Sherbrooke sued, claiming trade secret misappropriation.
The district court dismissed the claim, saying Sherbrooke hadn't alleged that it took sufficient "reasonable measures" to protect its secrets. The 4th Circuit reversed. At the pleading stage, the court said, robust confidentiality and invention-assignment agreements were enough to plausibly allege trade-secret protection and misappropriation.
Businesses shouldn't read this case as a signal that NDAs alone will save the day when trying to protect your trade secrets. Courts expect to see evidence that you consistently treat your valuable information like it's actually valuable.
That means taking concrete steps such as:
➛ Identifying your true trade secrets—what they are, where they live, and who touches them.
➛ Locking them down on paper with strong confidentiality and IP-assignment agreements.
➛ Controlling access through permissions, passwords, and need-to-know limits.
➛ Training employees routinely on confidentiality expectations.
➛ Offboarding decisively, including cutting off access, recovering devices, confirming return/deletion, and suing when necessary.
➛ Conducting regular trade-secret audits.
➛ Using digital tools to detect risky downloads or data transfers.
➛ Tightening vendor controls with NDAs and security requirements.
➛ Clearly labeling confidential information as such.
➛ Adopting written policies for remote work, cloud storage, and AI use.
➛ Encrypting and segmenting key data.
➛ Monitoring access logs for suspicious behavior.
➛ Documenting leadership oversight of trade-secret protections.
➛ Reinforcing physical security where sensitive information lives.
Trade-secret cases are won and lost long before anyone files the lawsuit. If you can't point to a meaningful, well-documented protection program, this decision is your nudge to build one—now, and not when a competitor turns out to be your former insider. By then, it will be too late.