Trade secrets de-mystified

A trade secret is information that derives its economic value from not being generally known, not being readily ascertainable by others, and being the subject of reasonable efforts to maintain its secrecy. Trade secrets will include some of a typical technology company’s most valuable information, and include: ideas, designs, methodologies, processes, formulations, source code, system architecture, algorithms, financial matters, pricing policies, marketing plans, methods of business operation, customer and supplier lists, employee salaries and other forms of compensation.

It is not always possible to realize the full value of a trade secret without disclosing it to others. Most startups at some point need to disclose trade secrets to employees, independent contractors, strategic partners, customers, venture capitalists, bankers and other advisors. Despite the need for such disclosures, the value of a trade secret can be preserved by taking steps to control its dissemination and use.

What information is protected by a duty of confidence?

Although often grouped under the heading of intellectual property rights, a trade secret is not a form of property. While some trade secrets may also qualify for the protection afforded to intellectual property, such as patents, the protection of a trade secret arises from a duty of confidence that is recognized by the common law. We use the term confidential information to distinguish information protected by this duty of confidence from the specific US statute-based concept of trade secrets.

There is a duty of confidence that arises when information is disclosed in circumstances where the person receiving the information has notice, or has agreed that the information is confidential. Examples can include disclosure of confidential information to partners in a joint venture, manufacturers and designers, distributors, consultants and independent contractors, licensees and employees. Relying only on this duty of confidence, however, raises evidentiary concerns and can result in lack of certainty.

When should you get an NDA (non-disclosure agreement)?

Relying exclusively on the duty of confidence may sometimes be considered evidence of a lack of adequate security measures to protect the confidential information. This may result in a loss of confidential status for the information. This is one good reason to require all recipients to enter into a non-disclosure agreement before disclosing confidential information.

A non-disclosure agreement (commonly referred to as an NDA, CDA or a confidentiality agreement) is a written agreement in which one party agrees to disclose confidential information to the other party on the condition that the use and further disclosure of such information is limited in a manner that is intended to preserve its confidential nature.
NDAs are not one size fits all. There is no such thing as a standard non-disclosure agreement – different forms are appropriate for different circumstances. See our NDA primer for Startups.

NDAs are also not a substitute for trust. An NDA will not prevent disclosure; it only provides a legal mechanism to enforce confidentiality obligations or to obtain damages if such obligations are breached. If you do not trust someone, do not provide them access to your confidential information, even if they agree to sign an NDA.

When should you consider an information protection program?

While NDAs are excellent tools, they are not sufficient to establish that sensitive information qualifies for protection under common law. NDAs are only one part of a proper information protection program. While an information protection program will vary depending on each company’s particular circumstances, a typical program will, at a minimum, include:

  • Proper identification and marking of confidential information
  • Controlled and, where possible, documented access to confidential information
  • Documentation destruction practices
  • Monitored and restricted access to premises by visitors, including sign-in and display of visitor identification badges
  • A process to review all marketing materials, speeches and other public disclosures for inadvertent disclosure of confidential information
  • The creation of a company policy and the education of employees and contractors regarding the protection of confidential information
  • Appropriate confidentiality agreements with employees, consultants, contractors, licensees and other third parties


Questions? Email us at