# The Trade Secret Protection Playbook: A Founder's Guide

> How to protect a trade secret in 2026: what legally qualifies, the reasonable measures courts require, NDAs and employee protocols, the DTSA, and what to do when a secret is stolen.

Guide  |  Author: Lidiia Levitska  |  Source: Intellectual Property Law (outsideipcounsel.com)
Canonical: https://outsideipcounsel.com/guides/trade-secret-protection-playbook/


<div class="quick-answer"><p><strong>Quick answer:</strong> A trade secret is any valuable business information — a formula, source code, a customer list, a process — that you keep secret and that gives you an edge because competitors don't have it. Unlike a patent, you don't register a trade secret; protection is automatic, lasts as long as the secret holds, and costs nothing to "file." The catch is the law only protects information you actually guard, so you must take <em>reasonable measures</em>: NDAs, access controls, confidentiality markings, and departure protocols. If a secret is stolen, the federal Defend Trade Secrets Act (DTSA) and state law let you sue for injunctions and damages — often on an emergency basis.</p></div>

Some of the most valuable assets a company owns can never be patented, copyrighted, or trademarked. The recipe, the algorithm, the customer list, the pricing model, the manufacturing know-how that took years to perfect — these live or die as *trade secrets*. And unlike every other form of intellectual property, a trade secret has no certificate, no registration, and no government examiner confirming you own it. Its entire legal existence depends on one thing: whether you treated it like a secret. This playbook walks through what qualifies, how to build protection that holds up in court, and what to do the moment a secret walks out the door.

## What legally qualifies as a trade secret?

Both the federal [**Defend Trade Secrets Act of 2016 (DTSA)**](https://www.law.cornell.edu/uscode/text/18/1836) and the **Uniform Trade Secrets Act (UTSA)** — a model law adopted in some form by every state except New York, which still relies on common law — define a trade secret with two requirements:

1. **It has independent economic value** *because* it is not generally known or readily ascertainable by people who could profit from it; and
2. **It is the subject of reasonable efforts to keep it secret.**

The category is broad. Courts have protected chemical formulas, source code, semiconductor processes, customer and supplier lists, pricing and margin data, negative know-how ("we tried this and it doesn't work"), marketing plans, and unreleased product roadmaps. What matters is not the *type* of information but whether it is genuinely secret, genuinely valuable *because* it's secret, and genuinely protected.

The flip side is what does **not** qualify: information that is public, disclosed in a patent, easily reverse-engineered from a product you sell, or that you simply failed to guard. Skills and general knowledge an employee carries in their head also generally aren't trade secrets — a point that matters enormously when people change jobs.

To see how courts draw these lines in real disputes, browse our [trade secret case analysis archive](/topics/trade-secrets/).

## Trade secret vs. patent: which should you choose?

This is the strategic fork, and it's often a one-way door. A patent requires you to *publicly disclose* the invention in exchange for a roughly 20-year monopoly — and it protects you even against a competitor who independently invents the same thing. A trade secret requires the opposite: you disclose nothing, protection can last forever, but you have no recourse against someone who reverse-engineers your product or independently discovers your method.

A few rules of thumb:

- **Choose a trade secret** when the innovation is hard to reverse-engineer (a process behind factory walls, a back-end algorithm), when it would lose value the moment it's public, or when it wouldn't meet patent standards.
- **Choose a patent** when a competitor could easily reverse-engineer the product from what you sell, or when you need a hard, enforceable monopoly you can license.

Critically, you often can't do both for the same feature — filing a patent publishes the details. We cover this trade-off in depth in [patent vs. trade secret](/guides/patent-vs-trade-secret/).

## The "reasonable measures" standard — the part that decides cases

Here is the single most important thing to understand: **a trade secret case is usually won or lost on whether you took reasonable measures to protect the information.** Defendants attack this element first, arguing "if it were really a secret, you'd have guarded it." What counts as "reasonable" scales with the value of the information and the size of your company, but a strong program includes:

- **Confidentiality agreements** with employees, contractors, vendors, and prospective partners (more below).
- **Access on a need-to-know basis** — not every employee should be able to open every file.
- **Technical controls** — passwords, encryption, access logs, restricted folders, and device management.
- **Marking documents "Confidential"** so there's no ambiguity about what's protected.
- **Physical security** for facilities, labs, and servers.
- **Onboarding and exit protocols** — training on confidentiality, and interviews plus access shut-off when people leave.
- **Vendor and cloud diligence** so third parties handling your data are bound to protect it.

You do not need Fort Knox. You need measures that are *reasonable under the circumstances* — and, just as importantly, documentation proving you took them. Our [reasonable secrecy measures checklist](/guides/reasonable-secrecy-measures-checklist/) turns this into a concrete to-do list, and [what qualifies as a trade secret](/guides/what-qualifies-as-a-trade-secret/) goes deeper on the value element.

## NDAs and confidentiality agreements

An NDA is the backbone of a trade secret program — not because the law requires one, but because it's the clearest evidence that you treated information as confidential and put others on notice. A durable confidentiality program layers several agreements:

- **Employee confidentiality and invention-assignment agreements**, signed at hire, covering both secrecy and ownership of what they create.
- **Contractor and vendor NDAs**, since freelancers and suppliers often touch your most sensitive material.
- **Mutual NDAs** before sharing information with potential partners or acquirers.

A common and costly mistake is relying on a vague, overbroad NDA that a court later refuses to enforce. Definitions, duration, and permitted-use clauses all matter. See [the NDA that holds up](/guides/nda-that-holds-up/) for what makes one enforceable.

One caution: an NDA is *not* the same as a non-compete, and the two are treated very differently — especially in California, which bans most non-competes outright. We break that down in [are non-competes enforceable?](/guides/are-non-competes-enforceable-in-california/), and our guide to [non-competes and trade secrets](/guides/non-competes-and-trade-secrets/) covers how restrictive covenants and secrecy obligations fit together nationwide.

## Protecting secrets when employees come and go

Most trade secret loss isn't corporate espionage — it's ordinary employee mobility. Someone leaves for a competitor and takes files, or just their memory, with them. Managing this well means:

- **Onboarding:** have new hires confirm they aren't bringing anyone else's confidential information, and sign your confidentiality and invention-assignment agreements.
- **During employment:** limit access to what each role actually needs, and log it.
- **Departure:** conduct an exit interview reminding the person of their obligations, recover devices and credentials, disable access immediately, and preserve their access and download logs.

Some states apply the **"inevitable disclosure" doctrine**, which can restrict where a departing employee works if they'd inevitably rely on your secrets — but others, notably California, reject it entirely. This is a jurisdiction-specific area where local counsel matters. For a step-by-step departure playbook, see [protecting trade secrets when employees leave](/guides/protecting-trade-secrets-when-employees-leave/).

## What to do the moment a secret is stolen

If you believe a trade secret has been misappropriated, the first 72 hours matter:

1. **Preserve evidence.** Lock down and image relevant devices, and pull access logs, email, and download records before anything is deleted.
2. **Map exactly what was taken** — which files, by whom, and when.
3. **Send a preservation/cease-and-desist letter** where appropriate to the person and any new employer.
4. **Call a litigation attorney immediately.** You may be able to seek a **temporary restraining order or preliminary injunction** to stop the information from spreading — and speed is everything, because courts are skeptical of "emergencies" a plaintiff sat on.

We walk through this entire response plan in [trade secret stolen? What to do first](/guides/trade-secret-misappropriation-what-to-do/).

Your remedies are substantial. Under the DTSA and state law you can recover **actual damages plus the defendant's unjust enrichment** (or, alternatively, a reasonable royalty), **injunctive relief**, and — for willful and malicious misappropriation — **exemplary damages up to two times** the award **plus attorney's fees**. The DTSA also authorizes **ex parte seizure** of stolen secrets in extraordinary circumstances, and truly egregious theft can trigger *criminal* liability under the Economic Espionage Act ([18 U.S.C. § 1832](https://www.law.cornell.edu/uscode/text/18/1832)). Note the clock: both the DTSA and UTSA carry a **three-year statute of limitations** from when the misappropriation was discovered or should have been. For how each of these remedies is calculated and proved, see [trade secret damages and remedies](/guides/trade-secret-damages-and-remedies/).

## Trade secrets across borders and with contractors

If you manufacture overseas or use offshore contractors, your secrets travel with your supply chain — and enforcement gets harder across jurisdictions. Bind every foreign vendor with confidentiality and IP-assignment terms, limit what any single supplier can see, and get local-law advice, since trade secret protection varies widely abroad (the [USPTO's trade secret policy page](https://www.uspto.gov/ip-policy/trade-secret-policy) tracks the international landscape). Our guide on [protecting IP when you manufacture overseas](/guides/protecting-ip-when-manufacturing-overseas/) covers the supply-chain side in detail, and [protecting trade secrets with contractors](/guides/protecting-trade-secrets-with-contractors/) addresses the freelancer and vendor relationships closer to home.

## The bottom line

A trade secret is the rare business asset that costs nothing to create and can last forever — but it is also the most fragile, because a single lapse in secrecy can destroy it permanently. The playbook is simple to state and demanding to execute: decide deliberately what to keep secret rather than patent, put reasonable measures in writing and in practice, lock down the employee lifecycle, and move fast if something walks out the door. Do that, and the law gives you real teeth. Skip it, and you may find you never had a trade secret at all.

*This guide is general education, not legal advice, and does not create an attorney-client relationship. Trade secret outcomes turn on your specific facts and your state's law — consult an attorney licensed in your jurisdiction before acting.*


## Frequently asked questions

### What legally qualifies as a trade secret?

Under the Defend Trade Secrets Act and the Uniform Trade Secrets Act, information qualifies as a trade secret if it (1) derives independent economic value from not being generally known or readily ascertainable by others who could profit from it, and (2) is the subject of reasonable efforts to keep it secret. That can include formulas, source code, customer lists, pricing models, manufacturing processes, and business plans — but only if you actually guard them.

### How is a trade secret different from a patent?

A patent gives you a 20-year monopoly in exchange for publicly disclosing the invention, and it protects you even against someone who independently invents the same thing. A trade secret can last forever — Coca-Cola's formula is the classic example — but only as long as it stays secret, and it gives you no protection against a competitor who reverse-engineers or independently discovers it. Trade secrets are best for things that are hard to reverse-engineer and would lose value once disclosed.

### Do I need an NDA to have a trade secret?

You are not legally required to have one, but NDAs are one of the clearest pieces of evidence that you took 'reasonable measures' to keep information secret — which is a legal requirement for protection. In practice, courts look at your whole confidentiality program: NDAs with employees, contractors, and partners, plus access controls, confidentiality markings, and IT security. Skipping NDAs makes it far harder to prove a trade secret existed at all.

### What should I do first if someone steals a trade secret?

Move fast: preserve evidence (device logs, access records, emails), identify exactly what was taken and when, and talk to a litigation attorney immediately, because you may be able to seek a temporary restraining order or preliminary injunction to stop the information from spreading. The federal DTSA even allows ex parte seizure of stolen secrets in extraordinary cases. Delay hurts you — courts are less willing to grant emergency relief if you sat on the problem.
