It’s not enough that a trade secret isn’t generally known to those who can gain value from it. To qualify for protection in California and the other jurisdictions that use the Uniform Trade Secrets Act definition (and under the Federal Defend Trade Secrets Act), a trade secret must be the subject of reasonable measures to maintain its secrecy.
If you find yourself litigating whether your company’s information qualifies for protection, you should expect a lot of time and effort to be focused on the steps your company took to protect that information.
Here are 22 steps companies can take. Obviously, they won’t all make sense in all situations.
1. Have employees sign confidentiality agreements that meet current legal requirements.
2. Have third-parties sign nondisclosure agreements.
3. Have a written policy explaining how to handle trade secrets and prohibiting misappropriation.
4. Train new employees to recognize what information is protected and how to handle it.
5. Periodically retrain existing employees.
6. Limit who has access to confidential information.
7. Mark documents and files to identify the level of protection they’re to receive.
8. Implement an information tracking system.
9. Dispose of information properly.
10. Regulate information that must leave the company.
11. Encourage employees to report suspected misappropriation.
12. Lock areas that contain confidential information.
13. Place warning signs in areas that contain confidential information.
14. Install security cameras.
15. Monitor visitors to your company.
16. Provide departing employees with copies of signed agreements and review key provisions.
17. Confirm that departing employees have returned all company information and equipment.
18. Terminate departing employees’ access to company systems and facilities.
19. Ask departing employees about future employment plans.
20. If the departing employee is going to a competitor or is evasive regarding his future plans, consider whether further action is necessary, such as requiring him to leave sooner, reviewing what systems he has accessed, sending a letter to the employee, and sending a letter to the prospective employer.
21. Immediately investigate suspected misappropriation.
22. Conduct a trade secret audit to determine if information is being properly protected.
Again, what is reasonable in one situation won’t make sense in others. The steps Google takes to protect its search algorithm will be very different from the steps that place by your office uses to protect its tomato soup recipe. I think the secret ingredient is basil, but that’s beside the point. The point here is that companies need to take those steps that are reasonable to safeguard their information. Because if they don’t, the information won’t qualify for protection.