Fourth Circuit Clarifies ‘Reasonable Efforts’ Standard for DTSA Trade Secret Protection

The most contested element in establishing a prima facie Defend Trade Secrets Act (DTSA) trade secret misappropriation claim is whether the owner undertook “reasonable efforts” to maintain secrecy. Defendants routinely cite a lack of or poorly implemented security measures as a defense. On November 18, 2025, the U.S. Court of Appeals for the Fourth Circuit in Samuel Sherbrooke Corporate Ltd. v. Mayer offered guidance on what constitutes such measures at the pleading stage, reversing the district court’s dismissal on the ground that the plaintiff failed to take reasonable measures to protect the trade secrets at issue. The decision suggests that limited protective measures are sufficient to survive summary judgment. Beyond providing pleading-stage guidance, the decision also importantly allows trade secret owners to assess whether they are doing enough to protect their trade secrets.

The ‘Reasonable Efforts’ Standard Under the DTSA

A plaintiff must prove as part of its prima facie case that it has undertaken “reasonable efforts” under the circumstances to maintain the information as a trade secret. Reflecting this understanding, the DTSA and the Economic Espionage Act (EEA) do not define what constitutes a “reasonable measure.” Indeed, the EEA’s legislative history indicated “what constitutes reasonable measures in one particular field of knowledge may vary significantly from what is reasonable in another field or industry,” and is “dependent upon the nature of the information in question.” (H.R. Rep. No. 104-788, at 13, 1996 U.S.C.C.A.N. 4021, 4026).

The extent of the trade secret owner’s security measures need not be absolute or heroic. As a leading case explained, “[i]f trade secrets are protected only if their owners take extravagant productivity-impairing measures to maintain their secrecy, the incentive to invest resources in discovering more efficient methods of production will be reduced, and with it the amount of innovation,” and that “perfect security is not optimum security.” Rockwell Graphic Sys., Inc. v. DEV Indus., Inc. The test of reasonable measures, therefore, focuses primarily on the actions of the trade secret owner and on the circumstances surrounding the particular trade secret.

The reasonableness standard ensures that there will be some close cases that entail difficult line-drawing. As a result, only in extreme cases can what is a “reasonable” precaution be determined on a motion for summary judgment because the answer depends on a balancing of costs and benefits that will vary from case to case and so require estimation and measurement by persons knowledgeable in that particular field. Thus, defendants have found it challenging to persuade a trial judge that the plaintiff’s efforts to protect the secrecy of its information at the pleading stage were unreasonable as a matter of law, and what is “reasonable” is usually a fact determination reserved for the jury. Sherbrooke reflects this understanding.

Sherbrooke

In Sherbrooke, the district court granted the defendants’ motion for summary judgment on the ground that the plaintiff had failed to plausibly allege that they had taken reasonable measures to protect the secrecy of certain proprietary software that the plaintiff alleged constituted a trade secret under the DTSA. The Fourth Circuit disagreed with the district court’s conclusion that an employment agreement, which included a confidentiality provision prohibiting the defendants from disclosing “Confidential Information” that included the proprietary software, is not, as a matter of law, sufficient to demonstrate reasonable efforts to maintain secrecy. The Fourth Circuit found that Sherbrooke “did not need to prove anything. They only needed to plausibly allege that the Proprietary Software was covered by the confidentiality provision, which was a reasonable measure to keep it secret.” The court determined that they did so.

In reaching this conclusion, the court relied heavily on several Ninth Circuit decisions that held that at the pleadings stage “confidentiality provisions constitute reasonable efforts to maintain secrecy.” Of particular note, the Fourth Circuit was not troubled that the “reasonable measures” in nearly all of the Ninth Circuit cases also included additional measures that the trade secret owner had implemented, such as, for example, “grant[ing] access [to the trade secrets] only to certain agents, us[ing] password protection, and revok[ing] access upon employment termination.” While Sherbrooke recognized this, the court stated “[b]ut that does not mean they are required to allege more, and we see no reason to create such a requirement.” The court further recognized that “[w]hat may be reasonable measures in one context may not necessarily be so in another.” Thus, at the pleading stage, it is sufficient that “Appellants allege they protected the Proprietary Software by requiring employees to sign the confidentiality agreement and Invention Provision contained in the employment contract.”

Practical Implications

Sherbrooke is consistent with other cases in which the non-moving party most often can identify a material fact dispute as to whether the plaintiff took reasonable efforts to maintain secrecy, precluding summary judgment. However, in a limited number of cases, trade secret owners should be aware that summary judgment may be proper, such as where a plaintiff “has submitted no evidence of effective security measures taken to guard its alleged trade secrets.” Further, at trial, defendants are likely to point out all the other security measures that a plaintiff could have implemented at little cost and which would have substantially increased the protection of the trade secrets at issue. Based on the current record, it seems likely that a jury will find that the confidentiality agreement and other limited employee agreements may not, by themselves, constitute “reasonable measures.” Indeed, instead of taking comfort in the fact that such safeguards constitute reasonable measures, trade secret owners should be asking whether they have done enough to protect their increasingly valuable trade secrets.

Examples of Adequate Security Measures

While the following is not an exhaustive list, the types of safeguards that have been held sufficient to establish “reasonable efforts” under the circumstances include:

• Having a written trade secret protection plan and following it.
• Educating employees as to which documents contained trade secrets and keeping those documents in a locked room.
• Closing to outsiders a clean room where the secret was practiced, educating employees as to the confidential nature of the information and requiring them to sign nondisclosure agreements.
• Eliminating access to a computer tool containing trade secrets and restricting the distribution of software, including to the manufacturer of the computer used by the supplier of the computer tool.
• Restricting employee access to computers, restricting other access to employees and prominently mentioning in an employee handbook the competitive importance of the information.
• Placing proprietary legends on all trade secret documents, restricting physical access to the facility, imposing visitor restrictions, and keeping drawings and copies of patent applications in locked files.
• Requiring employees to sign confidentiality agreements, restricting access to computer system, placing proprietary notices on software, including nondisclosure provisions in licensing agreements, and shredding source code printouts.
• Protecting software with confidentiality notices, requiring passwords to prevent unauthorized access, and placing information in restricted storage.
• Restricting access to production processes and equipment areas, requiring employees to sign nondisclosure agreements, issuing employees identification badges, and notifying suppliers of trade secrets.
• Removing business information from view during visits by third parties, keeping pricing in special books, using passwords for computer access, and keeping other information under lock and key.
• Attaching electronic sensors to trade secret documents.

Examples of Inadequate Security Measures

Although there is no hard-and-fast rule for determining when efforts to maintain secrecy are inadequate, courts have found security measures to be inadequate in the following circumstances:

• Failing to place confidentiality markings on materials containing and describing software.
• Conducting public tours of plant operations without requiring secrecy agreements.
• Filing trade secret documents with a court without placing the documents under seal.
• Employing hit-or-miss methods to protect secrecy, requiring some but not all key employees to sign confidentiality agreements, and failing to identify for employees the information regarded as a trade secret.
• Allowing employees to take job manuals home and to keep them when they quit.

Don’t Do the Minmum

The Fourth Circuit’s decision in Sherbrooke provides important clarity on the “reasonable efforts” standard at the pleading stage, holding that confidentiality agreements alone can suffice to survive a motion to dismiss. This plaintiff-friendly ruling recognizes that what constitutes reasonable security measures is context-dependent and industry-specific, and that courts should be reluctant to grant summary judgment on this fact-intensive inquiry.

However, trade secret owners should not interpret Sherbrooke as permission to rely solely on minimal protections. While confidentiality agreements may satisfy pleading requirements, they are unlikely to persuade a jury at trial that the owner exercised truly reasonable efforts to protect valuable proprietary information. The decision underscores a critical distinction: the low bar for surviving dismissal versus the more demanding scrutiny that awaits at trial.

The practical takeaway is clear: companies should implement layered, comprehensive security measures that demonstrate a genuine commitment to protecting trade secrets. Cases illustrate that the “reasonable efforts” standard entails consideration of both the appropriateness of the measures from a cost-benefit standpoint and the care taken in implementing them. Sloppy implementation of sensible security measures can destroy trade secrecy. Rather than asking “what is the minimum we need to do to avoid dismissal,” trade secret owners should ask “have we done enough to convince a jury that we truly valued and protected our competitive advantages?” In an era of increasing trade secret litigation and escalating valuations of proprietary information, proactive security measures are not just a legal requirement—they are a business imperative.

Image Source: Deposit Photos
Author: paisan191
Image ID: 88810564