Key Takeaways And Access To Webinar Recording – The Modern Insider Threat: Shadow IT, BYOD, And Trade Secrets

As part of Seyfarth's 2026 Trade Secrets Webinar Series, our panel presented The Modern Insider Threat: Shadow IT, BYOD, and Trade Secrets, examining how evolving workplace technology is reshaping trade secret risk, discovery obligations, and governance strategy.

Matthew Catalano, Peter Tsai, and Danny Riley led a practical discussion for general counsel, employment counsel, IP counsel, technology and cybersecurity teams, and HR professionals. With remote and hybrid work arrangements, employees increasingly rely on personal devices, unsanctioned apps, collaboration platforms, and generative AI tools — creating significant exposure when data moves beyond corporate control.

The program focused on identifying risks and actionable strategies for aligning Legal, HR, IT, and Security amid rapidly changing technology and regulatory scrutiny.

View the Recording – CLE credit for this recording expires on February 18, 2027. See description for jurisdictions and details.

Key Takeaways

Shadow IT and BYOD Are Trade Secret and Litigation Risks

Employees adopt personal devices and unsanctioned tools faster than policy can respond, creating invisible data flows outside corporate oversight. These blind spots raise trade secret, discovery, and regulatory concerns.

AI Has Accelerated Exposure

Generative AI tools are accessible and easy to use, they multiply risk: source code in chatbots, trade secrets submitted as prompts, and AI notetakers capturing privileged discussions. Courts applying the DTSA's "reasonable measures" standard will scrutinize gaps between policy and enforcement. AI agents generate logs, parameters, and decision paths that may themselves become relevant evidence.

Discovery Extends Beyond Corporate Systems

Data on personal devices, messaging apps, cloud drives, and AI chat platforms may all be discoverable, creating preservation risks and discovery blind spots.

Control under Rule 34 depends on policy and practice:

• In re Pork Antitrust Litigation — remote wipe tools or the employer–employee relationship alone do not give a right to compel access to personal devices.
• Westin— a specific agreement allowing searches of personal devices created an enforceable legal right; work-related text messages on personal devices were within company "control."

Generative AI further complicates discovery:

• United States v. Heppner — AI Terms of Service can determine whether confidentiality is reasonable; generally no reasonable expectation of confidentiality for public AI chat platforms; a public AI chatbot is not an attorney.
• Preservation may require capturing the prompt, the exact document version, and AI outputs.
• AI Agent actions, logs, and decision pathways may also be discoverable, and automated alterations can create spoliation risk.

Privacy Laws Add Complexity — But Not Immunity

Monitoring for trade secret protection intersects with privacy laws such as California's CCPA and the EU's GDPR. Privacy does not remove governance obligations; it requires thoughtful balancing and documentation.

"Shadow contracts" — employees accepting SaaS terms without review — can bind the company to unfavorable data use or AI-training provisions.

Security Blind Spots Are Costly

Shadow IT operates outside logging, monitoring, and audit controls. Most incidents are unintentional, yet once sensitive information leaves controlled systems, corporate exposure to threat actors, plaintiffs, and regulators can follow.

Protection Requires Cross-Functional Alignment

Technology alone is insufficient; policies without enforcement lack defensibility. Effective management requires Legal, HR, IT, and Security coordination, with measurable standards such as auditability, preservation readiness, and compliance posture.

Looking Ahead

Shadow IT, BYOD, and AI are embedded in daily workflows. Courts are adapting discovery standards, and regulators scrutinize information governance practices. Organizations that assess high-risk roles, enforce approved tool frameworks, and align cross-functional stakeholders are best positioned to protect trade secrets while meeting discovery and compliance obligations.

To ensure you don't miss future sessions, subscribe to our Litigation – Trade Secrets & Non-Competes mailing list. For tailored programs, our attorneys are available to present customized sessions for your organization. Subscribe to our Trading Secrets blog for ongoing insights on trade secrets, employee mobility, and information governance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.