The Who, What, Where, When, How, and Why of Trade Secret Audits

Exactly one year ago, I wrote a post entitled “An Ounce of Prevention… ” for my prior law firm’s Trade Secret / Noncompete Blog (which I had created only days earlier). In the post, I recommended and discussed performing a trade secret audit. Here’s the who, what, where, when, how, and why – but not in that order.

(Sorry for the long post, but it’s important.)


As commentators have noted (see, for example, here and here), and as my own “back of the envelope” analysis (reflected in the chart above) confirms, trade secret misappropriation has grown year over year – resulting in more than a doubling in reported trade secret and related noncomepte cases over the past decade.

Need more? Just Google “trade secret” and see how many cases make the news. But note that that’s just fraction of cases that are reported (see the chart), which is just a fraction of the cases filed, which is itself only a fraction of the times that someone claims that their trade secrets have been misappropriated. See the magnitude of the problem?

But, it’s worse than that.

A recent report indicated that 85 percent of trade secret thefts are committed by either an employee or a party with whom you have contracted. Another recent report indicated that over half of employees admit to taking company information when they terminate their employment. How many more have taken company information, but simply refuse to admit it? That’s a lot of trade secret theft going on out there!


Okay, that’s just the background. If your company doesn’t have trade secrets or other confidential business information that’s important to it, you can stop reading. However, if you have information that needs protection, keep reading.


A trade secret audit.  It’s the process by which you limit the likelihood that someone (employee, contractor, other) will be able to take your trade secrets or other confidential information. It’s also the process by which you make it easier to discover a data breach. Finally, it’s the process by which you put yourself in the best position to be able to quickly respond to a misappropriation of trade secrets and confidential information.

I handle these cases all the time, and – by far – the two most important issues raised by the courts are (1) did the company take the proper steps to protect its trade secrets and confidential information? and (2) did the company react quickly? A trade secret audit helps to ensure that the company has properly taken those steps.


In order to protect your trade secrets, you must know what they are. Then you must know the tools to protect them. Then you must select which tools to use. Then you must customize the tools. The process for doing that is a trade secret audit.

In brief (I know, brief?! Really?!), the process is as follows:

First, identify your trade secrets and confidential information and determine which are valuable.

Second, determine how they are currently protected and if those protections are adequate.

Third, establish a comprehensive trade secret protection program. The program needs to be reasonable in relation to the value of the trade secrets. Coca-Cola needs to (and does) take heroic measures to protect its secret formula. Most other companies don’t need to do that. Simply put, the greater the value of the trade secret, the more protections will be expected to be in place.  Similarly, the ease with which a protection can be implemented will inform whether such protection should be implemented. But remember, if you don’t bother to protect yourself, neither will a court.

The tools for your trade secret protection program are myriad and complementary to one another.  The basic ones are:  (1) computer safeguards (protecting computer systems with the appropriate level of security, including passwords changed at regular intervals, firewalls, hard drive encryption, access notifications, etc.); (2) security measures for all electronic technologies (usb drives, flash cards, smartphones, ftp sites, social media sites, etc.); (3) restrictions on and protocols for access to and use of facilities that house confidential information; (4) policies for the use of company property (including computers, etc.); (5) policies for the use and preservation of company trade secrets and confidential information; (6) protocols/checklists for when an employee resigns or has been terminated (proper exit interviews, shutting down computer accounts, terminating cell phones, eliminating facility access, examining all items taken by the employee, etc.); (7) post-departure reviews of possible security breaches; and (8) restrictive covenants – with employees and others.

The restrictive covenants fall into basic types:  noncompete agreements; garden leave clauses; forfeiture-for-competition agreements; “compensation-for-competition” agreements; forfeiture agreements; nondisclosure/confidentiality agreements; nonsolicitation agreements; antipiracy/no-raid/no-hire agreements; and invention assignment agreements.   (For more reading on these agreements, other potentially applicable laws, and their interrelationship, see Beyond the Noncompete, published in Computer World (June 2, 2009).)

Each of these agreements serves a specific purpose.  Which to use, when to use them, how to properly craft them, and how to enforce them are all the product of a combination of the needs of the company, the corporate ethos, and the skill, knowledge, and experience of the attorney assisting.  Proper attention to each of these issues in advance will save much needed time and unnecessary expense later.


Immediately. The longer you wait, the longer you’re exposed.


A trade secret audit is primarily done on-site.

* * *

If you have the internal resources to perform your trade secret audit in house, deploy them as soon as possible. If you don’t, Beck Reed Riden LLP performs these audits and would be happy to help.