Does Your Business Actually Protect Its Trade Secrets? How to Find Out

Your company’s most valuable assets may not appear on any balance sheet. Customer lists, proprietary processes, pricing models, supplier relationships, software algorithms, strategic plans—these are trade secrets, and they drive competitive advantage. But here is the uncomfortable reality: if you cannot demonstrate that your business took “reasonable efforts” to protect them, Minnesota law will not protect them for you.

The Minnesota Uniform Trade Secrets Act (MUTSA), codified at Minn. Stat. § 325C.01, defines a trade secret in part by requiring that the information derive independent economic value from not being generally known and that the owner make “efforts that are reasonable under the circumstances to maintain its secrecy.” That second element—reasonable efforts—is where most businesses fall short.

A trade secret protection plan is how you meet that standard. A trade secret audit is how you find out where you stand today. Together, they form the foundation of enforceable trade secret rights.

Table of Contents

Why Your Business Needs a Formal Trade Secret Protection Plan

Many business owners assume their trade secrets are protected simply because they have not shared them publicly. That assumption is dangerous. Without a documented, systematic approach to identifying and safeguarding confidential information, you face three serious risks:

1. Loss of legal protection. Under MUTSA and the federal Defend Trade Secrets Act (DTSA, 18 U.S.C. § 1836 et seq.), trade secret status requires reasonable protective measures. A court evaluating your claim will look at what your company actually did—not what you intended to do. No plan, no documentation, no protection.

2. Inability to enforce agreements. Non-disclosure agreements (NDAs), non-compete agreements, and confidentiality clauses in employment contracts all depend on the underlying information qualifying as a trade secret. If the information does not meet the statutory definition because your company failed to treat it as confidential, those agreements lose their teeth.

3. Exposure during employee transitions. The highest-risk moment for trade secret misappropriation is when employees leave—especially when they join competitors or start competing businesses. Without a protection plan, you may not even know what information walked out the door, let alone have the documentation to pursue a claim.

What a Trade Secret Audit Involves

A trade secret audit is a structured review of your company’s confidential information and the measures you have in place to protect it. Think of it as a diagnostic: it tells you what you have, where the gaps are, and what needs to change.

Step 1: Inventory Your Trade Secrets

The first task is identifying what qualifies as a trade secret under Minn. Stat. § 325C.01. The statute covers information that:

Derives independent economic value from not being generally known or readily ascertainable by others who could benefit from its use, and
Is the subject of reasonable efforts to maintain its secrecy.

Common categories of trade secrets in Minnesota businesses include:

Customer and vendor information. Customer lists, purchasing histories, contract terms, pricing agreements, and supplier relationships—especially where the compilation itself provides competitive value.
Financial data. Cost structures, margin analyses, pricing models, and financial projections not shared outside the company.
Technical information. Proprietary processes, formulas, algorithms, source code, engineering specifications, and manufacturing methods.
Business strategies. Marketing plans, expansion strategies, acquisition targets, product development roadmaps, and strategic partnerships under negotiation.
Operational know-how. Training methodologies, quality control processes, internal workflows, and efficiency techniques that give your company an edge.

The audit should produce a written inventory—a trade secret register—that catalogs each category of confidential information, describes its competitive value, and identifies who has access to it.

Step 2: Assess Current Protective Measures

Once you know what you are protecting, the audit evaluates how well you are protecting it. This assessment covers:

Physical security. Are sensitive documents stored in locked areas? Is access to server rooms, R&D labs, or manufacturing areas restricted?
Digital security. Are files encrypted? Is access controlled by role-based permissions? Are there audit logs tracking who accesses confidential information?
Contractual protections. Do employees, contractors, and vendors sign NDAs or confidentiality agreements? Are those agreements current and enforceable?
Onboarding and offboarding procedures. Are new employees informed about confidentiality obligations? When employees leave, is there an exit process to recover company information and remind them of their ongoing obligations?
Marking and labeling. Are confidential documents marked as such? Can employees reasonably distinguish between confidential and non-confidential information?
Third-party access controls. When you share trade secrets with vendors, consultants, potential partners, or investors, do you use NDAs and limit disclosures to what is necessary?

Step 3: Identify Gaps

This is the most valuable part of the audit. Common gaps include:

No written inventory. The company has never cataloged its trade secrets. Without an inventory, it is difficult to prove what information you considered confidential.
Outdated NDAs. Agreements signed years ago may not cover current roles, new categories of information, or changes in the law.
No exit interviews. Departing employees leave without returning devices, without confirming the deletion of company files from personal devices, and without any documented reminder of their confidentiality obligations.
Broad internal access. Sensitive information is accessible to employees who have no business need for it. The wider the access, the harder it is to argue the information was truly secret.
No training. Employees do not know what constitutes a trade secret, how to handle confidential information, or what the consequences of unauthorized disclosure are.
Inadequate digital controls. No encryption, no access logging, no restrictions on downloading or forwarding sensitive files.
Shared without NDAs. The company disclosed trade secrets to third parties—investors, potential buyers, strategic partners—without any confidentiality agreement in place.

How to Build a Trade Secret Protection Plan

A protection plan takes the findings from your audit and converts them into actionable policies and procedures. Here is a framework:

1. Create and Maintain a Trade Secret Register

Document each category of trade secret, its economic value, who has access, and what protections are in place. Update this register at least annually—more often if your business is growing or changing rapidly.

2. Implement Tiered Access Controls

Not everyone in the company needs access to every piece of confidential information. Classify trade secrets by sensitivity level and restrict access based on job function. The principle is simple: employees should have access to the information they need to do their jobs, and nothing more.

3. Use Appropriate Agreements

Every person who has access to your trade secrets—employees, contractors, consultants, vendors, potential partners—should be bound by a written confidentiality obligation. These agreements should:

Define what constitutes confidential information with reasonable specificity
State the obligations of the receiving party
Survive the termination of the relationship
Be reviewed and updated periodically

For employees, consider whether non-compete or non-solicitation agreements are appropriate given their role and access level. Minnesota law on non-competes is evolving, so these should be reviewed with counsel.

4. Establish Onboarding and Offboarding Protocols

Onboarding: New employees should receive training on trade secret policies, sign appropriate agreements, and acknowledge in writing that they understand their obligations.

Offboarding: When employees leave, conduct an exit interview that:

Reminds them of their ongoing confidentiality obligations
Recovers all company devices, documents, and access credentials
Requires certification that they have not retained company information on personal devices or cloud accounts
Documents the process

5. Mark Confidential Information

Label documents, emails, files, and physical materials as “Confidential,” “Proprietary,” or with similar designations. This practice serves two purposes: it puts employees on notice about what is confidential, and it provides evidence of your reasonable efforts if you later need to enforce your rights.

6. Secure Digital Infrastructure

Work with your IT team or provider to ensure:

Role-based access controls are in place for all systems containing trade secrets
Files are encrypted at rest and in transit
Access and download activity is logged
USB ports and file-sharing platforms are restricted or monitored where appropriate
Former employees’ access is revoked immediately upon departure

7. Train Your Team

Annual training on trade secret policies is not optional—it is one of the most concrete ways to demonstrate “reasonable efforts” under MUTSA. Training should cover:

What trade secrets are and why they matter to the business
How to handle confidential information in daily work
What to do if a potential breach is suspected
Consequences of unauthorized disclosure

8. Conduct Periodic Audits

A protection plan is not a one-time project. Schedule annual audits to verify that policies are being followed, agreements are current, and new categories of confidential information have been added to the register.

The “Reasonable Efforts” Standard Under MUTSA

The phrase “reasonable efforts” in Minn. Stat. § 325C.01 is deliberately flexible. Courts assess it based on the totality of the circumstances—there is no single checklist that guarantees compliance. However, the factors described above are consistently recognized as relevant:

Restricting access to those with a need to know
Using confidentiality agreements
Marking documents as confidential
Implementing physical and digital security measures
Training employees
Conducting exit interviews

The more of these measures you implement and document, the stronger your position if you ever need to enforce your trade secret rights. Conversely, the absence of these measures is precisely what opposing counsel will highlight to argue that your information never qualified as a trade secret in the first place.

Checklist: Trade Secret Protection Plan Essentials

Use this as a starting point for your company’s protection plan:

[ ] Trade secret register created and cataloging all categories of confidential information
[ ] Register reviewed and updated at least annually
[ ] Access controls implemented—tiered by sensitivity and job function
[ ] NDAs/confidentiality agreements signed by all employees, contractors, and vendors
[ ] Agreements reviewed for current enforceability
[ ] Onboarding process includes trade secret training and agreement execution
[ ] Offboarding process includes exit interview, device recovery, and access revocation
[ ] Confidential documents and files labeled appropriately
[ ] Digital security measures in place (encryption, access logs, role-based permissions)
[ ] Annual employee training conducted and documented
[ ] Third-party disclosures governed by NDAs
[ ] Periodic audits scheduled and completed

Frequently Asked Questions

How often should a business conduct a trade secret audit?

At minimum, annually. Companies experiencing rapid growth, significant employee turnover, or changes in technology should consider more frequent reviews. The goal is to ensure your protections keep pace with your business.

What happens if we never created a trade secret protection plan?

Without documented protective measures, you risk a court finding that your information does not qualify as a trade secret under MUTSA. The “reasonable efforts” requirement is not aspirational—it is a prerequisite to legal protection. The good news is that you can start now. Courts evaluate your efforts at the time of the alleged misappropriation, so establishing a plan today strengthens your position going forward.

Can a small business with limited resources still have an effective protection plan?

Yes. “Reasonable efforts” is measured against your circumstances, including company size and resources. A 15-person company is not expected to have the same security infrastructure as a Fortune 500 corporation. What matters is that you took affirmative, documented steps proportionate to your business. Even basic measures—NDAs, access restrictions, confidentiality markings, and exit procedures—go a long way.

What is the difference between a trade secret audit and a general IT security audit?

An IT security audit focuses on your technology infrastructure—firewalls, encryption, vulnerability testing. A trade secret audit is broader: it identifies what information qualifies as a trade secret, evaluates all protective measures (contractual, physical, procedural, and digital), and assesses legal enforceability. The two audits complement each other, but a trade secret audit addresses legal requirements that an IT audit does not.

Do we need a lawyer involved in the audit?

Having legal counsel involved ensures that your trade secret register and protection plan align with the requirements of MUTSA and the DTSA. An attorney can also help structure the audit so that findings may be protected by attorney-client privilege—important if the audit reveals vulnerabilities you need to address.

For guidance specific to your situation, contact Aaron Hall, attorney for business owners, at aaronhall.com or 612-466-0040.