Five Things Employers Can Do Now to Protect Trade Secrets in the Era of Remote Work

Employers can no longer rely on office era assumptions about locked file rooms, supervised desktops, and in person oversight. Remote and hybrid work have permanently changed where sensitive information lives and how courts evaluate whether companies took “reasonable measures” to protect their trade secrets. At the same time, trade secret litigation is surging, and recent verdicts show judges and juries are willing to award substantial exemplary damages when they conclude a defendant mishandled confidential information.

In a 2025 California case involving Propel Fuels and Phillips 66, for example, a state court awarded an additional $195 million in exemplary damages for willful and malicious misappropriation, emphasizing that the defendant should have collected, sequestered, returned, or destroyed the plaintiff’s confidential information after terminating acquisition negotiations. That opinion underscores a broader trend: measures that may have looked reasonable in 2016 can be inadequate in 2026 if they ignore remote work, distributed devices, and AI-driven workflows.

Below are five practical steps employers (especially tech and SaaS companies) can take now to align their trade secret protections with the realities of remote and hybrid work.

1. Redraw your trade secret map for a remote first workforce

The starting point is knowing what you are trying to protect. Trade secret doctrine still requires that the information in question be sufficiently specific and economically valuable, not just “everything confidential in the business.” In a remote environment, that means building a concrete inventory of your trade secrets (for example, source code repositories, algorithmic models, nonpublic customer data, pricing playbooks, product roadmaps, and internal tooling) and then mapping where those assets reside and how they move when employees work from home.

In practice, this mapping exercise can reveal surprising gaps. High value assets often sit in SaaS collaboration tools with overly broad permissions, in personal cloud storage, inside channel messaging apps, or as local desktop copies on home machines. Once you have a current map, you can rank assets by sensitivity and assign tiered protections: for your most critical trade secrets, limit access to defined roles, require use of managed or approved devices, disable external sharing by default, and log who accesses or exports the data.

2. Harden remote access with VPN, zero trust, and endpoint controls

Remote work pushes sensitive information over consumer grade networks and through devices the company does not fully control. Courts and commentators now routinely point to technical controls, like VPN use, endpoint security, and encrypted storage as evidence that an employer took modern, context appropriate steps to protect its trade secrets. Yet many organizations still permit remote access to proprietary systems without consistently enforced VPNs, multi-factor authentication, or device standards.

A defensible remote access program should establish baseline technical requirements for any employee or contractor handling trade secrets from outside the office. At minimum, this includes encrypted connections, strong authentication, regular patching, and endpoint protections on devices that access sensitive systems. For higher risk roles, employers should consider endpoint monitoring focused on data movement, such as alerts for large transfers to unapproved cloud services or external media, while avoiding intrusive productivity surveillance that can create separate employment issues.

3. Rewrite your policies for kitchen table offices, not cubicles

Many companies still operate with confidentiality and acceptable use policies drafted for an on-premises environment. Those policies say little about mixed use home offices, shared family devices, or cross border remote hires, even though those scenarios now dominate how knowledge workers operate. When disputes arise, courts increasingly look for clear, written policies that address remote work directly and that the employer can show were communicated, acknowledged, and reinforced over time.

An updated remote work policy should, at a minimum:

• Prohibit sending work files to personal email or personal cloud accounts

• Require use of company approved tools for storage and collaboration

• Set expectations for physical safeguards at home (such as screen locks, secure storage of printouts, and avoiding confidential conversations in shared spaces)

• Define rules for using personal devices to access company systems

Employers should also double down on training modules that explain why these rules exist, how remote missteps can undermine trade secret claims, and what employees must do when they suspect a loss or misdirected disclosure of confidential information.

4. Build a remote friendly exit and transition protocol

The transition points in businesses like employee departures, contractor off-boarding, and the end of strategic partnerships are where many trade secret disputes arise. In a traditional office, employers could collect physical badges and company devices and reasonably assume most data sat on centralized servers. Remote work upends that assumption: sensitive information may remain on home laptops, personal phones, or third-party cloud accounts long after a relationship ends.

Courts expect companies to move quickly and deliberately to collect, sequester, or destroy confidential information when relationships terminate, and they may treat failure to do so as evidence that misappropriation was willful or that information was not adequately protected to begin with. A remote ready exit protocol should therefore include:

• Coordinated credential revocation across SaaS and internal systems

• Device side searches for defined categories of trade secret data

• Written certifications that company information has been returned or securely deleted from personal devices and accounts

For higher risk departures, tailored forensic reviews conducted in a way that respects privacy and applicable employment law.

The same discipline should extend to deals and joint ventures. In negotiations for acquisitions, licensing arrangements, or pilots with technology vendors, companies should ensure their NDAs and transaction documents specify how confidential information must be handled when the deal ends—and then document that those steps were taken. As the Propel Fuels litigation shows, failing to appropriately return or destroy a counter party’s information after talks break down can materially increase exposure for exemplary damages.

5. Treat AI and collaboration tools as part of trade secret hygiene

In 2026, remote workers routinely rely on generative AI and cloud collaboration platforms to draft content, analyze data, and share work product. Those same tools create new leak paths for trade secrets if employers do not proactively govern them. Industry and legal commentators have warned that feeding proprietary code, customer datasets, or strategic plans into public AI systems, particularly those that reserve broad rights over input data, can jeopardize the “reasonable measures” element of trade secret claims. Once the company voluntarily exposes its secrets to an outside system, opposing counsel may argue that secrecy has been lost.

Rather than simply banning AI or collaboration tools, employers should articulate clear standards for using them with confidential information. This may mean designating approved AI platforms with enterprise grade confidentiality terms, disabling logging or training on sensitive inputs where possible, and categorically prohibiting the use of public AI tools for defined classes of trade secret and client data.

For collaboration platforms, employers should tighten default settings around external sharing, enforce least privilege access, and audit high risk work spaces for lingering copies of sensitive materials. Documenting these choices helps demonstrate that the company’s trade secret program is calibrated to how people work today, not how they worked a decade ago.

How Kronenberger Rosenfeld can help tech and SaaS companies

Our team has litigated complex trade secret, customer data, and employee mobility matters, and we help clients design and implement trade secret protection programs that can withstand scrutiny from regulators, counter-parties, and courts.

If your company is rethinking its remote work model, rolling out AI tooling, or preparing for a high stakes transaction involving proprietary technology or data, we can help you assess your current trade secret protections and build a plan tailored to your risk profile and growth stage. To discuss your situation, contact us through our online case submission form.