The Most Common Trade Secret Mistakes (And How to Avoid Them)
After 17 years of helping business protect they IP, and cleaning up when things have gone wrong, I am confident that trade secrets are often not lost through Hollywood-style espionage, but through every day actions that amount to avoidable mistakes. Here are the patterns that hurt scaling companies again and again - and what you can do to keep your IP and therefore your company value intact.
Mistake 1: “We have an NDA, so we’re safe”
An NDA is important, but on its own it doesn’t prove you took “reasonable steps” to protect a trade secret.
If:
everyone in the company can access everything,
documents aren’t marked as confidential,
people freely email sensitive files to personal accounts,
a court might decide the information wasn’t properly protected – and therefore not a trade secret anymore.
How to do better:
Combine NDAs with practical controls like restricted access, labels, training your team so they know and understand trade secrets, and have a clear policy for how sensitive information is stored and shared. This is key for the information to be classified as a trade secret, and only if it has this classification will it be solid IP value for you.Mistake 2: Oversharing with suppliers and partners
Young companies often reveal far more than they need to:
sending full process descriptions to a manufacturer early
sharing internal cost breakdowns or algorithms with “strategic partners”
dropping detailed technical info in investor decks and open data rooms
Once a secret is widely shared, it becomes much harder to argue it’s really a closely guarded trade secret.
How to do better:
Instead of over-sharing, share the information in layers and make sure that only what’s necessary at each stage is shared, and that it is only shared with the right persons subject to an NDA. Use a clear “need-to-know” even with partners and factories. And keep the most sensitive parts (e.g. exact process sequence or parameters) inside your organisation if you can, or tightly controlled and contractually ring-fenced if you must share with a specific outside person/partner.
Mistake 3: No proper offboarding process
A surprisingly common scenario that I see in everyday operations will be that when someone resigns or is let go IT turns off their email, and that’s it. No one asks what the departing team mate kept on personal devices, cloud drives or private emails. The person leaving will walk out with a full archive of sensitive docs “just in case”.
How to do better:
Make sure you have a standard offboarding checklist that includes revoke access, collection of devices, verifying transfers/deletions of company data where realistic. Hold an off-boarding meeting where you calmly (no threatful tones) remind them of their ongoing confidentiality obligations and give them a copy of the relevant policy. For very sensitive roles, also consider additional certifications or written confirmations about data return.
Mistake 4: Marketing that accidentally gives away the recipe
Another subtle mistake that can ruin your business will be what I call “enthusiastic storytelling”. This can be done in pitch decks, websites and PR sometimes. It entails giving away too much in the form of e.g. precise technical configurations, unique process steps, or how your model/algorithm really works under the hood. If the “secret sauce” is spelled out publicly, it may no longer qualify as trade secret worthy of solid IP and copycat protection. It becomes much easier to independently copy.
How to do better:
In your public storytelling, make sure you think the details through and focus on talking about outcomes, instead of your inner workings. Keep real “how-to” details in confidential materials. When you are unsure, have someone technical and someone legal quickly sanity-check decks and public content before they go out.
Mistake 5: No international strategy
Scaling into new markets (especially the US) without adjusting your trade secret setup is risky. Issues that can pop up are contracts that are fine under one law, but weak or unclear under another. This becomes obvious for example with US disputes where you’d like to rely on federal DTSA but your contracts don’t mention it or don’t include required notices. Also different expectations and limitations in various jurisdictions in regards to employees’ mobility and non-competes, and this can create problems when it comes to ensuring a solid trade secret protection without loopholes.
How to do better:
When you are expanding, get your core templates reviewed for the jurisdictions where you actually operate (employment, contractor, partner, and NDA templates).Make sure “trade secret” is defined in a way that works under both EU and US rules if you’re active in both. And always keep documentation of your security measures – it helps in any jurisdiction.
Mistake 6: Relying mainly on non-competes
Non-competes are becoming narrower and harder to enforce in many places and this comes as a nasty surprise when the damage has been done or when an employee is about to leave and you realize you can´t enforce the clauses in your employment contract. In Europe, they’re often restricted in length and scope and may require compensation. In the US, there’s a clear policy trend towards limiting non-competes for many workers.
If your entire strategy is “we’ll just block people from joining competitors”, you’re building on sand.
How to do better:
With the legal development narrowing the non-compete scope you should assume people will move between companies that are competitors in some form. So instead make sure you focus on what the law actually protects: misuse of confidential information, not just job changes. Design your systems so that one person leaving doesn’t take the whole crown jewel with them untraceably (e.g. knowledge is documented and access is logged) – because you can enforce trade secret protection and policies in most cases.
Mistake 7: Treating trade secrets as a legal topic only
The final crucial mistake I see happening will be because trade secrets are seen as “a lawyer thing” instead of a core value builder or disrupter for your company that all of management has an active ongoing responsibility to understand and protect.
How to do better:
Make sure you provide each and every key player in the trade secret protection group. Involve founders and the leaders so you are aligned with what is a trade secret and what is truly strategic. Look at tech and operations - where is sensitive information stored and used? In particular make sure that HR (in an early company that will be you the founder or the CEO in most cases) to look at contracts, onboarding/offboarding and training. Make sure that you have adequate IT/security (systems and access), and do consult with legal experts to produce or at least review your policies and contracts.
Final thoughts
I have witnessed hundreds of M&A transactions where the buyer walks away after its legal due diligence because the IP protection is to weak so paying what the company asks in valuation cannot be motivated. And a light but deliberate structure beats a 50-page policy no one reads.
If you want take the next step to protect you trade secrets email me on kat@stgcommerciallaw.com
London, 2 April 2026