Summary: Every company holds information that is valuable because it is secret—but trade secret law protects that information only if the owner takes reasonable measures to keep it confidential. This guide explains how to build a protection program that satisfies that requirement, following a fictional robotics startup as it identifies and secures its secrets across physical, technical, and administrative dimensions. It covers what qualifies as a trade secret, how to inventory and classify confidential information, the contractual protections that supplement the statutes, the easily-missed whistleblower-immunity notice that can quietly forfeit your punitive damages, employee training, and the high-risk moment of departures. It incorporates the 2025-2026 collapse of the FTC's nationwide non-compete ban and explains what that means for strategy.

The Secret You Forget to Protect Is the One You Lose

Cascade Robotics is two years old and already dangerous to its competitors. The company builds autonomous warehouse robots, and the reason its robots outperform everyone else's is a motion-planning algorithm—software that lets a robot thread its way through a crowded, constantly reshuffling warehouse floor without slowing down. The algorithm took the founding engineers eighteen months and several humbling dead ends to perfect. It is not patented. It is not published. It exists only in a private code repository and in the heads of four people. And it is, by a wide margin, the most valuable thing Cascade owns.

Here is the uncomfortable question. If one of those four engineers leaves for a competitor next month and takes the algorithm with them—copied to a thumb drive or simply carried in memory—can Cascade stop them? The answer depends almost entirely on choices Cascade made before the departure: whether it identified the algorithm as a trade secret, whether it restricted who could touch the code, whether the engineers signed confidentiality and invention-assignment agreements, whether those agreements contained a one-paragraph statutory notice most companies have never heard of, and whether Cascade can show a court that it treated the information as a genuine secret rather than just hoping no one would take it.

That is the central, slightly counterintuitive feature of trade secret law: protection is not automatic and it is not free, but it is conditioned on effort. Unlike a patent, a trade secret requires no registration and no public disclosure, and it can last forever—the Coca-Cola formula has been a trade secret for well over a century. But the protection exists only at the intersection of two things, value and secrecy, and the law will honor it only if the owner has taken reasonable measures to keep the information secret. A company that holds something immensely valuable but guards it carelessly has no trade secret at all. As Judge Frank Easterbrook's colleague Judge Richard Posner put the point in Rockwell Graphic Systems, Inc. v. DEV Industries, Inc., 925 F.2d 174 (7th Cir. 1991), a firm that takes no precautions to keep something secret has no business complaining when a competitor obtains it through lawful means.

This guide is about how a company like Cascade builds the effort the law rewards—before it needs it. For where trade secret protection sits among the other forms of intellectual property, our overview of copyright vs. trademark vs. patent vs. trade secret is a useful companion, and our deep dive on the legal protection of software shows how trade secret fits into a layered strategy for code specifically. Readers who want the doctrinal fundamentals at greater depth can also consult our broader treatment of the protection of trade secrets.

What Trade Secret Law Actually Protects

Before building anything, it helps to understand the legal framework, because its peculiarities shape every later decision. Trade secrets are protected at two levels in the United States. Federally, the Defend Trade Secrets Act of 2016 (DTSA), 18 U.S.C. § 1836(b), created a private civil cause of action that lets a trade secret owner sue in federal court—the first such federal remedy in American history, signed into law for misappropriation occurring on or after May 11, 2016. At the state level, every state except New York, plus the District of Columbia, has adopted some version of the Uniform Trade Secrets Act (UTSA); New York remains the lone holdout, relying on common law and the Restatement. The two regimes use substantively aligned definitions, and a plaintiff like Cascade can usually plead both in the same complaint.

Under the DTSA, information qualifies as a trade secret if (1) the owner "has taken reasonable measures to keep such information secret," and (2) it "derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information." 18 U.S.C. § 1839(3). The UTSA's definition is functionally the same, framed as information that derives independent economic value from secrecy and "is the subject of efforts that are reasonable under the circumstances to maintain its secrecy." UTSA § 1(4). Courts treat the two as interchangeable in nearly all respects; see, e.g., Midwest Sign & Screen Printing Supply Co. v. Dalpe, 386 F. Supp. 3d 1037, 1053 (D. Minn. 2019), and Earthbound Corp. v. MiTek USA, Inc., 2016 WL 4418013, at *10 (W.D. Wash. Aug. 19, 2016). The DTSA adds one element with no state-law analog: the trade secret must relate to a product or service used in, or intended for use in, interstate or foreign commerce—a jurisdictional hook that is rarely a real obstacle, satisfied by something as ordinary as out-of-state customers on a list. See Complete Logistical Servs., LLC v. Rulh, 350 F. Supp. 3d 512, 520 (E.D. La. 2018).

Both elements are required, and they are intertwined. Cascade's motion-planning algorithm is valuable because rivals do not have it; that goes to the first prong. But it becomes a protectable trade secret only if Cascade also guards it reasonably. Value without secrecy is not a trade secret, and secrecy around something worthless is not either. As courts put it, the two prongs are "closely intertwined": the same facts that show information is secret usually show that its value comes from secrecy. API Americas Inc. v. Miller, 380 F. Supp. 3d 1141, 1149 (D. Kan. 2019).

Two features distinguish trade secrets sharply from patents, and they drive strategy. First, the protection lasts as long as the secrecy does—indefinitely, in principle—but it is fragile. The moment the information becomes generally known, the protection vanishes, whether through the owner's careless disclosure, a security failure, or—critically—lawful means. Trade secret law does not protect against independent development or reverse engineering. If a competitor independently writes its own motion-planning algorithm, or lawfully buys a Cascade robot and figures out how it works, no trade secret has been misappropriated, because the statute's definition of "improper means" expressly excludes reverse engineering and independent derivation. 18 U.S.C. § 1839(6)(B). What the law forbids is acquisition by improper means or in breach of a duty of confidence. The classic illustration is E.I. duPont de Nemours & Co. v. Christopher, 431 F.2d 1012 (5th Cir. 1970), where competitors hired a pilot to photograph a chemical plant under construction from the air; the Fifth Circuit held that even though the photography violated no other law, it was an "improper means" of acquiring a trade secret because it fell below the standards of commercial morality. Reverse engineering a product you lawfully own is proper; aerial espionage of a plant you do not is not.

Second, because there is no registration, the entire burden of establishing protection falls on the owner's conduct. This is why the "reasonable measures" requirement is where most trade secret cases are actually won or lost. What counts as reasonable is contextual—a four-person startup is not held to the standard of a multinational—but the measures must be real and proportionate to the value at stake. The goal is not perfect security, which is impossible, but demonstrable, reasonable effort. Keep that word in mind: demonstrable. Everything this guide describes is, in the end, the manufacture of evidence you hope you will never have to use.

Step One: Find Out What You Have

A protection program begins with an inventory, because you cannot protect what you have not identified. This sounds obvious and is routinely skipped, with the result that companies discover their most important secrets only after losing them—and then face a litigation rule that makes vagueness fatal. Federal courts require a trade secret plaintiff to identify the claimed secrets with specificity rather than gesturing at broad "categories" of information; pleading that your "confidential business information" was taken, without more, gets a complaint dismissed under Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (2007), and Ashcroft v. Iqbal, 556 U.S. 662 (2009). See Human Longevity, Inc. v. J. Craig Venter Inst., Inc., 2018 WL 6617633, at *4-5 (S.D. Cal. Dec. 18, 2018). A good inventory built in peacetime is also the document that lets you describe your secret "with sufficient specificity" in wartime without, as one court nicely put it, "paradoxically jeopardiz[ing]" the very secret you are suing to protect. Prairie Field Servs., LLC v. Welsh, 497 F. Supp. 3d 381, 395 (D. Minn. 2020).

The categories are broad. Technical trade secrets include formulas, processes, methods, techniques, designs, and—increasingly the most commonly claimed category in the modern economy—software source code, algorithms, and architectures; the Restatement (First) of Torts § 757 cmt. b (1939) offers a classic enumeration that still informs courts. Research and development data qualifies too, including negative results: knowing which approaches do not work can save a competitor years, which is exactly why it has value. Business trade secrets reach beyond technology to customer lists (especially those containing non-public information like preferences, buying patterns, and key contacts), pricing and cost structures, strategic plans, and supplier terms.

Customer lists deserve a word of caution, because they are the most over-claimed and under-protected asset in the catalog. A list that is little more than names anyone could pull from a trade directory is not a trade secret; a compilation becomes protectable depending on three things: the time and expertise needed to compile it, the independent value of the compilation over the raw public data, and—again—the owner's efforts to keep it confidential. The Fourth Circuit applied exactly this calculus in AirFacts, Inc. v. de Amezaga, 909 F.3d 84, 96-97 (4th Cir. 2018), holding that flowcharts "painstakingly compiled" from public data, which improved the employer's efficiency, qualified as a trade secret. The lesson: the more difficult and expensive the development, the more likely a court will protect the result.

For Cascade, a serious inventory turns up more than the famous algorithm. There is the algorithm itself, of course. But there is also the proprietary sensor-calibration process the manufacturing team developed, the list of which warehouse operators are in late-stage sales talks (with their pain points and decision-makers noted), the cost structure that lets Cascade price aggressively, and a folder of failed design iterations that quietly document an entire branch of the design space competitors would have to re-explore from scratch. Each of these has economic value precisely because rivals lack it.

The inventory should be systematic rather than ad hoc. Survey each team and ask three questions: what information would help a competitor, what did the company invest heavily to develop, and what would be costly for an outsider to recreate? For each item, record what the information is, where it lives (physically and electronically), who can access it, why it has value, and what agreements already govern it. That last column matters more than it looks—the metadata of who-can-touch-what is the spine of the whole program and, later, the evidentiary record that the company managed its secrets deliberately. The inventory should also be rigorous about excluding things that do not qualify: information that is generally known, readily found in public sources, or lacking real value. Over-claiming is worse than useless. Asserting trade secret status over ordinary business data suggests either bad faith or a program that cannot tell the difference between genuine secrets and routine paperwork—and in litigation, a plaintiff who claims everything is a secret often persuades a court that nothing was treated as one.

This kind of structured inventory is the heart of a trade secret audit, a discipline mature enough to have its own maturity model—running from Level 0 (no policy or governance at all) up through Level 3 (formal, documented, managed processes that people actually follow) and beyond. A startup does not need to reach the top of that ladder. It needs to get off the bottom, which mostly means doing the inventory honestly and writing down what protects each item. Many companies find that calling the exercise an "assessment" rather than an "audit" gets more candid cooperation from the engineers and salespeople who actually know where the secrets live.

Step Two: Build the Three Layers of Security

With protectable information identified, the work is to secure it across three reinforcing dimensions—physical, technical, and administrative. No single layer suffices; each compensates for the others' gaps.

Physical security addresses the tangible spaces where secrets live. For Cascade, that means controlling access to the lab where prototypes are built and the area where the sensor-calibration process is performed, logging and escorting visitors, requiring confidentiality acknowledgments before substantive meetings, and adopting basic hygiene: clean-desk practices, locked storage for sensitive documents, conspicuous marking of confidential materials, and shredding rather than discarding them. (If Cascade uses biometric access controls—fingerprint or retina readers—it should confirm compliance with state biometric-privacy statutes like Illinois's BIPA before installing them; a security measure that itself triggers a lawsuit is a poor trade.) Manufacturing settings raise a particular challenge because a process can be visible to anyone on the floor; compartmentalizing the process so no single employee sees the whole, limiting floor access, and routing plant tours away from sensitive areas all help.

Technical security is, in the digital age, often the most important layer, because most secrets now exist as electronic files reachable from far beyond the building. The core controls are access controls built on the principle of least privilege—users get access only to what their jobs require, and nothing more. For Cascade, that means the motion-planning repository is not open to the whole engineering team; it is restricted to the handful of people who actually work on it, with permission-based access, authentication (ideally multifactor), and logging that records who touched what and when. Those logs are not just security infrastructure; they are the single most persuasive piece of evidence in most departure cases, because they show a court exactly what a departing engineer accessed in his final week. Encryption protects data at rest and in transit; network controls (firewalls, segmentation, intrusion detection) isolate sensitive systems; and data-loss-prevention tools can flag when a file marked confidential is emailed externally or copied to removable media—creating both a deterrent and an audit trail. Disabling USB ports on machines that touch the crown-jewel repositories is a cheap, blunt, and effective control. The modern complications of remote work and cloud storage deserve their own treatment, which we provide in trade secrets in the age of remote work and cloud computing; the short version is that when engineers work from home and code lives in cloud repositories reachable from anywhere, the "reasonable measures" question takes on new dimensions a credible program must address explicitly.

Courts have made the personal-device problem painfully concrete. In Yellowfin Yachts, Inc. v. Barker Boatworks, LLC, 898 F.3d 1279, 1299-1301 (11th Cir. 2018), the Eleventh Circuit held that an employer had not taken reasonable measures to protect customer information—even though it limited access and password-protected its network—because it had encouraged the employee to keep that information on his personal phone and laptop, never required him to sign a confidentiality agreement, and never marked the information confidential. The Seventh Circuit drove the same point home in DM Trans, LLC v. Scott, 38 F.4th 608 (7th Cir. 2022), denying injunctive relief where the employer "neither requested nor took steps to ensure that employees deleted" company data from their personal devices. The takeaway is sharp: letting valuable information live on devices you do not control, and never reclaiming it, can by itself defeat the secrecy element—no thief required.

Administrative security—the policies, classifications, and habits—is the connective tissue that makes the other two layers actually function. A written trade secret policy defines confidential information, sets classification levels, specifies handling rules, and states the consequences of violations. A tiered classification system (say, public, internal, confidential, and restricted, each with defined handling, storage, transmission, and disposal rules) lets employees treat any given item correctly without guessing. The "need-to-know" principle, borrowed from national-security practice, limits access to those with a genuine business justification—not because only one person may know a secret, but because every additional holder is an additional point of failure. There is a drafting trap worth flagging here, which we return to below: a confidentiality policy written too broadly can collide with employees' rights under Section 7 of the National Labor Relations Act to discuss wages and working conditions, and an overbroad rule can be struck down as an unfair labor practice. The fix is to confine the policy to genuine proprietary business, customer, and vendor information and to add an NLRA savings clause—a balance the Board has blessed in cases like LA Specialty Produce Co., 368 N.L.R.B. No. 93 (2019).

For Cascade, the combination is what creates a defensible position. If the company can show a court that the algorithm lived in a restricted, logged repository, that only four people had access, that each signed a confidentiality and invention-assignment agreement, that the architecture documents were marked "Restricted," and that the company trained its people on all of it, it has a powerful answer to the inevitable defense argument that it never really treated the information as secret. Contrast two real cases that bracket the spectrum. In Abrasic 90 Inc. v. Weldcote Metals, Inc., 364 F. Supp. 3d 888 (N.D. Ill. 2019), the court denied a preliminary injunction because the plaintiff had done "virtually nothing to protect" its claimed secrets—no NDAs, no meaningful access limits—and the court noted that the "failure to enter into nondisclosure or confidentiality agreements often dooms trade secret claims." In Vendavo, Inc. v. Long, 397 F. Supp. 3d 1115 (N.D. Ill. 2019), by contrast, the same court granted relief, cataloguing the very ordinary steps the plaintiff had taken. The difference between the two outcomes was not the value of the information. It was the paperwork.

Step Three: Add Contracts on Top of the Statutes

Reasonable security earns trade secret status; contracts add explicit, enforceable obligations that supplement the default rules and—just as importantly—themselves count as evidence of reasonable measures. They also reach information that is not quite a trade secret: a confidentiality agreement can protect valuable business information that would fail the statutory test, by creating a contractual duty independent of trade secret law.

The foundational contract is the employee confidentiality agreement, signed at the start of employment—before any secrets are shared, when the employment relationship itself supplies the consideration that makes the promise enforceable. Demanded mid-employment without new consideration, such agreements can face enforceability challenges in some states, so if they were missed at hiring, pairing them with a promotion, bonus, or other benefit shores them up. A good agreement defines confidential information clearly (broadly enough to cover the secrets, but not so broadly that a court deems it unrealistic and unenforceable), specifies permitted and prohibited uses, addresses remote work and personal devices explicitly, survives termination, and acknowledges that violations may warrant injunctive relief. The mechanics of drafting these and their third-party cousins are covered in our guide on drafting enforceable non-disclosure agreements for technology transactions.

Equally important is the invention assignment agreement, which ensures the company owns what its employees create. Confidentiality protects information as secret; assignment makes sure the company, not the individual, owns the resulting inventions and code. These provisions typically cover inventions conceived during employment that relate to the business or result from work for the company, and several states—California (Cal. Lab. Code § 2870), Minnesota, Washington, and others—statutorily carve out inventions an employee develops entirely on their own time, without company resources, that do not relate to the business. Getting these agreements right is consequential enough that we treat it separately in employee invention assignment agreements. For Cascade, the assignment agreements are what guarantee the algorithm belongs to the company and not to the four engineers who wrote it—a distinction that becomes acute if one of them leaves, or if an acquirer's lawyers come looking during diligence and find that the company's signature asset is, on paper, owned by a person who no longer works there.

Agreements with third parties—customers, suppliers, partners—should carry confidentiality terms suited to whatever secrets might be shared, with mutual NDAs standard where both sides may disclose. This is not a box-checking nicety. In Farmers' Edge Inc. v. Farmobile, LLC, 970 F.3d 1027, 1033 (8th Cir. 2020), the Eighth Circuit refused trade secret protection outright because the plaintiff had shared its information with a third-party contractor without a confidentiality agreement or other protective practices. Sharing a secret with anyone who is not bound to keep it can extinguish the secret. Visitor confidentiality acknowledgments, joint-venture data-handling frameworks, and franchise or distributor confidentiality clauses extend protection to everyone who touches the information. For companies that share secrets with manufacturers, the contracting discipline runs deeper still, an issue we touch on in connection with software transactions and licensing.

The one-paragraph trap that can erase your punitive damages

Here is a provision that almost no one outside trade secret litigation knows about, and that quietly costs plaintiffs real money every year. When Congress passed the DTSA, it created broad whistleblower immunity under 18 U.S.C. § 1833(b): an employee, contractor, or consultant who discloses a trade secret in confidence to a government official or an attorney, solely to report or investigate a suspected violation of law—or who files it under seal in a lawsuit—is immune from liability under any federal or state trade secret law. Good policy. But Congress paired the immunity with a notice requirement, and attached teeth to it. Under § 1833(b)(3), employers must notify employees of this immunity in "any contract or agreement with an employee that governs the use of a trade secret or other confidential information" entered into or amended after May 11, 2016. The notice can be given by cross-reference to a policy document that contains the company's reporting policy.

And if the employer fails to give the notice? It "may not be awarded exemplary damages or attorney fees" under the DTSA against an employee who never received it. 18 U.S.C. § 1833(b)(3)(C); see Xoran Holdings LLC v. Luick, 2017 WL 4039178, at *7 (E.D. Mich. Sept. 13, 2017). Read that again. A company can win its misappropriation case, prove the theft was willful and malicious, and still walk away from the two most valuable DTSA remedies—the doubling of damages and the fee-shifting—because a paragraph was missing from an offer letter. The notice costs nothing. Its omission can cost everything that makes a willful case worth bringing.

A few practical refinements matter. The defined "employee" reaches independent contractors and consultants, so their agreements need the notice too—and because contractors may not have access to the company's internal policy library, the safer course is to put the actual notice in their contracts rather than cross-reference a policy they cannot see. The notice obligation attaches to agreements entered into or amended after May 11, 2016, so a company need not reopen old contracts solely to add it, but should fold the language into every new or revised agreement and, where there is no confidentiality agreement at all, into the confidentiality policy itself. One more thing the omission does not do: it does not bar the ordinary remedies—injunctions, actual damages, unjust enrichment, even an ex parte seizure—and it does not foreclose exemplary damages or fees under state law, which the DTSA does not preempt. But within the federal statute, the missing notice is a self-inflicted wound, and it is entirely avoidable. For Cascade, the fix is a fifteen-minute revision to its offer-letter template and contractor agreements, done now, while the company is small enough that "all the agreements" is a manageable stack.

Non-competes after the FTC rule collapsed

Non-compete agreements—which bar an employee from working for a competitor for a period after leaving—have traditionally been used to protect trade secrets by keeping departing employees out of roles where they would be tempted to use what they know. Their status has been turbulent, and any program built on older assumptions needs updating.

In April 2024 the Federal Trade Commission issued a rule that would have banned most post-employment non-competes nationwide. It never took effect. A Texas federal court enjoined it in August 2024 in Ryan LLC v. FTC, holding the Commission had exceeded its statutory authority, and after a change in administration the FTC abandoned the fight: on September 5, 2025, it voted to dismiss its appeals and accede to vacatur of the rule, and in early 2026 it moved to formally remove the rule from the Code of Federal Regulations to conform to the court decisions. The nationwide ban is dead. In its place, the FTC has signaled a shift to case-by-case enforcement under Section 5 of the FTC Act, targeting non-competes it views as overbroad or coercive—as it did in a 2025 consent order requiring a pet-cremation company to release roughly 1,800 employees from non-competes the agency deemed anticompetitive.

The practical consequence is that non-compete enforceability is once again governed almost entirely by state law, which varies dramatically. California broadly voids non-competes (Cal. Bus. & Prof. Code § 16600), and several states—Minnesota, North Dakota, and Oklahoma among them—ban most of them as well; many other states enforce them only if reasonable in duration, geographic scope, and the legitimate interest protected. Some states layer on procedural rules: Massachusetts's Noncompetition Agreement Act, M.G.L. ch. 149, § 24L, requires garden-leave pay or other consideration and caps duration, and California Labor Code § 925 bars employers from forcing California workers into out-of-state forums or other states' law. We track these developments in detail in our piece on non-compete agreements under siege.

For trade secret strategy, the lesson is the one it has always been, only more emphatic: a non-compete is an unreliable foundation. It may be unenforceable where Cascade's engineers live, it remains exposed to case-by-case federal scrutiny, and it does nothing on its own to stop information from walking out the door—it only forbids a destination. Non-competes should supplement, never replace, the security measures, confidentiality agreements, and—often more durable—non-solicitation agreements that restrict a departed employee from poaching customers or recruiting colleagues. Non-solicits frequently hold up even in states hostile to non-competes, and they protect the relationship-based secrets that matter most. Some employers also use garden leave—a paid notice period that keeps a departing employee technically on payroll, and therefore out of a competitor's hands, for a defined window. There is little case law on it, and courts tend to scrutinize it the way they scrutinize non-competes, so it is a tool, not a talisman.

Step Four: Make the People the Strongest Layer

Policies and contracts only work if employees understand and follow them, which makes training and culture the difference between a program on paper and a program in practice. It is also, bluntly, a litigation asset: courts assessing "reasonable measures" routinely ask whether the company trained its workforce on confidentiality, and a documented training program with signed acknowledgments is the kind of evidence that turns a close case.

New employees should learn what trade secrets are and why they matter, the company's specific policies, how to identify and handle confidential information, their contractual obligations, and the consequences of violations—and the training should be documented, ideally with a signed acknowledgment. Ongoing reminders and role-specific training keep the message current: the research team needs depth on protecting technical secrets and the perils of publication, the sales team needs guidance on which customer information can be used and which cannot, and the IT team needs security training suited to its broad system access. Above all, the goal is a culture in which protecting confidential information is understood as part of everyone's job rather than a compliance ritual—signaled by leadership emphasis, recognition for people who flag risks, and consistent enforcement.

Hiring is the mirror image of departure, and it carries its own trap that founders rarely see coming: bringing in someone else's trade secrets. When Cascade hires an engineer from a competitor, it inherits whatever post-employment restrictions and confidentiality duties that person carries, and a careless onboarding can drag Cascade into a misappropriation or tortious-interference suit as a defendant. The defensive moves are simple and worth building into the hiring checklist. Ask every candidate to identify any confidentiality, non-compete, non-solicitation, or invention-assignment agreements with prior employers. Tell new hires, in writing—ideally in the offer letter—that they must not bring or use any former employer's customer lists, designs, code, or other confidential materials, and have them affirmatively represent that they have not. Do not ask a new hire to email a customer list "to get a head start"; emailing a former employer's data to oneself is, as the cases describe it, a red flag that lights up a forensic examination. For senior hires from direct competitors, counsel sometimes obtains an impartial opinion letter on the enforceability of the candidate's restrictions, though that comes with privilege-waiver considerations. The point is that a protection program runs in both directions: it keeps your secrets in, and it keeps everyone else's out.

Step Five: Survive Departures—the Riskiest Moment

Employee departures are the peak risk for trade secret loss, and Cascade's worst-case scenario—an engineer leaving for a competitor with the algorithm—is the one every program must be built to withstand.

A crucial legal nuance frames the whole problem: employees are free to take their general skills and knowledge with them. Courts consistently protect employee mobility, so Cascade cannot stop a departing engineer from being good at motion planning in general. What it can stop is the taking of its specific trade secrets. The line between "general skill" and "protected secret" is the battleground of nearly every departure dispute, and the cleaner a company's measures—the more clearly it has marked, restricted, and documented the specific secret—the easier that line is to draw in its favor.

When warning signs appear—unusual downloading, accessing files outside one's normal work, dissatisfaction combined with competitor contact—lawful, policy-compliant monitoring can catch a problem before it becomes a full misappropriation. An acceptable-use policy that establishes company ownership of work devices and tells employees they have no expectation of privacy on those systems is what makes such monitoring (and later forensic review) legally clean. Exit interviews should be conducted with every departing employee who had access to confidential information, not just suspects, and ideally by a neutral party such as HR rather than the employee's direct supervisor, which tends to produce more candid answers about where the person is headed. A good exit interview identifies what the person accessed, confirms the return of all company materials and devices, reminds the person of ongoing obligations, reviews any restrictive covenants, and—critically—captures a signed acknowledgment that company property has been returned and obligations understood. That signature is what defeats the later defense of "I didn't know that was confidential."

Collection of company property must be thorough: laptops, phones, peripherals and external drives, badges, key fobs, and documents returned; remote access, email, and VPN credentials disabled; accounts terminated; and forwarding rules and delegated mailbox access checked and removed. Pair the access shutoff with IT before the last day, because the most common operational failure in departures is the lag between HR knowing someone is leaving and IT cutting off access—a window in which a determined employee can copy at leisure.

A frequently overlooked piece is the continuing-obligations letter, sent to the departing employee (and, if they are going to a direct competitor, to the new employer). It recites the specific covenants that survive, attaches copies of the signed agreements, reserves all of the company's rights and remedies, and asks for a signed acknowledgment of receipt. If it cannot be handed over at the exit interview and must be mailed, send it by certified mail or another method that proves delivery—because the presumption that an ordinary letter was received can be rebutted by an affidavit of non-receipt, as the Third Circuit reminded everyone in Lupyan v. Corinthian Colleges, Inc., 761 F.3d 314, 319-20 (3d Cir. 2014). Proof that the former employee actually received the reminder is itself part of the "reasonable measures" story.

For a routine departure to a non-competing role, confirming obligations and closing access may be enough. For a departure to a direct competitor, more is warranted: forensic preservation of the employee's devices and accounts, monitoring the market for signs of misuse for a few months (employees often take time off before competing), and, in a serious case, prompt legal action. The forensic piece is time-sensitive and easy to botch. The instinct to "just check the laptop" is dangerous, because powering a device on and off, or letting an untrained person poke around, alters metadata and can destroy the very evidence you need; courts have sanctioned parties for spoliation in exactly this posture. See, e.g., Sonrai Systems, LLC v. Romano, 2021 WL 1418405 (N.D. Ill. Jan. 20, 2021). The disciplined sequence is to suspend any auto-deletion or device-wipe routines (companies often re-image a departed employee's laptop within 30 to 90 days—do not let that happen to a device you may need), image the critical devices through a forensic vendor before searching them, capture credentials and encryption keys, and maintain a documented chain of custody. Our companion guide on cybersecurity incident response and IP protection walks through the broader preservation discipline when trade secret loss overlaps with a data-security event.

A doctrine to handle with care: inevitable disclosure

One doctrine deserves a caution because it is so tempting to over-rely on. The inevitable disclosure doctrine, recognized in some states, lets a court enjoin a former employee from taking a role in which they would inevitably use the former employer's trade secrets, even without proof of actual or threatened misappropriation. The Seventh Circuit applied a version of it in PepsiCo, Inc. v. Redmond, 54 F.3d 1262 (7th Cir. 1995), the seminal case: a high-level executive who knew PepsiCo's strategic and distribution plans for its "new age" drinks resigned to take a parallel role at Quaker, a fierce competitor in the same niche, and the court concluded he could not perform the new job "without relying on" Pepsi's secrets—especially given that he had been less than honest about the scope of his new role. Picture a star player leaving for the rival team the night before the championship, carrying the former team's playbook in his head; that image is doing the legal work.

But the doctrine is controversial and either rejected or sharply narrowed in many states. California, true to its pro-mobility tradition, has refused to apply it, holding in Whyte v. Schlage Lock Co., 101 Cal. App. 4th 1443 (2002), that inevitable disclosure would effectively impose a non-compete the legislature has forbidden. Even in states that recognize it, courts demand more than "same job at a competitor plus a worried former employer"; they look at the degree of competition, the similarity of the old and new roles, and the steps the new employer took to wall the person off, among other factors. See PrimeSource Building Products, Inc. v. Huttig Building Products, Inc., 2017 WL 7795125, at *11-12 (N.D. Ill. Dec. 9, 2017). The DTSA permits an inevitable-disclosure theory only insofar as the governing state law recognizes it, and the statute expressly forbids an injunction that would bar a person from taking a job based merely on what they know rather than on evidence of threatened misappropriation. 18 U.S.C. § 1836(b)(3)(A). Translation for Cascade: do not build your departure strategy on inevitable disclosure. Build it on the boring, documentary proof of actual or threatened misappropriation—the access logs, the bulk download, the deleted files—which is far stronger ground and works in every jurisdiction.

When Prevention Fails: Responding to Misappropriation

Even good programs suffer misappropriation, and a prompt, disciplined response preserves both evidence and options. The moment suspicion arises, the priority is to preserve evidence—email archives, system and access logs, the relevant devices, cloud-account audit trails—and to involve counsel early, both because the attorney-client privilege protects the investigation's work product and because counsel can steer it toward the facts that will matter in litigation. Critically, the duty to preserve evidence can attach to you the moment litigation becomes reasonably anticipated, so the company must issue litigation-hold notices and suspend routine deletion the instant it decides a claim is on the table; courts have not been shy about sanctioning spoliation in trade secret cases, including for failing to preserve ephemeral messaging and collaboration-tool data like Slack. The investigation should itself be documented: what triggered it, what was gathered, what it concluded.

The legal toolkit is substantial. The DTSA and the UTSA authorize injunctions; compensatory damages measured as actual loss plus the defendant's unjust enrichment (not double-counted), or in the alternative a reasonable royalty; exemplary damages up to twice the actual amount for willful and malicious misappropriation; and attorneys' fees in exceptional cases (bad-faith claims, bad-faith injunction fights, or willful and malicious misappropriation). 18 U.S.C. § 1836(b)(3). The federal three-year statute of limitations runs from when the misappropriation was discovered or should have been with reasonable diligence. § 1836(d). And lurking behind the civil remedies is the criminal Economic Espionage Act: ordinary trade secret theft under 18 U.S.C. § 1832 exposes individuals to up to ten years' imprisonment and organizations to fines of the greater of $5 million or three times the value of the secret, while foreign economic espionage under § 1831 carries up to fifteen years and organizational fines up to the greater of $10 million or three times the value. A referral to the FBI or DOJ is occasionally the right move in an egregious case, with the understood tradeoff that the company loses some control over the matter.

The DTSA adds a remedy with no state-law analog: in extraordinary circumstances, a court can issue an ex parte seizure order under 18 U.S.C. § 1836(b)(2), directing law enforcement to seize property to stop a stolen secret from being disseminated before the defendant even knows a suit exists. It is powerful and tightly limited—courts have set, in their own words, a high bar. The statute requires the applicant to show, among eight findings, that an ordinary injunction would be inadequate because the defendant would evade it, that immediate and irreparable injury would otherwise occur, that the applicant is likely to succeed on the merits, that the defendant has actual possession of the secret, that the order describes the property to be seized with particularity, that the defendant would destroy or hide the materials if merely given notice, and—a subtle but litigation-shaping requirement—that the applicant has not publicized the request. § 1836(b)(2)(A)(ii). That last condition has a sharp practical edge: sending a cease-and-desist letter first can disqualify you from a seizure, because you have tipped the defendant off. See International Automotive Technicians' Network, Inc. v. Winzig (C.D. Cal. May 21, 2018) (seizure denied in part because plaintiff had already threatened litigation). Courts granting seizures have done so against defendants who lied, concealed their conduct, or showed a "willingness to evade or ignore the law"—as in AVX Corp. v. Kim, 2017 WL 11316598 (D.S.C. Mar. 13, 2017), and Solar Connect, LLC v. Endicott, 2018 WL 2386066 (D. Utah Apr. 6, 2018)—while reserving seizure orders for cases where ordinary process would come too late and routinely directing the "narrowest seizure necessary," appointing neutral technical experts and special masters, and holding a hearing within seven days. Wrongful seizure, it should be said, carries its own private right of action with damages not capped at the bond, so the remedy cuts both ways. Our practitioners explore its mechanics further; the upside-down lesson for a plaintiff is to think hard before firing off a warning shot if a seizure might be in play.

A well-judged cease-and-desist letter can, in the ordinary case, resolve matters without litigation and even help establish willfulness, though it also alerts the recipient and may trigger defensive moves (and, as just noted, can foreclose a seizure), so the decision is strategic and best made only after the company has substantiated its facts—an unsupported C&D can draw a tortious-interference counterclaim. Where a contract requires it, or where the parties prefer privacy and speed, arbitration or mediation may be the better forum, particularly because litigating a trade secret can risk further exposing it. The DTSA's codified sealing provisions, 18 U.S.C. § 1835, help here, and they are one quiet reason to prefer federal court over a New York state forum, where common-law trade secret remedies do not even include attorneys' fees.

It is worth tracing how the remedies would actually play out for Cascade, because the abstract list becomes concrete fast. Suppose the engineer resigns on a Friday, and on Monday the access logs reveal that in his final week he bulk-downloaded the entire motion-planning repository to a personal drive and then deleted his local browser history. Cascade's first move would be an emergency motion for a temporary restraining order and preliminary injunction to stop the former engineer and the new employer from using or disclosing the algorithm while the case proceeds; the download logs are exactly the kind of evidence that persuades a court to grant it, and the deletion is the kind of evidence courts treat as a marker of improper means. If the facts were extreme enough—say, evidence the engineer was about to hand the code to an overseas competitor before the company could be heard—Cascade could ask for the DTSA's ex parte seizure to secure the devices, having taken care not to have sent a warning letter first. On the merits, Cascade could seek its actual losses plus the competitor's unjust enrichment from the head start the stolen algorithm provided, or in the alternative a reasonable royalty; and if it proved the misappropriation was willful and malicious—which the deliberate download and concealment might show—exemplary damages of up to twice that amount and attorneys' fees come into reach, provided Cascade gave the § 1833(b) notice in the engineer's agreement. The injunction, more than the money, is often the point: it preserves the secret's confidentiality going forward, which a damages award alone cannot do. Every one of those remedies, though, rests on Cascade first proving it had a trade secret and took reasonable measures to protect it—which is to say, the case is won or lost on the program built long before the engineer ever resigned.

Putting a Number on It: Why Valuation Belongs in the Program

It seems odd to value something you are trying to keep invisible, but valuation runs quietly through the whole program, and a company that has thought about it in advance is better off in three places at once. First, the "independent economic value" element is, at bottom, a valuation question—a court wants to see that the secret is worth something because it is secret, and a company that can articulate, even roughly, what the algorithm is worth (the eighteen months of engineering it saved, the price premium it supports, the licensing revenue it could command) is answering an element of its own claim. In WeRide Corp. v. Huang, 379 F. Supp. 3d 834, 847 (N.D. Cal. 2019), the court was visibly helped by the plaintiff's ability to tie its source code to a concrete figure—tens of millions of dollars of investment. Second, damages: the same economic analysis that proves value supports the actual-loss, unjust-enrichment, and reasonable-royalty theories the statute authorizes, and the canonical reasonable-royalty framework borrowed from patent law, University Computing Co. v. Lykes-Youngstown Corp., 504 F.2d 518 (5th Cir. 1974), turns on the same inputs—development cost, importance, and the competitive change the secret would cause. Third, transactions and diligence: when an acquirer or investor looks at Cascade, the unpatented algorithm is a balance-sheet question, and a company that can document what it is and what it is worth raises money on better terms.

The practical move is to capture, in the inventory, a rough sense of each secret's value and the cost of protecting it. A company need not commission a formal appraisal to benefit; even a one-line note—"motion-planning algorithm: ~18 person-months to develop, sustains roughly a 15% price premium over the nearest competing system"—does double duty as evidence of value and as the seed of a damages theory. For secrets headed into licensing or M&A, a more rigorous discounted-cash-flow or market-based valuation may be worth the expense, but the discipline starts with simply writing down why the thing is worth protecting.

Keeping the Program Alive

Trade secret protection is a program, not a project, because the information environment, the technology, and the business all change. Regular audits—at least annually and after major changes like a fundraise, an acquisition, or a shift to remote work—test whether the physical, technical, and administrative controls remain adequate and whether policies are actually followed (a policy honored only on paper is worse than none, because it advertises the gap between what the company claimed and what it did). The inventory should be a living document, updated as new secrets are developed, old ones lose status through disclosure or obsolescence, and access patterns shift. Policies should track changes in law (the non-compete developments above, evolving NLRA guidance, new state biometric and privacy statutes), in technology (new collaboration tools, new storage platforms), and in industry practice—because falling behind peer norms creates both legal vulnerability under the "reasonable measures" inquiry and practical security gaps. Benchmarking against what competitors and courts treat as reasonable keeps the standard current; "reasonable under the circumstances" is a moving target, and the circumstances keep moving.

Special Contexts: Startups, R&D, and the Factory Floor

The principles above apply everywhere, but three settings—each of which Cascade occupies at once—deserve tailored attention, because each puts a distinctive strain on the reasonable-measures requirement.

Startups face a resource paradox. They typically hold trade secrets that are disproportionately important to their survival—often a single core technology is the whole company—yet they lack the budget and staff for elaborate security infrastructure. The answer is not to throw up one's hands but to prioritize ruthlessly. A two-year-old company cannot run a corporate security operations center, and no court expects it to; what a court does expect is that the company protected its most critical information with measures proportionate to its size. For Cascade, that means lavishing attention on the motion-planning repository and the calibration process while accepting lighter controls on lower-value information. The foundational documents—confidentiality agreements with the § 1833(b) notice baked in, invention assignments, a basic written policy—cost almost nothing and should be in place from day one, because their absence is the most common and most damaging gap in early-stage companies. More elaborate measures can scale with headcount and revenue. The startup that waits until it is "big enough" to think about trade secrets usually discovers the subject only after a departure has already cost it something irreplaceable, and at that point the question is not how to protect the secret but whether a protectable secret ever legally existed. For founders weaving this into their broader legal foundation, our capital-raising and startup formation resources put trade secret hygiene in the context of diligence-readiness.

Research and development environments are inherently in tension with secrecy, and the tension is structural rather than incidental. Innovation thrives on collaboration, the free exchange of ideas, the involvement of universities and research partners, the mobility of scientific talent, and—often—the pressure or desire to publish. Every one of those features is a potential leak. The task is not to suppress collaboration, which would defeat the purpose of R&D, but to manage it deliberately: deciding what information is shared with whom, under what confidentiality protections, and at what stage. For Cascade's engineers, that might mean publishing a paper on a general advance in motion-planning theory while keeping the specific implementation details and tuned parameters that make Cascade's version work firmly inside the restricted repository. The line between the publishable general contribution and the protectable specific embodiment is one a company should draw consciously and in advance, rather than discovering after a conference talk that a key detail is now public and the trade secret in it is gone forever. There is a related, sharper hazard: disclosing the secret in a patent application the company files itself will, once published, destroy trade secret status as to that disclosure—a genuine fork in the road, addressed below. Negative results deserve special care here too, because the instinct to share "what didn't work" with the broader research community can hand competitors a map of the dead ends Cascade paid to chart. When the R&D depends on freedom to build on others' technology, a freedom-to-operate analysis is the natural companion to the secrecy analysis.

Manufacturing introduces the problem of the visible process. A trade secret embodied in a process step can be exposed to anyone standing on the factory floor—employees, contractors, maintenance technicians, visitors. Compartmentalization is the classic defense: structuring the process so that no single person sees or understands the whole, the way certain consumer-products companies are said to split a secret formula across separate facilities. For Cascade's calibration process, that might mean dividing it into stages handled by different teams, requiring confidentiality agreements from everyone with floor access (contractors included), controlling what is visible during plant tours, and treating the configuration of specialized equipment as itself confidential. The supplier relationship adds another layer, since suppliers often must understand parts of a process to make components for it; confidentiality provisions in supply and toll-manufacturing agreements, limited disclosure of only what a supplier needs, and confirmation that suppliers destroy or return confidential materials when an engagement ends all protect the process as it necessarily extends beyond the company's walls. Remember Farmers' Edge: a process shared with a supplier under no confidentiality obligation may simply cease to be a secret.

A Closer Look at Improper Means Versus Lawful Discovery

Because the line between misappropriation and lawful competition decides who wins, it is worth dwelling on with Cascade's facts, since the distinction trips up even sophisticated parties.

Suppose a competitor lawfully buys a Cascade robot, takes it apart, and studies how it moves to reconstruct the motion-planning approach. That is reverse engineering, and it is entirely lawful—the DTSA's definition of improper means excludes reverse engineering, 18 U.S.C. § 1839(6)(B), and trade secret law offers no protection against it. If the competitor succeeds, Cascade has no claim, which is exactly why a company choosing secrecy over patenting must be confident its secret is hard to reverse-engineer in the first place. The same is true of independent development: if a rival's engineers, never having seen Cascade's code, write their own algorithm that happens to work similarly, there is no misappropriation, because the rival acquired nothing from Cascade at all.

Now change the facts. Suppose the competitor instead hires away one of Cascade's four engineers specifically to obtain the algorithm, or bribes a current employee to copy the repository, or gains access by deception—posing as a potential customer to tour the lab and photograph the calibration setup. Each of these is acquisition by improper means, and each is actionable even though, in isolation, some of the underlying conduct (hiring an employee, taking a tour) is ordinarily lawful. The aerial-photography case discussed earlier, duPont v. Christopher, makes the principle vivid: the means need not be independently illegal to be "improper" for trade secret purposes; what matters is whether they fall below the standards of commercial morality and bypass the reasonable security the owner has erected. There is a recurring evidentiary marker here worth knowing—when a departing employee downloads files in violation of a confidentiality policy and then deletes evidence of having done so, courts treat that conduct itself as proof of improper means and of consciousness of wrongdoing. See WeRide Corp. v. Huang, 379 F. Supp. 3d at 848.

The practical lesson for Cascade is twofold. First, its reasonable measures do double duty—they establish the trade secret and they help prove that anyone who got around them used improper means; a locked door is evidence both that the thing inside was a secret and that whoever climbed through the window did so improperly. Second, the company should understand that its protection runs against theft and breach of confidence, not against competitors who simply out-engineer it or lawfully study its products. Knowing which side of that line a threat falls on is the first question to ask whenever a secret appears to have escaped—because if the answer is "reverse engineering," there may be nothing to do but build the next secret faster.

Coordinating Trade Secrets with the Rest of the IP Toolkit

Trade secret protection does not operate alone; it coordinates with the other IP regimes, and the coordination is where strategy gets interesting.

The choice between patenting and secrecy is the foundational one, and it turns on a few questions. Patenting requires public disclosure and grants a time-limited monopoly (twenty years from filing for a utility patent) that reaches even independent inventors; secrecy requires confidentiality and lasts indefinitely but yields to reverse engineering and independent development. The two are mutually exclusive for the same information: you cannot patent something and keep it secret, because the patent publishes it, and filing a patent application that discloses the secret will destroy its trade secret status once published—a point courts have enforced, holding that disclosure in a patent application with the owner's knowledge ends the secret. For Cascade's algorithm, secrecy is attractive precisely because the algorithm is hard to reverse-engineer from a robot's observable behavior and because it may stay valuable far beyond a patent's term—but if Cascade feared a competitor could independently develop the same approach, a patent (which stops independent developers) might be worth the disclosure. The sensor-calibration process, by contrast, might be an even better trade secret candidate, since processes are often invisible in the finished product and thus genuinely hard to discover lawfully. This patent-versus-secret calculus, and the layered "belt and suspenders" approach that uses both for different components of a system, is developed further in our software protection guide.

Trade secrets and copyright coexist comfortably because copyright protects expression while trade secret protects the underlying information. Cascade's source code can be copyrighted (guarding against literal copying) and simultaneously held as a trade secret (guarding the algorithms and techniques). The one caution is that copyright registration creates a public deposit, so registering software must be handled with redaction and the special deposit options the Copyright Office provides—a process we walk through in how to register a copyright with the U.S. Copyright Office. Trade secrets and trademarks intersect where confidential information underlies brand value, as with a secret formula behind a branded product, but they protect different things and rarely conflict.

Two modern intersections deserve attention. As we discuss in open-source licensing landmines in enterprise software development, open-source license terms that require disclosing modifications can collide head-on with trade secret protection for code built on open-source foundations—a copyleft obligation can force you to publish the very modifications you meant to keep secret—so a company needs clear rules about what may be contributed to open-source projects and what must stay proprietary. And as explored in our work on AI-generated inventions, machine-learning systems can embody trade secrets in their training data, model architectures, and tuned parameters, which means protecting AI assets requires understanding what can be protected and implementing technical measures (rate limits, output controls, contractual restrictions on model access) to prevent extraction—an emerging frontier of the same reasonable-measures discipline this guide describes throughout. The threat surface here also overlaps with data-scraping and access disputes; our analysis of data scraping after hiQ v. LinkedIn traces how the narrowing of the Computer Fraud and Abuse Act after Van Buren v. United States, 141 S. Ct. 1648 (2021), reshaped one of the tools companies used to reach unauthorized access to their systems.

Frequently Asked Questions

Do I have to register a trade secret to protect it? No—and that is the whole point. Unlike patents, trademarks, and copyrights, trade secrets require no registration, no filing, and no government grant. Protection arises automatically when information meets the two-part statutory test (independent economic value from secrecy, plus reasonable measures to keep it secret). The flip side is that because there is no registration certificate to wave at a court, you carry the entire burden of proving, after the fact, that you treated the information as a genuine secret. The "registration" of a trade secret is your protection program.

How much security is "reasonable"? Is there a checklist? There is no fixed checklist, because "reasonable under the circumstances" deliberately scales with the company's size, resources, and the value of the secret. A four-person startup is not held to a Fortune 500 standard. That said, courts repeatedly look for the same handful of things: confidentiality agreements with everyone who accesses the secret, need-to-know access limits, marking sensitive material confidential, basic technical controls (passwords, encryption, access logs), employee training, exit procedures, and not sharing the secret with outsiders who are not under a confidentiality obligation. The absence of NDAs, in particular, "often dooms trade secret claims." Aim for measures proportionate to the value at stake, and document them.

What is the Section 1833(b) notice, and what happens if I skip it? It is a short statement of the DTSA's whistleblower immunity that you must include in any agreement governing the use of trade secrets or confidential information—employment agreements, NDAs, invention-assignment agreements, contractor agreements—entered into or amended after May 11, 2016. You can also satisfy it by cross-referencing a policy that contains the notice. If you omit it, you cannot recover the DTSA's exemplary (punitive) damages or attorneys' fees against an employee who never got the notice—even if you win and even if the theft was willful. It is the cheapest insurance in trade secret law, and the most commonly missed.

Can I stop a former employee from working for a competitor? Usually not just because they worked for you and know things. Employees are free to take their general skills and knowledge, and courts protect job mobility. You can stop them from taking or using your specific trade secrets, and—where state law permits—you may be able to enforce a reasonable non-compete or non-solicitation agreement. With the FTC's nationwide non-compete ban now dead, enforceability turns entirely on state law, which ranges from outright bans (California) to reasonableness review elsewhere. The inevitable-disclosure doctrine occasionally lets a court block a role, but it is unavailable or narrow in many states, so do not rely on it.

Is reverse engineering my product illegal? No. If a competitor lawfully acquires your product and reverse-engineers it, that is a proper means of discovery and not misappropriation. Independent development is likewise fair game. Trade secret law forbids acquisition by improper means—theft, bribery, deception, breach of a confidentiality duty—not lawful study of products you sold into the market. This is the single biggest strategic reason to choose patent protection over secrecy when a secret is easy to reverse-engineer.

We're tiny and have no budget. Where do we start? Start with paper, because it is nearly free and does the most work: confidentiality and invention-assignment agreements (with the § 1833(b) notice) signed by everyone before they touch a secret, a one-page confidentiality policy, and an honest inventory of your three or four genuinely critical secrets. Then restrict access to those few crown jewels and turn on access logging. That alone moves you from "did virtually nothing" (the losing posture in Abrasic 90) toward the documented, proportionate effort that wins cases—and it scales as you grow.

How long does trade secret protection last? Potentially forever—as long as the information stays secret and retains value. The Coca-Cola formula is the textbook example, protected for well over a century. But the protection is only as durable as your secrecy; it ends the instant the information becomes generally known, whether through your own disclosure, a breach, publication in a patent, or lawful reverse engineering. Indefinite duration is the great advantage of trade secrets over patents, and fragility is the price.

Conclusion: Build It While the Secret Is Still Secret

Building a trade secret protection program is, at bottom, the work of converting valuable information into a legally defensible asset by treating it the way the law requires—as a genuine secret. That means identifying what you have with enough specificity to name it in a complaint, securing it across physical, technical, and administrative layers, wrapping it in contracts that both bind people and prove your diligence (and that carry the one-paragraph whistleblower notice that protects your punitive remedies), training the people who handle it, and preparing for the moment when someone with access walks out the door. None of it guarantees that misappropriation will never happen; determined insiders can defeat any control. But reasonable, proportionate measures do four things that matter: they satisfy the legal standard, deter casual theft, surface deliberate theft earlier, and—when prevention fails—supply the evidentiary foundation to enforce.

For a company like Cascade Robotics, whose entire competitive position rests on information it has chosen not to patent, this is not optional housekeeping. The motion-planning algorithm is the business. Protecting it deserves the same care the company put into building it—and the time to build that protection is now, while the secret is still secret, not after an engineer has already left with it. The cruel arithmetic of trade secret law is that almost everything that determines the outcome of a misappropriation case is decided long before the misappropriation. The program is the case.

For help designing a trade secret protection program tailored to your business, contact our intellectual property and technology practice or our trade secret litigation team.

Related Articles

Selected Authorities and Resources

Statutes: Defend Trade Secrets Act of 2016, 18 U.S.C. §§ 1836-1839 (civil cause of action, § 1836(b); definitions, § 1839(3), (5)-(6); whistleblower immunity and notice, § 1833(b); ex parte seizure, § 1836(b)(2); remedies and limitations, § 1836(b)(3), (d)); Economic Espionage Act, 18 U.S.C. §§ 1831-1832; Uniform Trade Secrets Act §§ 1, 3-5; Restatement (First) of Torts § 757 cmt. b (1939); Restatement (Third) of Unfair Competition §§ 39-45 (1995); Computer Fraud and Abuse Act, 18 U.S.C. § 1030; Cal. Bus. & Prof. Code § 16600; Cal. Lab. Code §§ 925, 2870; Mass. Gen. Laws ch. 149, § 24L.

Cases: Rockwell Graphic Systems, Inc. v. DEV Industries, Inc., 925 F.2d 174 (7th Cir. 1991); E.I. duPont de Nemours & Co. v. Christopher, 431 F.2d 1012 (5th Cir. 1970); PepsiCo, Inc. v. Redmond, 54 F.3d 1262 (7th Cir. 1995); Whyte v. Schlage Lock Co., 101 Cal. App. 4th 1443 (2002); Yellowfin Yachts, Inc. v. Barker Boatworks, LLC, 898 F.3d 1279 (11th Cir. 2018); DM Trans, LLC v. Scott, 38 F.4th 608 (7th Cir. 2022); Farmers' Edge Inc. v. Farmobile, LLC, 970 F.3d 1027 (8th Cir. 2020); Abrasic 90 Inc. v. Weldcote Metals, Inc., 364 F. Supp. 3d 888 (N.D. Ill. 2019); Vendavo, Inc. v. Long, 397 F. Supp. 3d 1115 (N.D. Ill. 2019); AirFacts, Inc. v. de Amezaga, 909 F.3d 84 (4th Cir. 2018); WeRide Corp. v. Huang, 379 F. Supp. 3d 834 (N.D. Cal. 2019); Xoran Holdings LLC v. Luick, 2017 WL 4039178 (E.D. Mich. 2017); Lupyan v. Corinthian Colleges, Inc., 761 F.3d 314 (3d Cir. 2014); Van Buren v. United States, 141 S. Ct. 1648 (2021); Ryan LLC v. FTC (N.D. Tex. 2024) and the FTC's 2025-2026 vacatur of the Non-Compete Clause Rule.

Secondary: The Sedona Conference, Commentary on the Governance and Management of Trade Secrets; NIST Cybersecurity Framework (https://www.nist.gov/cyberframework); David S. Levine & Christopher B. Seaman, The DTSA at One, 53 Wake Forest L. Rev. 105 (2018).

This guide is for general informational purposes only and does not constitute legal advice, nor does it create an attorney-client relationship. Trade secret and employment law vary by jurisdiction and continue to evolve; the discussion here may not reflect the most recent developments. Consult qualified counsel about your specific circumstances before acting.