Tuesday, February 22, 2011
Negotiation - Thoughts on Confidentiality Obligations
When a party receives the confidential information of another company, it exposes the receiving party to potential claims from the disclosing party. There could be claims for breach of the confidentiality obligation should the confidential information be disclosed to a third party. You could also be subject to claims for misappropriation of trade secrets if you used the confidential information in an unauthorized manner.
To control the risk you should control:
· What information the other party can provide. You control the information the other party can provide as the less information you receive, the less exposure you have. If you are the receiving party you want it to be limited in scope, and be only that information that was requested by you.
· How it is provided. You are being made aware that the information is confidential so it will be properly managed
· Who it must be provided to. Its best to have a single point of receipt so you can identify what has been provided.
· What the requirements are to identify information as confidential.
o For written or electronic documents how they must be marked.
o For oral conversations, when and how their confidential nature must be identified and document.
· What the specific confidentiality obligations are with respect to the information
o The standard you need to use to manage the information.
o Who it may be disclosed to without breaching the confidentiality obligation (such as Governmental Authorities); and
o How long the information must be maintained as confidential.
As exceptions to the confidentiality obligations, you want to be absolved from inadvertent disclosures or for managing information that becomes public or is provided to you through another means. You also want to have a limited period during which you need to hold it as confidential. Most confidential information really only has a limited period in which it has value. For example, information about unannounced products should only need to be held as confidential until the product is announced. As technology changes, technical design information will also have limited value because it is either replaced with other technology or once it is for sale in the marketplace it may be easy to evaluate what the product does and how it does it.
Suppliers usually want broad coverage for their information and want the term to be long. In negotiating the term, use the product life cycle to keep it the term short. In negotiating the scope, limit the information to only that information for which you have an absolute need to know and limit it to only what you request, not what they want to give you. The more they give you the greater the potential exposure. The more technical the information the more you need to control the flow of information within your company so the Supplier’s ideas and concepts are kept separate from engineers and groups that may be developing alternative or competing products.
Highly sensitive information requires strict controls on the management of confidential information. I’ve worked in programs where there was a limited number of copies that could be maintained, All copies were controlled by a central administrator. Access to the information was limited to the program team who had a need to know and copies of the information could not leave the area or be copied. Individuals could only read the information.
As another way of managing against the risk of claims for misappropriation of trade secret information, some companies may include the right to use disclosed information in any manner within the company as long as it isn’t disclosed to a third party. Many Suppliers won’t agree to such broad use and frequently what may get negotiated is having the right to use information that is "retained in the minds" of individuals who were exposed to the information. If there is a retained information right there may also be an obligation to either return or certify the destruction of the information at some point in time so the receiving company will only have "retained information".