Suspected trade secret misappropriation presents both legal and operational challenges for all companies whose critical assets include intellectual property, including your company. It is rarely a contained issue. Once confidential information begins to circulate, its value can erode quickly, and the digital trail showing how that information moved can become fragmented or lost across devices, accounts, and systems.
For many California businesses, this creates a high-stakes moment. Trade secrets often sit at the core of your company’s competitive advantage, whether that includes customer data, pricing strategies, internal processes, product development plans, or proprietary technology. If that information is misused, the impact can extend well beyond a single employee departure. It can adversely affect your company’s growth, market position, and long-term valuation.
Time and uncertainty tend to work against you in these situations. The longer a potential misappropriation goes unaddressed, the more difficult it becomes to contain further use and to reconstruct what actually occurred. Digital evidence can be overwritten, deleted, or altered, making it harder to establish a clear record of who accessed your proprietary information, when it was accessed, and how it may have been transferred or used.
A well-executed initial response is critical. In most cases, your company’s immediate priorities should be to contain further access or disclosure, preserve evidence so you can prove what happened, and evaluate your options to recapture the information and prevent any further loss. That evaluation may include deciding whether to pursue a negotiated resolution, initiate civil litigation under California or federal law, or in some circumstances involve law enforcement.
Why Acting Quickly Matters
Trade Secrets Depend on Secrecy
Under California’s Uniform Trade Secrets Act (CUTSA), a trade secret must have independent economic value from not being generally known and must be subject to reasonable efforts to maintain secrecy. The federal Defend Trade Secrets Act (DTSA) similarly requires that your company take reasonable measures to keep the information secret and that the information derives independent economic value from not being generally known.
This definition is not academic. If your company leaves trade secret information unprotected or allows it to be widely disseminated, shared without controls, or effectively treated as ordinary business information, your ability to enforce your company’s legal rights later can be substantially weakened.
Evidence is Perishable
Many key indicators live in logs, email metadata, endpoint telemetry, cloud activity history, badge and door access reports, and retained mobile device data. Digital investigation and preservation are commonly time-sensitive, and best-practice forensic guidance emphasizes structured methods to collect and analyze data sources. If litigation becomes likely, your company also needs to preserve electronically stored information (ESI) in anticipation of litigation, because otherwise the evidence is lost, and courts can issue sanctions and eliminate remedies when ESI is lost for failure to take reasonable steps to preserve it.
Step One: Confirm the Information at Issue is Actually a Trade Secret
In the early hours of a suspected incident, many companies lose time by treating “confidential information” and “trade secrets” as interchangeable. They are not.
Under CUTSA, the legal definition focuses on economic value from secrecy and reasonable efforts to maintain secrecy. Under the DTSA, protected “trade secrets” can include many forms of business and technical information, including financial and business information, compilations, methods, processes, and code, so long as those secrecy and value requirements are met. The USPTO’s trade secrets toolkit is also clear that trade secrets are not registered with the government and depend on reasonable efforts to keep them secret.
A practical way to start is to create a short internal “trade secret issue list” that answers four questions:
- What exactly is the information you wish to keep secret (not a broad category, but the specific asset or compilation)?
- Where is it stored and how is it accessed (systems, folders, tools, permissions)?
- Who has legitimate access in the ordinary course of running your company?
- Why does secrecy matter commercially for the information in question (competitive advantage, margin, customer retention, cost to recreate)?
Your company is not only preparing to respond to a data breach. You are also preparing, if necessary, to satisfy California’s expectation that plaintiffs define the trade secrets in dispute with specificity. California law requires that, before commencing discovery relating to the trade secret in a CUTSA misappropriation action, the plaintiff identify the trade secret with “reasonable particularity,” subject to protective measures.
Step Two: Implement an Investigation and ESI Preservation Plan
Most trade secret cases are won or lost based on evidence identified and preserved in the earliest hours of identifying the data breach. The best early work often looks more like disciplined incident response than traditional business dispute management.
Organize a Response Team
Your company should promptly designate a small, need-to-know response team, typically including a senior executive, HR, IT/security, and outside forensic expert. You should include in-house counsel and outside litigation counsel. National Institute of Standards and Technology’s (NIST) digital forensics guidance emphasizes that companies should consult legal counsel prior to applying forensic investigative practices to the breached systems.
Preserve First, Analyze Second
If you suspect a departing employee took data, your company should consider a litigation hold and preservation steps tailored to the breached systems that actually contain the facts, including e-mailboxes, collaboration platforms, endpoint devices, and cloud storage. If ESI “should have been preserved” and is lost because reasonable steps were not taken by your company’s personnel or response team, courts may impose sanctions, including issue, evidence and in severe cases, terminating sanctions. That means your lawsuit can be dismissed and your case thrown out of court. Avoid that result.
Consider Forensically Sound Data Collection
In many cases, the most probative evidence is in the former employee’s company-issued devices, including laptops, phones, and e-mail accounts, USB usage, file transfer services, abnormal downloads, forwarding rules, printing, or use of personal cloud storage. Your IT team should immediately recover as much data as possible and capture all digital evidence of the breach. If litigation appears likely, outside forensic experts can help collect data in a productive and defensible way and preserve the chain of custody, which will make it easier to introduce at trial.
Do Not Ignore Physical and Administrative Sources
Companies often focus on digital evidence and overlook badge access records, office entry after hours, visitor logs, DLP alerts, help desk tickets, and the timing of resignation and accepted offers by suspected employees or contractors. These sources can corroborate digital facts, and are closely tied to individuals who may be directly liable for the unlawful activities.
Step Three: Contain the Problem and Reduce Onward Disclosure
Containment is about stopping further access and preventing your trade secrets from being spread further afield while facts are still being gathered and responsible parties are coming into focus.
Common containment measures include revoking access to important information systems, invalidating single sign-on sessions, rotating personal credentials and API keys, restricting shared drive access, and ensuring that company devices and accounts are returned and secured. Your company should also consider whether highly sensitive data repositories need temporary access tightening while the investigation proceeds.
If the individual is still employed by your company, an exit interview process is an important point of control. This should include an exit interview, confirmation that all company property has been returned, and written certification that company data and information has been returned and no copies remain outstanding. Your company’s specific approach to managing employee exits should be coordinated with in-house counsel, especially in California where employment mobility is rampant and state law strictly protects free competition and prohibits virtually all restraints on trade.
Step Four: Communications Strategy and Cease-and-Desist Considerations
When it appears that important information has been removed from the company, a cease-and-desist letter can be a useful device to place all parties on notice that unlawful activities have taken place, and, in the absence of quick resolution, litigation may be commenced to redress all grievances. But it should not be reflexive. It is a strategic communication that will almost certainly influence what the former employees, and any new employers decide to do next. This could include taking prudent steps to preserve evidence they have come into possession of and deny the new employee access to their own systems. In the alternative, it could accelerate product development and go-to-market plans by relying on your company’s stolen information. It would not be prudent, but it is possible.
Finkel Law Group’s trade secret materials emphasize investigating and substantiating misappropriation allegations before sending a cease-and-desist letter because inaccurate or overbroad accusations can impede constructive communication, delay settlement discussions and possibly create unexpected legal exposure.
Before issuing a cease-and-desist letter you should consider the following:
- Whether the trade secrets can be defined precisely and credibly
- Whether your company has evidence of access, copying, or transfer
- Whether the requested relief is narrowly tailored to trade secret protection
- Whether a parallel approach, such as a standstill or negotiated protocol for return and verification, could achieve business goals faster and more confidentially
In some disputes, a temporary standstill agreement can provide the parties with breathing room to investigate and negotiate a resolution without immediately forcing an adversarial posture that is almost certain to lead to litigation in a public forum. Frequently a bad idea.
Step Five: Litigation and Escalation Risk Assessment
Not every suspected incident should become a lawsuit. Before you escalate, your company should pressure-test three issues: (1) legal viability, (2) business objectives and (3) downside risk.
California’s Reality is Non-Competes Are Generally Void
California Business and Professions Code section 16600 broadly voids post-employment non-competes except where a statutory exception applies, and related 2024 changes to the law reinforce the breadth of this policy. California also added statutory provisions restricting attempts to use void non-competes and extending certain prohibitions and remedies even when agreements are signed outside California.
Practically, this means that in California trade secret protection and narrowly tailored confidentiality obligations are often the primary legal tools when employees move to competitors.
California Law Does Not Recognized the “Inevitable Disclosure” Doctrine
California courts have rejected the inevitable disclosure doctrine to prevent someone from working for a competitor. Your company generally needs evidence of actual misappropriation and use of the stolen information or facts supporting threatened misappropriation rather than relying on the theory the person “cannot help but use” what they know, including the information he stole from you. CUTSA expressly allows injunctions for actual or threatened misappropriation, but the evidentiary showing matters.
Federal DTSA Considerations
The DTSA provides a federal civil cause of action when the trade secret is related to a product or service used in, or intended for use in, interstate or foreign commerce. The statute also includes an ex parte seizure remedy, but only in extraordinary circumstances, and it comes with procedural and practical complexity.
Confidentiality Can be Protected in Court, But It Requires Planning
Both CUTSA and federal law empower courts to preserve secrecy, including through protective orders, sealed filings, and in-camera proceedings. This is important for companies who fear that suing will publicize sensitive information. Courts have tools to mitigate that risk, but your pleadings and evidence strategy must be built with confidentiality in mind from day one.
When to Involve Law Enforcement
Under federal law, theft of trade secrets is a crime under 18 U.S.C. § 1832, which criminalizes theft and unauthorized copying, downloading, uploading, transmitting, or possessing trade secret information under specified conditions. Economic espionage for the benefit of a foreign government can fall under 18 U.S.C. § 1831.
California also criminalizes theft of trade secrets. Penal Code section 499c defines trade secrets similarly to CUTSA and describes multiple forms of theft, including unauthorized taking or use, copying after unlawful access, and copying in breach of a relationship of trust and confidence.
For your company, the decision to involve law enforcement is often appropriate when the facts suggest large-scale theft, a high risk of rapid dissemination, foreign involvement, hacking, repeat actors, or when civil remedies are unlikely to prevent imminent harm. Reporting options can include contacting the FBI or submitting a tip, depending on the circumstances. The U.S. Department of Justice’s guidance for victims also describes the Economic Espionage Act trade secret crimes and provide reporting context.
Law enforcement involvement has tradeoffs. It can increase deterrence and investigative reach, but it can also reduce your company’s control over pace and messaging. Confidentiality protections exist in federal proceedings, but you should probably assume that there is always some risk that sensitive facts become more widely known than desired.
Recommended Next Steps for Your Company
If you suspect trade secret misappropriation, your next step should be to treat it as a priority incident, not an ordinary HR matter. Immediately limit access, preserve evidence, and document what you know and what you still need to confirm.
From there, your company can make an informed decision about whether to issue a cease-and-desist letter, negotiate a standstill agreement or return-and-verify protocol, or file a civil action in state or federal court. Under both CUTSA and the DTSA, courts can grant strong remedies, including temporary restraining orders or preliminary injunctions to stop actual or threatened misappropriation, and damages where proven. When a court issues an injunction against the offending parties, that tends to bring them to the negotiation table, and the matter may be resolved early.
If you would like guidance tailored to your company’s facts, including California-specific risk, evidence collection strategy, and the pros and cons of escalation, we encourage you to contact experienced trade secret counsel promptly.
About Finkel Law Group
Finkel Law Group, P.C., with offices in San Francisco, Oakland and Washington D.C., has over 30 years of experience helping clients protect, enforce, and maximize the value of their intellectual property and confidential business assets, including trade secrets. Our attorneys regularly assist startups, established companies, and investors in navigating the legal and practical challenges of trade secret protection, incident response, pre-litigation strategy, and trade secret litigation under California law and the Federal Defend Trade Secrets Act. When you need intelligent, insightful, conscientious, and cost-effective legal counsel to help your company respond to suspected trade secret misappropriation, please contact us at (415) 252-9600, (510) 344-6601, (771) 202-8801 or info@finkellawgroup.com to speak with one of our attorneys about your matter.
