Trade secret law requires that the holder take "reasonable measures" to maintain secrecy. For decades, that meant locked filing cabinets and non-disclosure agreements. In an era of state-sponsored cyber espionage, ransomware attacks, and insider threats amplified by portable storage and cloud access, the definition of "reasonable measures" has become a moving target.
The Defend Trade Secrets Act
The 2016 Defend Trade Secrets Act (DTSA) created a federal civil cause of action for trade secret misappropriation, supplementing the patchwork of state laws under the Uniform Trade Secrets Act. This article examines the DTSA's implications for technology companies, including its controversial ex parte seizure provision and its requirements for establishing that the trade secret holder took reasonable steps to protect the information.
Cybersecurity as a Legal Obligation
Courts have increasingly linked trade secret protection to cybersecurity practices. A company that fails to implement basic security measures — encryption, access controls, intrusion detection, employee training — may find that its trade secrets lose legal protection because secrecy was not adequately maintained. The article surveys the emerging case law on what constitutes "reasonable" cybersecurity in the trade secret context, finding that courts are moving toward a standard that tracks industry best practices rather than a fixed checklist.
State-Sponsored Threats
The economic espionage provisions of federal law address foreign government-sponsored theft of trade secrets, but enforcement remains challenging when the perpetrators operate from jurisdictions beyond U.S. legal reach. The article discusses the practical limitations of legal remedies in cases involving nation-state cyber actors, and examines alternative approaches including diplomatic pressure, sanctions, and defensive cybersecurity investment.
The intersection of technology, security, and legal compliance explored here connects to the journal's coverage of cloud computing and digital evidence and strategic use of intellectual property rights.
Related articles: IP Privateering · E-Discovery · Bitcoin Regulation
Frequently Asked Questions
What is the Defend Trade Secrets Act?
The DTSA, enacted in 2016, created a federal civil cause of action for trade secret misappropriation. Before the DTSA, trade secret claims were primarily governed by state law under the Uniform Trade Secrets Act. The federal statute supplements rather than replaces state protections.
What are reasonable measures to protect trade secrets?
Courts evaluate reasonableness based on factors including encryption, access controls, employee training, non-disclosure agreements, physical security, and incident response capabilities. The standard is evolving toward alignment with industry cybersecurity best practices rather than a fixed checklist.
Can you lose trade secret protection due to a data breach?
Potentially, yes. If a court finds that the trade secret holder failed to take reasonable measures to maintain secrecy, the information may lose its legal protection. However, being the victim of a sophisticated cyber attack does not automatically forfeit trade secret status if reasonable preventive measures were in place.