Short answer: a statistical study of 358 trade secret cases shows the people who steal your secrets are almost always insiders, employees and business partners, and the one thing that decides whether you can stop them is whether you took “reasonable measures” to keep the information secret. For a software company, that means NDAs, access controls, and consistent confidentiality marking.
A Statistical Analysis of Trade Secret Litigation in State Courts (1995-2009) is full of practical nuggets for any software or SaaS company trying to protect what it keeps secret. Here is what jumps out, and what to do about it.
What Is a Trade Secret?
A trade secret is business information that gives you a competitive advantage precisely because it stays secret, and that you take reasonable steps to protect. For a software company that includes source code, customer lists, pricing and discount structures, business and strategy plans, and even employee lists. Trade secret is one of the four pillars of IP protection (see Intellectual Property Basics for Software Companies), and unlike copyright it protects the very things you never publish.
1. The Thief Is Almost Always Someone You Trusted.
Employees and business partners together make up about 93% of trade secret misappropriators. Not anonymous hackers. People you hired, partnered with, and trusted. That single fact should reshape how you think about protection: the controls that matter most are the ones aimed at insiders and departing employees (a problem I dig into in Departing Employees Gone Wild).
2. What They Take.
The study splits it two ways. General business information (customer lists being the classic example) was at issue about 70% of the time, and technical information like software about 30% of the time. So while you are busy guarding the code, do not forget that your customer and pricing data is the more frequently litigated target. That is exactly why keeping your pricing confidential with signed agreements matters as much as protecting the source.
3. How to Actually Protect Them.
- Confidentiality agreements. Consistent NDAs with employees, contractors, and partners are the backbone of “reasonable measures.”
- Technical and physical controls. Passwords, role-based access, and limits on who can pull the sensitive material.
- Education and marking. Train your people, and label sensitive material (“Confidential Information of [Company],” “Internal Use,” “Trade Secret”) so there is no doubt it was treated as secret.
Federal law now reinforces all of this: the Defend Trade Secrets Act (18 U.S.C. section 1836) gives trade-secret owners a federal civil claim, but it still turns on whether you took reasonable measures to keep the information secret.
Frequently Asked Questions.
Who actually steals trade secrets? Insiders. The study found employees and business partners account for about 93% of misappropriation, so your controls should focus on people you trust, especially departing employees, not just outside hackers.
What is the one thing courts look for? Reasonable measures. If you did not use NDAs, access controls, and confidentiality marking, a court may find the information was not really a secret, and you lose the claim.
Is source code the main target? No. General business information like customer lists was at issue about 70% of the time, versus about 30% for technical information. Protect pricing and customer data as seriously as the code.
Trade secret litigation keeps climbing. If you are not taking reasonable measures, good luck convincing a court to stop an ex-employee or former partner from using what they walked out with. The measures are cheap. Losing the secret is not. I hope this helps.
Resources:
- Law review article with the survey
- Is Your Software Pricing Confidential?
- Departing Employees Gone Wild, Part I
Disclaimer:
This post is for informational and educational purposes only, and is not legal advice. You should hire an attorney if you need legal advice, which should be provided only after review of all relevant facts and applicable law.