The riskiest moment in trade secret protection is the interval between an employee giving notice and walking out the door. That is the window in which a tempted or aggrieved employee still has access and now has motive. A company that handles offboarding well builds the documentary record that wins a misappropriation case; a company that handles it carelessly can lose even theft it can plainly see.

This checklist is the departure-side companion to the building a trade secret protection program checklist and the trade secret audit checklist. For the doctrine and the remote-work dimension, see trade secrets in the age of remote work and cloud computing and employee invention assignment agreements.

Frame the whole exercise around one legal line: employees are free to take their general skills and knowledge anywhere; what they may not take is the company's specific trade secrets. The cleaner a company's measures — the more clearly it marked, restricted, and documented the specific secret — the easier that line is to draw in its favor.

Phase 1: Triage the departure

  • The moment notice is given, classify the risk: routine departure to a non-competing role versus departure to a direct competitor under suspicious circumstances.
  • For high-access employees, begin the process immediately — sometimes with immediate access revocation, sometimes (where an abrupt cutoff is impractical) with enhanced monitoring during the notice period.
  • Coordinate HR, IT, security, and legal from the outset; the most common operational failure is the lag between HR knowing and IT cutting off access.
  • Pull and preserve the employee's recent access and download logs to establish a baseline of normal activity.

Why this matters. Misappropriation most often occurs in the notice-to-departure window. The access logs are the single most persuasive evidence in most departure cases, because they show a court exactly what the departing employee accessed in the final days — the bulk download "wildly out of pattern with normal work."

Phase 2: Recover property and confirm deletion

  • Collect all company property: laptops, phones, peripherals, external drives, badges, key fobs, documents.
  • Disable remote access, email, and VPN credentials; terminate accounts across every system, including cloud drives, code repositories, and SaaS tools that accumulate invisibly.
  • Check and remove forwarding rules and delegated mailbox access.
  • Obtain a written deletion confirmation that company information has been deleted from personal devices and cloud accounts, with specificity — and actually ask for the data back.

Why this matters. The failure to even ask for the return of data on personal devices doomed the employer in DM Trans, LLC v. Scott, 38 F.4th 608 (7th Cir. 2022). Letting valuable information live on devices you do not control, and never reclaiming it, can by itself defeat the secrecy element — Yellowfin Yachts, Inc. v. Barker Boatworks, LLC, 898 F.3d 1279 (11th Cir. 2018). The right to audit and image personal devices should already have been secured by contract at onboarding.

Phase 3: Conduct the exit interview

  • Conduct an exit interview with every departing employee who had access to confidential information, not just suspects.
  • Use a neutral party (HR) rather than the direct supervisor, which tends to produce more candid answers about where the person is headed.
  • Identify what the person accessed, confirm return of all materials and devices, review surviving restrictive covenants, and remind the person of ongoing obligations.
  • Capture a signed acknowledgment that company property has been returned and obligations are understood; consider presenting the categories of trade secrets the employee accessed.

Why this matters. The signature defeats the later defense of "I didn't know that was confidential." A formal acknowledgment identifying the trade secret categories the employee accessed feels confrontational but is excellent evidence that the employee knew what was protected.

Phase 4: Send the continuing-obligations letter

  • Send a continuing-obligations letter reciting the specific covenants that survive, attaching copies of the signed agreements, and reserving all rights and remedies.
  • Ask for a signed acknowledgment of receipt.
  • If the employee is going to a direct competitor, consider a letter to the new employer as well.
  • If the letter must be mailed, use certified mail or another method that proves delivery.

Why this matters. Proof that the former employee actually received the reminder is part of the "reasonable measures" story. The presumption that an ordinary letter was received can be rebutted by an affidavit of non-receipt — Lupyan v. Corinthian Colleges, Inc., 761 F.3d 314 (3d Cir. 2014) — so prove delivery.

Phase 5: When the departure looks suspicious — preserve evidence

  • Suspend any auto-deletion or device-wipe routines immediately (companies often re-image a departed employee's laptop within 30–90 days — do not let that happen to a device you may need).
  • Issue a litigation hold the moment litigation is reasonably anticipated; suspend routine deletion, including ephemeral and collaboration-tool data (Slack, Teams).
  • Forensically image the critical devices through a vendor before anyone searches them; do not "just check the laptop," which alters metadata and risks spoliation sanctions.
  • Capture credentials and encryption keys and maintain a documented chain of custody.
  • Monitor the market for signs of misuse for a few months (employees often take time off before competing).
  • Involve counsel early so the investigation is privileged and steered toward the facts that will matter.

Why this matters. The evidence is perishable — logs roll over, devices get wiped, cloud accounts get deleted. Powering a device on and off or letting an untrained person poke around can destroy the very evidence you need; courts have sanctioned spoliation in exactly this posture — Sonrai Systems, LLC v. Romano, 2021 WL 1418405 (N.D. Ill. 2021), and the Slack-message sanctions in Red Wolf Energy Trading, LLC v. BIA Capital Management, LLC, 2022 WL 4112081 (D. Mass. 2022). For the deeper preservation discipline when a breach and a departure collide, see the trade secret cybersecurity incident response checklist.

A doctrine to handle with care: inevitable disclosure

  • Do not build your departure strategy on the inevitable-disclosure doctrine (PepsiCo, Inc. v. Redmond, 54 F.3d 1262 (7th Cir. 1995)) — it is rejected or sharply narrowed in many states, notably California (Whyte v. Schlage Lock Co., 101 Cal. App. 4th 1443 (2002)).
  • Build instead on documentary proof of actual or threatened misappropriation: the access logs, the bulk download, the deleted files — which works in every jurisdiction.
  • Lean on non-solicitation agreements (which hold up even in non-compete-hostile states) rather than non-competes, whose enforceability now turns entirely on varying state law after the FTC rule's collapse.

Why this matters. The DTSA forbids an injunction barring a person from a job based merely on what they know rather than on evidence of threatened misappropriation — 18 U.S.C. § 1836(b)(3)(A). The boring, documentary proof is far stronger ground.

Phase 6: If misappropriation is confirmed — the response

When the evidence shows a secret has walked, a prompt and disciplined response preserves both the evidence and the options.

  • Run the investigation under counsel so it is privileged; document what triggered it, what was gathered, and what it concluded.
  • Decide on a cease-and-desist letter carefully: it can resolve matters without litigation and help establish willfulness, but it alerts the recipient, may draw a tortious-interference counterclaim if unsupported, and can "publicize" a request and foreclose a DTSA ex parte seizure. Substantiate the facts first.
  • Evaluate the DTSA/UTSA remedies: a TRO and preliminary injunction (often the real prize, because it preserves confidentiality going forward in a way money cannot); actual loss plus unjust enrichment, or a reasonable royalty; exemplary damages up to twice the compensatory amount and attorneys' fees for willful and malicious misappropriation — provided the Section 1833(b) notice was in the employee's agreement.
  • In an extreme case (data about to cross a border), consider the DTSA ex parte seizure under 18 U.S.C. § 1836(b)(2), mindful of the eight statutory findings and the wrongful-seizure risk.
  • Seek a protective order and sealing (18 U.S.C. § 1835) so the litigation itself does not further expose the secret.

Why this matters. Suppose the engineer resigns on a Friday and Monday's logs reveal a final-week bulk download to a personal drive followed by a deleted browser history: the download logs are exactly the evidence that persuades a court to grant emergency relief, and the deletion is the kind of conduct courts treat as a marker of improper means and consciousness of wrongdoing (WeRide Corp. v. Huang, 379 F. Supp. 3d 834 (N.D. Cal. 2019)). But every remedy rests on first proving a trade secret existed and that reasonable measures protected it — which is decided in the years of discipline before the engineer ever resigned.

Common mistakes

  • The HR-to-IT lag that leaves a determined employee a window to copy at leisure.
  • Failing to ask for return of data on personal devices (the DM Trans error).
  • "Just checking the laptop" and spoliating the forensic record.
  • Letting a routine re-imaging routine wipe a device you needed.
  • Relying on inevitable disclosure instead of the access logs.
  • Missing the Section 1833(b) notice in the departing employee's agreement, forfeiting exemplary damages and fees.

Primary authority

  • DTSA, 18 U.S.C. §§ 1836–1839, including § 1836(b)(3)(A) (employment-mobility limit on injunctions) and § 1833(b) (whistleblower notice).
  • Uniform Trade Secrets Act (adopted in every state but New York).
  • Key cases: DM Trans v. Scott, 38 F.4th 608 (7th Cir. 2022); Yellowfin Yachts v. Barker Boatworks, 898 F.3d 1279 (11th Cir. 2018); PepsiCo v. Redmond, 54 F.3d 1262 (7th Cir. 1995); Whyte v. Schlage Lock Co., 101 Cal. App. 4th 1443 (2002); Lupyan v. Corinthian Colleges, 761 F.3d 314 (3d Cir. 2014); Sonrai Systems v. Romano, 2021 WL 1418405 (N.D. Ill. 2021).

Related resources

This checklist is for general informational purposes only and does not constitute legal advice or create an attorney-client relationship. Trade secret and employment law vary by jurisdiction and continue to evolve. Consult qualified counsel about your specific circumstances before acting.