Your company’s most valuable assets may not appear on any balance sheet. Customer lists, proprietary processes, pricing models, supplier relationships, software algorithms, strategic plans, these are trade secrets, and they drive competitive advantage. But here is the uncomfortable reality: if you cannot demonstrate that your business took “reasonable efforts” to protect them, Minnesota law will not protect them for you.
The Minnesota Uniform Trade Secrets Act (MUTSA) is codified at Minn. Stat. §§ 325C.01 to 325C.08 (2024). Section 325C.01 is only the definitions section; the Act spans eight sections that cover injunctive relief, damages, attorney’s fees, preservation of secrecy, the statute of limitations, its effect on other law, and the short title. The definition that governs is at Minn. Stat. § 325C.01, subd. 5, and it sets a two-part test: information qualifies as a trade secret only if it (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. That second element (reasonable efforts) is where most businesses fall short.
A trade secret protection plan is how you meet that standard. A trade secret audit is how you find out where you stand today. Together, they form the foundation of enforceable trade secret rights.
Why Your Business Needs a Formal Trade Secret Protection Plan
Many business owners assume their trade secrets are protected simply because they have not shared them publicly. That assumption is dangerous. Without a documented, systematic approach to identifying and safeguarding confidential information, you face three serious risks:
1. Loss of legal protection. Under MUTSA and the federal Defend Trade Secrets Act (DTSA, 18 U.S.C. § 1836 et seq.), trade secret status requires reasonable protective measures. On the federal side, that requirement is definitional: information is a trade secret only where “the owner thereof has taken reasonable measures to keep such information secret.” 18 U.S.C. § 1839(3)(A). A court evaluating your claim will look at what your company actually did, not what you intended to do. No plan, no documentation, no protection. The stakes are concrete: when your information does qualify, the DTSA lets a court order injunctive relief, award your actual losses plus the defendant’s unjust enrichment (or a reasonable royalty), add exemplary damages of up to twice the compensatory award where the misappropriation is willful and malicious, and award attorney’s fees. 18 U.S.C. § 1836(b).
2. Inability to enforce agreements. Non-disclosure agreements (NDAs), confidentiality clauses in employment contracts, and similar restrictive covenants all depend on the underlying information qualifying as a trade secret. If the information does not meet the statutory definition because your company failed to treat it as confidential, those agreements lose their teeth.
3. Exposure during employee transitions. The highest-risk moment for trade secret misappropriation is when employees leave, especially when they join competitors or start competing businesses. Without a protection plan, you may not even know what information walked out the door, let alone have the documentation to pursue a claim.
What a Trade Secret Audit Involves
A trade secret audit is a structured review of your company’s confidential information and the measures you have in place to protect it. Think of it as a diagnostic: it tells you what you have, where the gaps are, and what needs to change.
Step 1: Inventory Your Trade Secrets
The first task is identifying what qualifies as a trade secret under Minn. Stat. § 325C.01, subd. 5. The statute covers information that:
- Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and
- Is the subject of reasonable efforts to maintain its secrecy.
Both prongs must be satisfied. Reasonable security measures alone will not create protectable rights in information that is generally known or readily ascertainable, and information with genuine competitive value is not protected unless you also guard its secrecy. One point reassures owners working through this inventory: a trade secret’s existence “is not negated merely because an employee or other person has acquired the trade secret without express or specific notice that it is a trade secret” so long as, under all the circumstances, that person “knows or has reason to know” the owner expects secrecy to be maintained (Minn. Stat. § 325C.01, subd. 5). You do not forfeit protection for every item you failed to stamp “confidential,” though clear labeling still helps.
Common categories of trade secrets in Minnesota businesses include:
- Customer and vendor information. Customer lists, purchasing histories, contract terms, pricing agreements, and supplier relationships, especially where the compilation itself provides competitive value.
- Financial data. Cost structures, margin analyses, pricing models, and financial projections not shared outside the company.
- Technical information. Proprietary processes, formulas, algorithms, source code, engineering specifications, and manufacturing methods.
- Business strategies. Marketing plans, expansion strategies, acquisition targets, product development roadmaps, and strategic partnerships under negotiation.
- Operational know-how. Training methodologies, quality control processes, internal workflows, and efficiency techniques that give your company an edge.
The audit should produce a written inventory (a trade secret register) that catalogs each category of confidential information, describes its competitive value, and identifies who has access to it.
Step 2: Assess Current Protective Measures
Once you know what you are protecting, the audit evaluates how well you are protecting it. This assessment covers:
- Physical security. Are sensitive documents stored in locked areas? Is access to server rooms, R&D labs, or manufacturing areas restricted?
- Digital security. Are files encrypted? Is access controlled by role-based permissions? Are there audit logs tracking who accesses confidential information?
- Contractual protections. Do employees, contractors, and vendors sign NDAs or confidentiality agreements? Are those agreements current and enforceable?
- Onboarding and offboarding procedures. Are new employees informed about confidentiality obligations? When employees leave, is there an exit process to recover company information and remind them of their ongoing obligations?
- Marking and labeling. Are confidential documents marked as such? Can employees reasonably distinguish between confidential and non-confidential information?
- Third-party access controls. When you share trade secrets with vendors, consultants, potential partners, or investors, do you use NDAs and limit disclosures to what is necessary?
Step 3: Identify Gaps
This is the most valuable part of the audit. Common gaps include:
- No written inventory. The company has never cataloged its trade secrets. Without an inventory, it is difficult to prove what information you considered confidential.
- Outdated NDAs. Agreements signed years ago may not cover current roles, new categories of information, or changes in the law.
- No exit interviews. Departing employees leave without returning devices, without confirming the deletion of company files from personal devices, and without any documented reminder of their confidentiality obligations.
- Broad internal access. Sensitive information is accessible to employees who have no business need for it. The wider the access, the harder it is to argue the information was truly secret.
- No training. Employees do not know what constitutes a trade secret, how to handle confidential information, or what the consequences of unauthorized disclosure are.
- Inadequate digital controls. No encryption, no access logging, no restrictions on downloading or forwarding sensitive files.
- Shared without NDAs. The company disclosed trade secrets to third parties (investors, potential buyers, strategic partners) without any confidentiality agreement in place.
How to Build a Trade Secret Protection Plan
A protection plan takes the findings from your audit and converts them into actionable policies and procedures. Here is a framework:
1. Create and Maintain a Trade Secret Register
Document each category of trade secret, its economic value, who has access, and what protections are in place. Update this register at least annually, more often if your business is growing or changing rapidly.
2. Implement Tiered Access Controls
Not everyone in the company needs access to every piece of confidential information. Classify trade secrets by sensitivity level and restrict access based on job function. The principle is simple: employees should have access to the information they need to do their jobs, and nothing more.
3. Use Appropriate Agreements
Every person who has access to your trade secrets (employees, contractors, consultants, vendors, potential partners) should be bound by a written confidentiality obligation. These agreements should:
- Define what constitutes confidential information with reasonable specificity
- State the obligations of the receiving party
- Survive the termination of the relationship
- Be reviewed and updated periodically
For employees, nonsolicitation, nondisclosure, and confidentiality or trade-secret agreements may be appropriate given their role and access level. A traditional employee non-compete, however, is no longer an option in Minnesota. Under Minn. Stat. § 181.988, any covenant not to compete entered into on or after July 1, 2023 is “void and unenforceable” against an employee or independent contractor. The ban applies only to agreements entered into on or after that date (2023 Minn. Laws ch. 53, art. 6, § 1); it does not retroactively void covenants signed earlier. Only two narrow exceptions survive: a non-compete given by the seller during the sale of a business, and one entered in anticipation of a business’s dissolution among its owners.
The statute leaves untouched the agreements you actually need for trade-secret protection. Section 181.988, subd. 1 expressly excludes nondisclosure agreements, agreements designed to protect trade secrets or confidential information, and nonsolicitation agreements (including agreements restricting the use of client or contact lists) from the definition of a banned covenant not to compete. Those remain fully enforceable, so they are the tools to use.
You also cannot contract around the ban with out-of-state paperwork. Section 181.988, subd. 3 bars an employer from requiring an employee who primarily resides and works in Minnesota to agree, as a condition of employment, to adjudicate a Minnesota claim outside Minnesota or to be deprived of the substantive protection of Minnesota law for a controversy arising in Minnesota. Have any restrictive covenant reviewed with counsel.
4. Establish Onboarding and Offboarding Protocols
Onboarding: New employees should receive training on trade secret policies, sign appropriate agreements, and acknowledge in writing that they understand their obligations.
Offboarding: When employees leave, conduct an exit interview that:
- Reminds them of their ongoing confidentiality obligations
- Recovers all company devices, documents, and access credentials
- Requires certification that they have not retained company information on personal devices or cloud accounts
- Documents the process
5. Mark Confidential Information
Label documents, emails, files, and physical materials as “Confidential,” “Proprietary,” or with similar designations. This practice serves two purposes: it puts employees on notice about what is confidential, and it provides evidence of your reasonable efforts if you later need to enforce your rights.
6. Secure Digital Infrastructure
Work with your IT team or provider to ensure:
- Role-based access controls are in place for all systems containing trade secrets
- Files are encrypted at rest and in transit
- Access and download activity is logged
- USB ports and file-sharing platforms are restricted or monitored where appropriate
- Former employees’ access is revoked immediately upon departure
7. Train Your Team
Annual training on trade secret policies is not optional, it is one of the most concrete ways to demonstrate “reasonable efforts” under MUTSA. Training should cover:
- What trade secrets are and why they matter to the business
- How to handle confidential information in daily work
- What to do if a potential breach is suspected
- Consequences of unauthorized disclosure
8. Conduct Periodic Audits
A protection plan is not a one-time project. Schedule annual audits to verify that policies are being followed, agreements are current, and new categories of confidential information have been added to the register.
The “Reasonable Efforts” Standard Under MUTSA
The phrase “reasonable efforts” in Minn. Stat. § 325C.01, subd. 5, is deliberately flexible. Because the statute measures the required efforts “under the circumstances,” courts assess them based on the totality of the circumstances, there is no single checklist that guarantees compliance. The factors described above are consistently recognized as relevant:
- Restricting access to those with a need to know
- Using confidentiality agreements
- Marking documents as confidential
- Implementing physical and digital security measures
- Training employees
- Conducting exit interviews
The more of these measures you implement and document, the stronger your position if you ever need to enforce your trade secret rights. Conversely, the absence of these measures is precisely what opposing counsel will highlight to argue that your information never qualified as a trade secret in the first place.
Checklist: Trade Secret Protection Plan Essentials
Use this as a starting point for your company’s protection plan:
- Trade secret register created and cataloging all categories of confidential information
- Register reviewed and updated at least annually
- Access controls implemented, tiered by sensitivity and job function
- NDAs/confidentiality agreements signed by all employees, contractors, and vendors
- Agreements reviewed for current enforceability
- Onboarding process includes trade secret training and agreement execution
- Offboarding process includes exit interview, device recovery, and access revocation
- Confidential documents and files labeled appropriately
- Digital security measures in place (encryption, access logs, role-based permissions)
- Annual employee training conducted and documented
- Third-party disclosures governed by NDAs
- Periodic audits scheduled and completed
Frequently Asked Questions
How often should a business conduct a trade secret audit?
At minimum, annually. Companies experiencing rapid growth, significant employee turnover, or changes in technology should consider more frequent reviews. The goal is to ensure your protections keep pace with your business.
What happens if we never created a trade secret protection plan?
Without documented protective measures, you risk a court finding that your information does not qualify as a trade secret under MUTSA. The “reasonable efforts” requirement is not aspirational, it is a prerequisite to legal protection. The good news is that you can start now. Establishing a plan today strengthens your position going forward. Minnesota keys a misappropriator’s liability to what the actor knew or had reason to know “at the time of disclosure or use” (Minn. Stat. § 325C.01, subd. 3). Misappropriation under the same subdivision covers acquiring a trade secret when you know or have reason to know it was acquired by improper means, and disclosing or using another’s trade secret without consent when you knew or had reason to know it was acquired under circumstances giving rise to a duty to maintain its secrecy.
Can a small business with limited resources still have an effective protection plan?
Yes. “Reasonable efforts” is measured “under the circumstances” (Minn. Stat. § 325C.01, subd. 5), which makes it a flexible standard rather than a fixed threshold. In practice, a 15-person company is not expected to have the same security infrastructure as a Fortune 500 corporation. What matters is that you took affirmative, documented steps proportionate to your business. Even basic measures (NDAs, access restrictions, confidentiality markings, and exit procedures) go a long way.
What is the difference between a trade secret audit and a general IT security audit?
An IT security audit focuses on your technology infrastructure: firewalls, encryption, vulnerability testing. A trade secret audit is broader: it identifies what information qualifies as a trade secret, evaluates all protective measures (contractual, physical, procedural, and digital), and assesses legal enforceability. The two audits complement each other, but a trade secret audit addresses legal requirements that an IT audit does not.
Do we need a lawyer involved in the audit?
Having legal counsel involved ensures that your trade secret register and protection plan align with the requirements of MUTSA and the DTSA. An attorney can also help structure the audit so that its communications may be protected by the attorney-client privilege, which “exists to protect not only the giving of professional advice to those who can act on it but also the giving of information to the lawyer to enable him to give sound and informed advice.” Upjohn Co. v. United States, 449 U.S. 383, 390 (1981). Understand the limit, though: the privilege reaches the communications, not the underlying facts. As the Supreme Court put it, “[t]he privilege only protects disclosure of communications; it does not protect disclosure of the underlying facts by those who communicated with the attorney.” Id. at 395. You cannot shield the facts about your trade secrets or security gaps merely by routing them through a lawyer, but you can protect the audit’s candid analysis of them, which is often what you most want to keep confidential while you fix the problems it uncovers.
For guidance specific to your situation, contact Aaron Hall, attorney for business owners, at aaronhall.com or 612-466-0040.