Hardly a week goes by without seeing a post or article by some well-meaning lawyer who insists that the first step in protecting your trade secrets is to know what you have, therefore you need to do an "inventory." That's only half right: knowing what you own is critical, but you don't have to create a detailed list, as if you were ticking off the contents of a hardware store. In fact, you shouldn't do that.
First, you don't have to. The legal standard is "reasonable efforts," and judges are generally understanding and flexible about the quality of a trade secret owner's efforts. And from a management point of view, making prudent decisions requires only that you assign a risk profile to categories of data, not to individual records.
Second, it's dangerous. Getting too granular risks counting the leaves on the trees, and passing over what makes the forest vulnerable (or valuable). You will end up wasting time and probably abandoning the project. Or worse, you'll miss some important things altogether.
Instead of counting all the leaves in your forest, start by pulling together an interdepartmental team and talking about what drives your competitive advantage, and identify your key vulnerabilities. You'll probably be surprised - and certainly will be better informed - by the different perspectives brought to the meeting.
With this grounding, you will be in a good position to begin designing an approach that will work for your unique organization. To better prepare yourself for that design, click
for a copy of my white paper "The Principles of Information Protection Plans." And don't worry, the categorization and labeling will come!