Reasonable Measures to Protect Trade Secrets in MN

What does Minnesota law mean by “reasonable measures” to protect trade secrets?

Reasonable measures are the affirmative steps a business takes to keep information secret, and under Minnesota law they are not optional polish. They are part of the definition. Minnesota’s trade secret statute defines a trade secret as information that “derives independent economic value . . . from not being generally known” and that “is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.” Minn. Stat. § 325C.01, subd. 5, sets both prongs. In plain terms: the information has to be genuinely secret and valuable because of its secrecy, and you have to have done something real to keep it that way.

That second prong does most of the work in litigation. There is no separate “reasonable measures” statute to consult and no government agency that certifies your protections. The phrase is one clause of the trade-secret definition, and a Minnesota court reads it as a threshold question. If the answer is no, the analysis ends there and the information was never a protected trade secret. For the broader statutory picture, see our overview of the Minnesota Uniform Trade Secrets Act.

Why is the “reasonable measures” requirement the part of a trade secret claim that fails most often?

It fails most often because the value of the information is usually easy to prove, but the owner’s own conduct is what the court puts under a microscope. The Minnesota Supreme Court made this concrete in Electro-Craft Corp. v. Controlled Motion, Inc., 332 N.W.2d 890 (Minn. 1983) (available at https://www.courtlistener.com/opinion/1924519/electro-craft-corp-v-controlled-motion-inc/). The trial court had found that the company held protectable trade secrets in its motor designs. The Supreme Court reversed, resting its decision on the secrecy element alone: it held that the company had not carried its burden of proving it used reasonable efforts to maintain secrecy.

The court treated the secrecy element as the point on which the whole claim turned. The information in that case had real commercial value. It still lost trade secret status because the company had not protected it. A business owner reading this should take the practical lesson seriously. You can hold information that is unquestionably valuable and unquestionably secret in fact, and still have no enforceable trade secret, because the law looks at what you did, not just what you had.

What is the minimum a Minnesota business needs to do to qualify?

There is no fixed minimum and no statutory checklist. The standard is “efforts that are reasonable under the circumstances,” which means proportional: a five-person company is not measured against a large corporation’s security operation. What a small business needs is affirmative, consistent steps that match the value of the information and the realistic threats to it. A modest set of protections done consistently can help satisfy the standard, depending on the value of the information, the risks, and how the measures are implemented.

What the standard does not accept is good intentions standing alone. In Electro-Craft, the trial court had credited the company with intending to keep its information secret. The Supreme Court treated that finding as beside the point, because the statute asks for efforts, not intentions. The most common pattern I see is a business that genuinely considers its information confidential but has not translated that belief into anything a court can observe. Before you assume you are covered, it is worth running a candid self-audit of your current protections and comparing them against what courts treat as reasonable measures.

Will a court accept “we told everyone it was confidential” as reasonable measures?

A general announcement that “everything here is confidential” is not enough on its own. Minnesota courts look at conduct, and a blanket statement unaccompanied by action tends to undercut a claim rather than support it. Electro-Craft is the cautionary example. The company there lost its trade secret protection because its everyday handling of the information showed it was not treating that information as secret: its technical documents were not marked confidential, materials went out to customers and vendors without special marking, and employee access to documents was not restricted.

The point is not that words do not matter. Express notice is strong evidence, but the owner ultimately must show the employee knew or had reason to know the information was expected to remain secret. The point is that a court treats the statement as one piece of a larger picture, and a statement that is contradicted by everyday practice carries little weight. If you tell employees the customer database is confidential but every employee can open it, the conduct speaks louder than the announcement. Reasonable measures means the things you say and the things you do point in the same direction.

How should access controls and confidentiality marking work in practice?

Access controls and confidentiality marking are the two measures a Minnesota court examines first, because together they answer the questions a judge asks: did the business limit who could reach the information, and did it signal that the information was secret? Electro-Craft faulted the employer on both counts, noting unrestricted employee access and the absence of confidentiality markings. A workable baseline for most businesses looks like this:

1. Limit access to people who need it. Not every employee needs the pricing model or the source code. Restrict access by job function, so a salesperson reaches customer data but not product formulas.
2. Mark genuinely sensitive material. Label the documents and files that actually qualify, using a consistent designation such as “Confidential” or “Trade Secret.”
3. Do not mark everything. When every document carries the same label, the label loses meaning. Reserve it for the material that needs it.
4. Match digital controls to the information. Password protection, role-based permissions, and access logs are part of the picture for information that lives in systems.

For a business whose core trade secret is technical, it is worth looking closely at the digital-access controls courts expect, because a court will ask why sensitive code was reachable if the business claims it was a closely held secret.

How do NDAs and confidentiality agreements fit the reasonable-measures picture?

A confidentiality agreement does two jobs at once, and both matter. First, a signed agreement is direct evidence of a reasonable secrecy effort: it shows the business identified the information as confidential and bound the recipient to protect it. Second, the agreement creates an independent contract claim. Minnesota’s trade secret statute is explicit on this point. Under Minn. Stat. § 325C.07, the Act “do[es] not affect . . . contractual remedies, whether or not based upon misappropriation of a trade secret.”

That clause has real practical value. If a dispute reaches court and the judge ultimately decides the information did not qualify as a trade secret, a well-drafted confidentiality agreement can still carry the case as a breach-of-contract claim. The contract stands on its own footing. This is why a confidentiality agreement is worth getting right rather than pulling a generic form off the internet: it is both a secrecy measure and a separate enforcement track. Our guidance on a confidentiality agreement that holds up in court covers the drafting details, and for the workforce side, protecting confidential information without a noncompete explains how confidentiality terms function now that Minnesota has restricted noncompetes. An NDA is not a noncompete; it restricts disclosure, not future employment, and it is a separate instrument.

What confidentiality obligations should counterparties and vendors sign before they see your information?

Outside parties should be under a written confidentiality obligation before they receive any trade secret information. That includes vendors, contractors, outsourced development firms, joint-development partners, and prospective buyers conducting due diligence. Electro-Craft specifically faulted an employer that sent materials out to customers and vendors without any special marking, and the same logic applies to letting an outside party see sensitive information with no agreement in place at all.

There is also a legal mechanism worth understanding. Minnesota’s statute defines “improper means” to include “breach or inducement of a breach of a duty to maintain secrecy.” Minn. Stat. § 325C.01, subd. 2, ties that wrong to a duty. If a vendor under a signed confidentiality agreement later misuses your information, that misuse is a breach of a duty the vendor accepted. If there was no agreement and no duty, you have given up one of the cleaner paths to a remedy. The order of operations matters: the agreement comes before the disclosure, not after. This is also why trade secrets that travel with a business acquisition deserve careful handling, because diligence often means handing sensitive information to a party that may walk away from the deal.

What should a departing-employee exit protocol cover?

A departing-employee exit protocol should confirm the employee’s continuing confidentiality obligation, recover company devices and documents, and shut off system access on the way out. Departures are when trade secret information most often leaks, and the exit interview is the last documented opportunity to address it. Express notice is strong evidence, but the owner ultimately must show the employee knew or had reason to know the information was expected to remain secret, so a documented reminder at exit closes a gap that is otherwise easy to lose.

In practice, a workable exit protocol covers a few things. Remind the employee, in writing, of the confidentiality obligation they agreed to, and have them confirm they understand it continues after employment ends. Collect laptops, phones, access cards, and any physical files. Disable email, network, and cloud access promptly rather than weeks later. Ask the employee to confirm they have not retained company information on personal devices or accounts. Each of these steps is both a protective measure and a piece of documentation. A short, consistent process matters here, and our guide to a protocol for protecting your information when employees leave walks through it in more depth.

How do you document that the measures were in place before a breach happened?

Documentation matters because a Minnesota court evaluates your secrecy efforts as of the time of the alleged misappropriation, not as of the day you file suit. If you cannot show the measures existed before the breach, you face the same problem the company faced in Electro-Craft: an inability to meet the burden of proof. Reasonable measures that no one can document are difficult to credit.

What carries weight is a dated record. Signed confidentiality agreements with dates. A written confidentiality or information-security policy with a version history. Access logs showing who could reach the information and when. Records of confidentiality marking on sensitive documents. Exit-interview checklists in departed employees’ files. None of this needs to be elaborate. It needs to exist, be dated, and predate the dispute. The recurring pattern in cases that succeed is contemporaneous paper. The recurring pattern in cases that fail is a business that did sensible things but kept no record that it did them. The proof you build today is what makes a remedy available later. The Act lets a court enjoin “actual or threatened misappropriation,” Minn. Stat. § 325C.02, and award damages for both actual loss and unjust enrichment, with the possibility of additional damages “[i]f willful and malicious misappropriation exists,” Minn. Stat. § 325C.03. Every one of those remedies depends first on proving you had a trade secret at all, and that proof starts with the reasonable measures you can document.

A practical takeaway for Minnesota business owners

The core point is simple: under Minnesota law, a trade secret is only as protected as the steps you took to keep it secret, and a court judges those steps by what you did and documented, not by what you intended. For most businesses the foundation is unremarkable and achievable: limit access to people who need it, mark genuinely sensitive material, put confidentiality agreements in place before anyone sees the information, and keep dated records that the measures existed. That same foundation overlaps with the federal Defend Trade Secrets Act, 18 U.S.C. § 1836, but a federal claim also requires the statutory interstate-or-foreign-commerce connection and proof of misappropriation. One secrecy program can support both a federal claim and a state one when those separate requirements are met. If you would like a second set of eyes on whether your current protections would hold up, email [email protected] with a brief, general description of your situation, and we will open an intake and run a conflict check before reviewing any confidential material. Our Minnesota trade secret practice area offers related guidance.