Practice Spotlight: Who Knows Your Trade Secrets?

March 2015

By: Craig R Smith and William Seymour

Ask any business owner or executive if they have trade secrets and they will invariably and emphatically say yes.  But ask those same decision-makers what those trade secrets actually are and what policies they have in place for their protection, and you are likely to get a more nuanced response.  The truth is that many businesses do not spend enough time identifying their trade secrets and implementing security policies to protect them.  Unfortunately, this informal approach to trade secret protection can have adverse consequences if your business ever needs to assert its trade secrets in a court of law.   Those who fail to enact sound procedures for identifying and protecting trade secrets on an ongoing basis may find it difficult to enforce them.  The good news is that you can set your business up for success by implementing a few best practices to systematically identify and protect your trade secrets.

Trade secrets are created and defined by the procedures your company implements to protect them.  Generally, a trade secret is any information that: 1) has economic value, 2) is not generally known or readily ascertainable by proper means, and 3) is the subject of reasonable efforts to maintain secrecy.  While Congress has been debating the passage of a federal trade secret law (titled the “Defend Trade Secrets Act”), trade secret law is currently governed by state laws.  Some states have their own particular definition of trade secrets, but they all generally incorporate these three basic requirements.  The classic example of a trade secret is the recipe for Coca-Cola, but even seemingly mundane pieces of information can qualify for trade secret protection if properly treated.  For example, customer lists, vendor lists, and internal pricing information may qualify for trade secret protection if handled properly.  So long as the information has value, is not generally known, and is the subject of reasonable efforts to maintain its secrecy, it may be claimed as a trade secret.

Businesses must act deliberately to identify their own trade secrets and set up appropriate procedures for their protection.  A surprising number of trade secret cases fail from the beginning because the plaintiff cannot adequately identify their own trade secrets.  In addition, trade secret cases have been lost because the plaintiff failed to control access to their trade secrets, such as limiting internal access to employees with a need to know and password-protecting the right files on their office network.  These common mistakes occur when businesses only start thinking about their potential trade secrets after they have been misappropriated rather than beforemisappropriation takes place.

Below are best practices that businesses with trade secrets should consider implementing.  While there are numerous steps one could take in an effort to preserve their trade secrets, these four guidelines are an effective starting point for identifying and protecting your trade secrets.

Best Practice No. 1 – Identify Your Trade Secrets and Routinely Update Your List of Trade Secrets

Surprisingly few businesses take the time to compile a list of their trade secrets on a regular basis.  But the value of periodically reviewing and identifying your company’s valuable, non-public information cannot be understated.  Internal trade secret reviews should be setup according to the needs and natural cycles of your business.  For example, designers and manufacturers should consider conducting a trade secret review so as to coincide with their usual production cycles – i.e. two or three months prior to each product release.  Service providers who may not have natural business cycles can review their company information at regular, established intervals.  Trade secret reviews may be conducted on a company-wide basis, but will usually be more effective if conducted by individual departments, whose personnel may be closer to the day-to-day information being produced by that part of the business.  Trade secret reviews may also be conducted as part of the development process for any new product, software application, or service.  Regardless of how your company chooses to implement its own trade secret review, the reviews should be set up to occur on a recurring basis.

The object of an internal trade secret review should be to identify and articulate particular pieces of information that might qualify as a trade secret, according to the three-part definition set forth above.  Developing and maintaining a catalogue of the company’s valuable, secret information will help executives understand the scope of the business’s research and development and will help key employees understand the scope of their confidentiality obligations.  Do not limit your focus to just the fundamental trade secrets upon which your company is built, but broadly consider any information that brings value to your company and is not generally known by the public or your competitors.  If you would not want your employees carrying this information to their next job, consider adding it to the list.

Ideally, your company should maintain a master list of trade secrets that is refined and supplemented during your periodic trade secret reviews.  The list should not be so detailed that one could read it and understand the substance of each trade secret.  Rather, the list should identify the subject matter of the trade secret, generally.  For example, rather than including the complete source code for “Product X,” the list should simply identify “the source code for Product X” as one of your trade secrets.  Remember, your trade secret list should identify your trade secrets, but does not necessarily need to embody your trade secrets.

Best Practice No. 2 – Prepare a Trade Secret Protection Plan

Once you identify your trade secrets, the process of setting up reasonable protections becomes much easier.  The types of trade secrets identified will help dictate the protections that should be put in place.  The protections for trade secrets do not need to be overly elaborate, expensive, or time consuming.  Your efforts to protect your trade secrets only need to be “reasonable under the circumstances,” and as the owner of the trade secrets, you are in the best position to determine what is reasonable.  There is no one-size–fits-all strategy becasue different trade secrets require different levels of protection, given their value, importance, and level of difficulty to reverse engineer.

When assessing the “reasonableness” of your internal security procedures, in the context of the particular trade secrets, consider the following questions:

  • Who has access to the information?
  • Where is the information stored (both digitally and physically) and how is it protected in that location?
  • Is the information accessed or shared within the company on a need-to-know basis?
  • Is the information identified as being confidential or proprietary?
  • Are employees required to sign confidentiality or non-disclosure agreements before being given access to the information?
  • Is the information shared or known outside of the business, and is the information protected by confidentiality agreements?

While none of the above factors necessarily predominates the analysis of a trade secret protection plan, a good starting point is to determine which employees should be allowed access to a particular trade secret.  This determination will often drive the remaining security considerations, including where to store the information and how to protect it.  For highly sensitive trade secrets, access may be granted on an individual basis, whereas less sensitive information may be shared with groups of employees, or employees with a particular job title or seniority.

Ideally, businesses should memorialize the security steps for their trade secrets.  For example, documentation could take the form of a memo to the employees who are granted access to a given trade secret.  In addition, appropriate guidelines can be memorialized in an employee handbook or similar company-wide document.

Best Practice No. 3 – Enact Consistent Polices With Respect to Trade Secrets and Other Forms of Intellectual Property

Businesses should carefully segregate their trade secrets from other intellectual property, including inventions that the company wants to patent.  Both forms of intellectual property afford different types of protection and come with very different risks and rewards.  First, it is important to understand that patent applications are usually published 18 months after filing, and the publication of a patent application destroys any potential trade secrets disclosed in the application.  As a result, patent applications must be carefully reviewed to avoid disclosing trade secrets of the company.

Second, a patent grants the inventor or owner a monopoly for 20 years from the date the patent application was filed.  Trade secrets, on the other hand, are not subject to any time limit, provided that they remain valuable, not generally known, and the subject of reasonable efforts to maintain secrecy.  Thus, trade secrets may continue to be business asset for many years.

Businesses should evaluate new information on a case-by-case basis to determine which form of protection would be best.  For example, if the information is difficult to reverse-engineer and would have a commercial life span beyond 20 years, trade secrets may be the better choice.  If, on the other hand, the information is inherently discoverable or would likely be obsolete in 20 years, patent protection may be the better choice.

Best Practice No. 4 – Draft Effective Non-Disclosure and Confidentiality Agreements

Most savvy business owners and executives know that non-disclosure agreements are essential for employees, consultants, and potential business partners before any confidential information can be disclosed.  But, like any contract, the value of a non-disclosure agreement depends on how it is drafted and what terms are included in the agreement.

One of the challenging parts of drafting an effective non-disclosure agreement is deciding how to define your trade secrets and confidential information.  On the one hand, a broad definition of trade secrets may afford the business protection for a vast array of information.  On the other hand, some courts disfavor a broad agreement that does not give employees meaningful notice as to what the business is actually claiming as a secret.  Moreover, an overly broad non-disclosure agreement cannot make secret that which is not secret.  Therefore, businesses should carefully consider how to classify the information they intend to claim as a trade secret.

If the business maintains a master list of trade secrets (as suggested above), consider including the relevant part of it in confidentiality agreements and employment agreements.  The person signing the agreement would have to review the list, as part of the agreement, and agree that everything on the list is in fact a trade secret.  The agreement can also require the employee to follow the specific trade secret protection plan implemented by the company.


The value of trade secrets depends on the effort and thought one puts into identifying, managing, and protecting them.  Developing valuable ideas and information is only half the battle.  A robust trade secret plan is an essential part of any sophisticated business, and well worth the time and effort to enact and enforce.  A long term strategy and commitment to trade secret management will help your business protect and enforce its valuable secrets.