Preventing Trade Secret Theft: Proactive Strategies for In-House Counsel

A hand moving dial with a shield icon on it.

Ed. Note: This is the last in a series of articles taken from Gavin Parsons' CLE presentation for the North Carolina Bar Association's Antitrust and Complex Business Dispute CLE Program presented on Thursday, January 30, 2025. Here are links to the first, second, third, and fourth articles.

As we've explored throughout this series, trade secret litigation can prove costly, time-consuming, and potentially devastating to business relationships. 

While understanding enforcement options remains crucial, preventing misappropriation in the first place offers a far more cost-effective approach. 

Our final article focuses on practical strategies for protecting trade secrets before problems arise, with particular attention to the challenges posed by remote work and digital storage.  

Creating a Culture of Protection 

Effective trade secret protection begins with the company recognizing that its secret information is valuable and establishing and promoting a corporate culture that acknowledges this resource and protects it.  

Companies should recognize and understand that they have trade secrets, and then communicate the existence and significance to their employees.  Sometimes companies do not recognize that their confidential information is a legally-protectable trade secret. If they don't identify it themselves, it increases the chance that their employees will be unaware of the need for handling this information with care and discretion.  

Employees must understand not only what information requires protection but why that protection matters to the company's success.  This starts when an employee is onboarded and should extend throughout the employment relationship through regular training and communication. 

The goal isn't simply a written confidentiality agreement and compliance with protection protocols, but fostering a genuine appreciation for the value of proprietary information.  If an employee understands the importance of what they are working with, they will be more likely to comply with the protocols. They also will often go beyond protocols and take additional common-sense steps to protect company information.  

Training should move beyond abstract concepts to concrete examples relevant to each employee's role.  They need to understand why they must take (or not take) certain actions, and why it is vital that they do so.   

For instance, engineers need to understand how their technical documentation requires protection, while sales teams need guidance on handling customer information and pricing strategies. This role-specific training helps employees recognize trade secrets in their daily work and understand their personal responsibility for protection.

Regular reminders about trade secret obligations should become part of routine business operations.  When employees begin new projects, transfer departments, or receive promotions, these transitions create natural opportunities to refresh their understanding of confidentiality obligations.  

Similarly, regular security audits and updates can serve as platforms for reinforcing the importance of trade secret protection.  In-house counsel should collaborate with business stakeholders, including Human Resources, IT, R&D, and Sales to implement ongoing training to create a culture of protection.

Digital Security in a Remote World 

The rise of remote work has fundamentally changed how companies must approach trade secret protection.  Traditional physical security measures, while still important, no longer suffice when employees routinely access sensitive information from home offices and personal devices.  

A comprehensive digital security strategy must account for this new reality while remaining practical for daily operations.  Access controls form the foundation of digital protection.   

Companies should implement robust authentication systems and maintain careful records of who can access what information.  However, these controls must balance security with efficiency.  Overly restrictive systems often encourage employees to find workarounds, potentially creating greater security risks than the ones they're meant to prevent.  

Document management systems play a crucial role in modern trade secret protection. These systems should track not only who accesses documents but halso ow they use them.   

Any dissemination of company records to personal email accounts and personal Google workspaces must be prohibited. Monitoring capabilities should extend to printing, downloading, and sharing activities.  When possible, implement watermarking and other technical measures that help trace the origin of leaked information.  Remote access protocols deserve particular attention. Virtual private networks (VPNs) should be mandatory for accessing company systems from outside locations.   

Additionally, companies should consider implementing mobile device management (MDM) solutions that can control how company information is accessed and stored on personal devices.  These systems can also facilitate remote wiping of company data when employees depart.

Employee Transitions and Business Relationships 

Employee departures present perhaps the greatest risk for trade secret misappropriation.  

A comprehensive departure protocol should address both technical and human factors.  

From a technical perspective, companies need systems to track and recover all company devices, disable access to digital resources, and ensure no unauthorized copying of information has occurred before departure.  

The human element proves equally important.  Exit interviews should clearly remind departing employees of their continuing obligations regarding trade secrets and confidential information.  These conversations should be documented contemporaneously and should include specific discussion of any unique trade secrets the employee accessed during their tenure.  

Having employees acknowledge these obligations in writing provides valuable documentation if issues arise later. 

It can also be helpful to know if an employee is going to work for a direct competitor or is striking out on their own.  If a departing employee is going to work for a direct competitor or behaves in an awkward manner regarding the next step in their career, additional care and review of the departing employee's electronic activity near their departure may be a consideration. 

Business relationships require similarly careful attention to trade secret protection. When sharing sensitive information with potential partners, vendors, or customers, companies should implement clear protocols governing what information can be shared, with whom, and under what circumstances. 

These protocols should include:

  • Detailed non-disclosure agreements, ideally executed at the start of employment, tailored to specific relationships prior to the release of any information,
  • Contractual provisions allowing compliance audit rights that survive the termination of commercial agreements,
  • Clear marking and tracking of confidential materials,
  • Documented processes for returning or destroying confidential information, and
  • Regular audits for compliance with confidentiality obligations.

If you are going to potentially share trade secret information with a foreign entity with no operations within the United States (particularly those located in China), then you should consider:

  1. Do you really need that particular entity to perform the specific function?
  2. Instead, is there someone in the United States or somewhere else that you can compel to comply with the NDA, particularly with respect to post-termination audit provisions?
  3. What, if any, additional security measures can you take with your information to protect it from misuse by a foreign vendor? Is there a technical solution that might work?
  4. Are there additional terms you can build into your NDAs that increase the chances that you will be able to enforce audit and compliance rights?
    1. Consider requiring the return of information or permanent deletion of confidential information with a written certification of such return or deletion.
    2. Consider the broadest consent to jurisdiction, venue, and waiver of service of process that your jurisdiction will allow so that you may pursue a civil action in the United States to enforce your rights.

Identifying and Documenting Trade Secrets 

Effective protection requires clear identification of trade secrets within the organization. 

This process should be ongoing, as new trade secrets are developed through research, customer relationships, and business operations. 

Regular audits can help identify potentially valuable information that requires protection. These audits should examine not only traditional categories like formulas and designs but also compilations of information that derive value from their confidential nature. 

Documentation plays a crucial role in both prevention and potential enforcement. Companies should maintain detailed records of their trade secrets, including:

  • Development history and associated costs
  • Measures taken to maintain secrecy
  • Economic value derived from the information
  • Employees and third parties with access
  • Specific protection measures for each trade secret

Monitoring and Enforcement 

Even the best prevention systems require regular monitoring and consistent enforcement. Companies should implement systems to detect potential misappropriation early, including monitoring of unusual access patterns, unexpected downloads, or suspicious email activity. 

However, these monitoring systems must comply with applicable privacy laws and be clearly disclosed to employees. 

When violations of trade secret protocols occur, even minor ones, companies should respond consistently. Enforcement shouldn't always mean litigation; often, prompt attention to small violations can prevent larger problems from developing. 

Contemporaneously document these enforcement efforts, as they may prove valuable in demonstrating reasonable protection measures if litigation becomes necessary later. 

Adapting to Change 

Trade secret protection strategies must evolve with technology and business practices. Regular reviews of protection measures should examine whether existing protocols adequately address new technologies, changing work patterns, and emerging threats. 

These reviews should include input from various stakeholders, including IT, legal, human resources, and operational managers. 

Consider creating a trade secret protection committee that meets regularly to assess and update protection strategies. This committee can help ensure that protection measures remain practical while still providing adequate security. They can also help identify new categories of information that may require protection as the business evolves.

Looking Forward 

As business operations become increasingly digital and workforce mobility continues to rise, trade secret protection will only grow more challenging. 

Success requires a balanced approach that protects valuable information while allowing for efficient business operations. Regular assessment and adjustment of protection strategies helps ensure they remain effective without becoming overly burdensome. 

Remember that the goal of trade secret protection isn't to create an impenetrable fortress but to implement reasonable measures that demonstrate serious effort to maintain secrecy. 

By fostering a culture of protection, implementing appropriate technical measures, and maintaining consistent enforcement, companies can significantly reduce their risk of trade secret misappropriation while positioning themselves for successful enforcement if theft occurs. 

This concludes our series on trade secret protection and enforcement. From prevention through litigation and recovery, we hope these articles have provided valuable guidance for protecting your company's crucial intellectual property assets.

Trade Secret Tuesday Articles

--
© 2025 Ward and Smith, P.A. For further information regarding the issues described above, please contact Gavin B. Parsons, Mayukh Sircar, CIPP/US or Devon D. Williams.

This article is not intended to give, and should not be relied upon for, legal advice in any particular circumstance or fact situation. No action should be taken in reliance upon the information contained in this article without obtaining the advice of an attorney.

We are your established legal network with offices in Asheville, Greenville, New Bern, Raleigh, and Wilmington, NC.

Subscribe to Ward and Smith