Trade Secrets

MicroStrategy v. Business Objects: A Field Manual for Reasonable Secrecy Measures

An Eastern District of Virginia bench trial inventoried what reasonable measures look like in practice, then found misappropriation in only two of eighteen alleged disclosures.

October 8, 2025
A secured server room with badge access in a software company
The court catalogued physical, network, and contractual controls before deciding which information stayed secret. Shutterstock
Educational content, not legal advice. This article explains general legal concepts. It does not create an attorney–client relationship. For your specific situation, consult a licensed attorney.

MicroStrategy Inc. v. Business Objects, S.A., 331 F. Supp. 2d 396 (E.D. Va. 2004), Civil Action No. 2:01cv826, decided August 6, 2004 by Judge Jerome B. Friedman, is one of the more useful district-court opinions on the reasonable-measures element precisely because it is granular. Rather than announce a doctrine, it works through a real company’s security program item by item, then applies that program to eighteen separate instances in which a competitor allegedly received MicroStrategy’s information — concluding that only two amounted to misappropriation. The Federal Circuit later addressed the case on appeal in MicroStrategy Inc. v. Business Objects, S.A., 429 F.3d 1344 (Fed. Cir. Nov. 17, 2005), where the trade-secret liability findings were not disputed by the parties and the court’s attention turned largely to the failure of proof on damages.

MicroStrategy and Business Objects were rivals in business-analytics software. The misappropriation claim was tried to the bench while a related tortious-interference claim went to a jury. The bench posture matters: instead of general-verdict opacity, the case produced detailed findings about which categories of information qualified as trade secrets, why, and what secrecy measures supported each conclusion — making the opinion a kind of field manual for the element.

At a glance

  • Case: MicroStrategy Inc. v. Business Objects, S.A., 331 F. Supp. 2d 396 (E.D. Va. 2004), Civil Action No. 2:01cv826
  • Decided: August 6, 2004 (Friedman, J.); trade-secret claim tried to the court
  • On appeal: 429 F.3d 1344 (Fed. Cir. Nov. 17, 2005) (trade-secret findings undisputed; damages analysis the focus)
  • Law applied: Virginia Uniform Trade Secrets Act
  • Result below: Of eighteen alleged disclosures, only two involved misappropriation; injunction issued against further use of the misappropriated information
  • Core lesson: Reasonable measures are evaluated asset-by-asset; a strong company-wide program supports protection for valuable, restricted information but cannot rescue material that is public or lacks competitive value

The inventory of reasonable measures

What makes the opinion instructive is its catalogue of what MicroStrategy actually did, which the court credited as taking “reasonable steps to keep the information secret.” The program spanned three familiar layers, and reading them together gives counsel a practical template.

On the contractual layer, MicroStrategy required every employee to sign a confidentiality agreement as a condition of employment and used non-disclosure agreements with outside parties before sharing sensitive material. On the physical layer, it controlled facilities with locked doors, badge access, and surveillance cameras. On the network layer, it deployed firewalls and VPN access controls. Cutting across all three, it distributed sensitive documents internally on a need-to-know basis and marked them with confidentiality designations.

The lesson is not that any single measure is decisive but that a layered, consistently applied program supplies the evidentiary foundation for the element. None of these steps is exotic; their power comes from being routine, documented, and uniform. A company that can put this inventory in front of a court has done the unglamorous work that the secrecy element rewards.

Asset-by-asset, not all-or-nothing

The opinion’s most important methodological point is that a strong corporate security program does not automatically protect everything the company touches. The court evaluated each alleged trade secret against the statutory definition, asking both whether the information had independent economic value from not being known and whether MicroStrategy had taken reasonable steps to keep that particular item secret. That discipline produced a split docket: among the categories it analyzed, the court recognized protectable trade secrets — such as MicroStrategy’s competitive pricing analysis and volume-discount structure — because they were both genuinely valuable and actually guarded by the program described above.

Other claimed secrets failed. An internal email from CEO Michael Saylor, for instance, did not qualify; the court found its contents were largely public or about to become public and therefore lacked the competitive value the statute requires, regardless of how sensitive the company felt the communication to be. The takeaway is that reasonable measures and economic value operate as paired requirements. Robust security cannot manufacture a trade secret out of information that is public or commercially trivial, and genuinely valuable information will not be protected if the owner failed to guard it. Both boxes must be checked, and they are checked separately for each asset.

That asset-by-asset rigor is why the headline number — two misappropriations out of eighteen alleged — is itself a teaching. A plaintiff that throws a broad net of “everything we shared was a trade secret” invites the court to test each item, and most items tend to fall out for want of either value or adequate secrecy measures. The disciplined claimant identifies the few assets that can survive that test and proves the measures protecting each.

The damages coda

The litigation’s later chapters underscore that winning the secrecy element is only the beginning. The district court found misappropriation and enjoined further use of the two qualifying secrets, but the Federal Circuit’s 2005 opinion turned on MicroStrategy’s inability to prove damages with reasonable certainty or to establish the necessary causal link between the misappropriation and its claimed losses. A plaintiff can clear every hurdle on liability — value, secrecy measures, misappropriation — and still recover little if the damages model is speculative. For practitioners, the case is a paired warning: build the secrecy record asset-by-asset, and build the damages record with equal rigor.

Open questions

The opinion applies a sensible asset-by-asset method but leaves the harder line-drawing to intuition. How current must internal pricing analyses or discount schedules be before they lose value and, with it, protection — a question the court resolved on these facts without a general rule? The decision also does not deeply probe whether the same layered program could be deemed unreasonable as applied to a specific high-value asset that slipped through need-to-know controls; its measures analysis is largely affirming rather than testing the program’s gaps. And the appellate focus on damages leaves the relationship between a narrow liability finding and the scope of injunctive relief less developed than the secrecy analysis itself.

Implications

  • Build a layered program. Contractual (employee agreements, NDAs), physical (badges, cameras, locked space), and network (firewalls, VPN) controls, plus need-to-know distribution and confidentiality markings, form a defensible template.
  • Prove the element asset-by-asset. Courts test each claimed secret for both value and measures; a strong company-wide program does not auto-protect every document.
  • Do not over-claim. A broad “everything is a secret” posture invites item-by-item attrition; identify the few assets that survive scrutiny and prove the measures for each.
  • Security cannot create value. Information that is public or commercially trivial will not become a trade secret no matter how tightly it is held.
  • Win liability and damages. As the Federal Circuit’s reversal on damages shows, proving misappropriation is wasted if the damages model is speculative or causation is unproven.

Frequently asked questions

What measures did the court credit as reasonable? Employee confidentiality agreements and NDAs with outside parties, physical controls such as locked doors, badges, and cameras, network controls including firewalls and VPN, plus need-to-know internal distribution and confidentiality markings on documents.

Why did some claimed trade secrets fail? At least one — an internal CEO email — failed not for lack of security but for lack of value, because its contents were largely public or soon to be public. The court required both reasonable measures and independent economic value, evaluated separately for each item.

Did MicroStrategy ultimately recover damages? The district court found misappropriation and issued an injunction, but on appeal the Federal Circuit’s 2005 decision turned on MicroStrategy’s failure to prove its damages with reasonable certainty and to establish causation, limiting its monetary recovery.

Authorities and sources