With customer relations management (CRM) being touted as so important for businesses of all sorts, could there be action against a company for content of its CRM database?

While CRM might contain or be a trade secret of a company, any content from its clients ought not be trade secrets of any sort. (More on why only "ought not" in a moment).

Could the company be liable for defamation? Only if the information contained in the CRM database satisfies the following elements: a defamatory communication; made with malice; publication of the communication; and damages. See Schrader v. Eli Lilly & Co., 639 N.E.2d 258, 261 (Ind. 1994). A more recent cases having interest here are May v. Frauhiger (WP format) from 1999 and Dietz v. Finlay Fine Jewelry Corp. (html format) from 2001.

In general, if the company keeps information in its CRM database private there is no liability for the company even if the information is false.

I see a couple of interesting trade secret scenarios. First, if an employee leaks the content of a
CRM database does not seem likely to be a defamation case against the company but might give the company's clients a cause of action against the employee. My second scenario involves a client giving trade secrets to the company under a non-disclosure agreement and this information goes into the CRM database (or any other database) and that gets leaked to the world - there I see a free-for-all of litigation.