Highlights:
- Rippling files a federal complaint against Deel, accusing a Global Payroll Compliance Manager of covertly accessing internal systems and leaking confidential data.
- Rippling identifies unauthorized searches across Slack and Salesforce, leveraging digital logs, screenshots, and a honeypot trap to collect evidence of alleged espionage.
- As Deel denies wrongdoing and prepares counterclaims, the case amplifies the legal stakes for companies navigating trade secret protection amid evolving restrictions on NDAs and non-competes.
Corporate espionage. A sting operation. An international CEO who disappears before someone serves him. This may sound like the plot of a James Bond movie, but these are actual allegations from the unfolding legal saga between human resources (HR) software provider Rippling and its competitor, Deel Inc. For HR leaders and corporate stakeholders following the story, there are lessons to be learned. Below are key takeaways regarding protecting confidential corporate information in the workplace.
Deel's Alleged Misconduct
On March 17, 2025, Rippling filed a complaint in California federal court against Deel Inc., alleging that its Global Payroll Compliance Manager was serving as a "spy" to its direct competitor, Deel. According to the filing, the employee wrongfully used his access to Rippling's internal systems, including Slack and Salesforce, to repeatedly search for internal mentions of Deel, sharing highly confidential and proprietary information and trade secrets with the competitor. At this time, Deel has denied all allegations and has stated its intention to assert counterclaims.
Trade Secret Security Measures
Regardless of whether these allegations are factual, this
dispute is a great case study on the company's measures to
protect its trade secrets, demonstrating both standard courses of
action and surprising extremes.
Rippling's complaint identifies that it had several standard
security measures to protect its proprietary information when the
spying allegedly occurred. The company required employees to sign a
detailed non-disclosure agreement, employee handbook, and code of
conduct detailing the restrictive use of confidential information.
Rippling also utilized password protection and authentication
software to protect access levels. In addition, the company
maintained detailed logs of employee activities within its internal
servers, an extremely wise practice as these activities have now
been compiled (via screenshots and graphs) to provide the courts
with direct evidence of the alleged corporate espionage. The
availability of this data demonstrates the high level of detail
that a modern HR company like Rippling has at its fingertips when
investigating employee activity within its systems.
The measures taken by Rippling to catch the corporate spy are more
unusual, with the company acknowledging it used a sting-like
operation known as a "honeypot" trap. To spring the trap,
Rippling claims that it created a new, unused Slack channel on its
systems and later referenced the Slack channel by name in a letter
privately sent to Deel's senior leadership by Rippling's
General Counsel. Subsequently, within hours of sending the letter,
the alleged spy within Rippling's ranks searched Rippling's
Slack software for this same channel by name, which Rippling
provides as proof of the misconduct.
It is not every day that a company goes to such extremes. Rippling
even claims that when a court-appointed solicitor confronted this
alleged spy, the employee locked himself in a bathroom to hide from
the solicitor and fled the premises. The events sound more like an
action film than a typical workday occurrence. Still, they showcase
the value of proprietary information and how a company's
systems and security measures can help combat such theft.
Legal Challenges in Trade Secret Enforcement
The allegations against Deel have undoubtedly raised concerns
regarding the vulnerability of trade secrets across all industries.
Corporate espionage is not an everyday occurrence; therefore,
standard protective measures are usually sufficient - they
certainly helped in this case. However, protective measures should
always be taken thoughtfully and in consultation with experienced
legal counsel to ensure effectiveness and enforceability.
Nearly every state has adopted the Uniform Trade Secrets Act (UTSA)
in some fashion, which determines the degree to which a company
possesses trade secrets. The USTA requires businesses to make
reasonable efforts to ensure that their trade secrets are not
disclosed to third parties. If the company fails to do so, the
information may no longer be legally recognized as a trade secret,
resulting in the loss of the company's legal rights to own and
protect that information.
These "reasonable efforts," as demonstrated by Rippling,
include requiring employees to sign a contract, such as a
Confidentiality Agreement, an Invention Assignment Agreement,
and/or a Non-disclosure Agreement, that clearly defines the
company's trade secret information and prohibits disclosure
without explicit authorization. Employees may also be asked to
formally acknowledge employer policies, such as a code of conduct
and prohibition on conflict of interest, which are often found in
an employee handbook. As an additional step, employers may also be
required to use authentication software to limit access to
confidential information and monitoring software to scan for
unusual activity, as allegedly seen in the Rippling case.
While these measures may appear straightforward, employee-initiated
lawsuits and evolving legislation, such as the Federal Trade
Commission or FTC's 2024 rule banning non-compete agreements
(which now has an uncertain fate due to a challenge in federal court),
continue to present legal challenges for businesses. For example,
California prohibits employees from entering into non-competes or
non-solicitation provisions, barring minimal exceptions. In 2024,
all preexisting agreements with such prohibited provisions were
voided, and employers were required to notify employees of such
(See, e.g., Cal Bus & Prof Code Section 16600, 16600.1, and 16600.5). The state has also
created a civil right of action allowing employees to sue employers
who attempt to enforce an invalid non-compete agreement. To get
around this, employers may incorporate excessively restrictive
confidentiality provisions into employment agreements. However,
they must exercise caution in doing so, as clauses construed to
"operate as a de facto non-compete provision" are legally
unenforceable if they bar the employee from continuing to work in
their chosen profession.
Walking the tightrope between protecting your business's trade
secrets as required by the UTSA while simultaneously complying with
state and federal employment laws is challenging for any business.
Determining the right approach requires careful consideration of a
company's needs and risk tolerance, as well as consultation
with knowledgeable counsel. Headline-making cases like Rippling
v. Deel, Inc., where corporate leaders can witness these
issues play out in extremes, present an excellent opportunity for
leadership to evaluate their current strategies and readiness to
protect and defend the proprietary interests that businesses rely
on.
Originally published by HR.com.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
