Confidentiality Agreements

There are four basic ways a company protects their proprietary rights:

• Patents protects an idea and provide a right to exclude others from making/using/selling items that include the patent for 20 years from filing date
• Copyright protects a particular expression of an idea from copying.
• Trademark identifies the source of a good or service to eliminate consumer confusion.
• The last way is managing information as a Trade Secret to protect the information.

.Most of the time “trade secret” information is information or technology that has been kept secret and that provides commercial value or advantage to that company.  A trade secret can be any type of information that meets three conditions:

1. The information is not generally known or readily ascertainable.
2. The information is valuable to its owner (or would be valuable to a competitor),
3. The company must demonstrate that it intended to keep the information secret.

One of the ways a company demonstrates the intent to keep their Trade Secret information secret, is by requiring Confidentiality or Non-Disclosure Agreements to protect the information.

Suppliers will want to protect are things such a specifications on unannounced products, business plans, product road maps, cost information, technical information about their products or processes, etc.  Buyers want to protect many of the same types of things.

Most Confidential or Non-disclosure agreements will contain the same basic requirements:

• The description of what is confidential and what is required for it to be managed as confidential. For example, the parties may require a non-confidential description of what each plans to transmit.
• The process which must be followed for submission and receipt, This would include things like who to submit it to and how it must be marked.
• Restrictions on disclosing the information to other individuals or companies. This would identify whether subsequently disclosure under a CDA to another party would be allowed.
• Restrictions on the use of the information. This could be restrictive such as using it solely in connection with business with the discloser. It could also provide broad use, such as being able to use it for any purpose subject to maintaining the confidentiality obligations.
• The period during which those obligations remain in effect. This is the term you need to hold it as confidential. The term should never be left open ended, as you would be obligated to maintain it as confidential forever when most information has a useful life.
• The standard by which the information will be protected. Frequently this is the standard to which you manage your own confidential information, but for highly sensitive data extreme restrictions may be imposed such as limited the number of copies, prohibiting copying, requiring access control etc,
• Rights the recipient may have in the disclosed materials subject to the confidentiality and underlying intellectual property rights of the Discloser.
• Exceptions to the obligations.  Examples of this are when there is a court order that requires disclosure or the information becomes public knowledge

Receiving technical confidential information is a serious problem for many companies as there is always the potential for the breach of the agreement and the damages associated with that. Many times confidentiality agreements do not include a limitation of liability. There is also the risk that such receipt could be used to limit the ability to develop, manufacture or market future products. There is further the risk the information may inadvertently wind up being used in a future product that would subject the recipient to:

• Potential injunctions on the sale, manufacture or use of such products or services for infringement of the Discloser’s intellectual property rights, or
• Claims for misappropriation of trade secret information (unlawfully taking the property of the discloser).

That’s why many CDA's will either include a right to use the information as long as the confidentiality obligations are met or provide a right to use retained information so individuals that were exposed to the information would be able to use what they mentally retained.

The best was to manage the risk associated with the receipt of confidential information is to manage and limit its receipt. You want to ensure you do not get unsolicited information and all receipts should be justified on a “need to know” basis.

If you need to share confidential information, you need to put an appropriate agreement in place before you receive it or before you disclose it. If a Supplier submits something that is market as confidential and there is no agreement in place, return it. If you are seeking bids or proposals put the Supplier on notice in your document that all materials submitted should be non-confidential and if they require something be treated as confidential, that it be submitted only after an appropriate agreement is in place.

One of the issues that frequently may be an issue in negotiating confidentiality agreements is the term you must maintain the information as confidential. The simple fact is most things that a Supplier would want to protect have a limited life where it meets the three conditions of a trade secret. Un-announced products get announced. Product designs that needed to be protected lose their value once the product is available for sale where anyone can buy one and see how it’s made. Business plans and strategies seldom remain fixed for an extended period. The period you agree to for confidentiality obligation should depend upon what’s being disclosed and the dynamics of the market. There are few things that would be disclosed that need protection for more than two or three years.

Negotiation - Thoughts on Confidentiality Obligations

When a party receives the confidential information of another company, it exposes the receiving party to potential claims from the disclosing party. There could be claims for breach of the confidentiality obligation should the confidential information be disclosed to a third party. You could also be subject to claims for misappropriation of trade secrets if you used the confidential information in an unauthorized manner.

To control the risk you should control:

·       What information the other party can provide. You control the information the other party can provide as the less information you receive, the less exposure you have. If you are the receiving party you want it to be limited in scope, and be only that information that was requested by you.

·       How it is provided. You are being made aware that the information is confidential so it will be properly managed

·       Who it must be provided to. Its best to have a single point of receipt so you can identify what has been provided.

·       What the requirements are to identify information as confidential.

o   For written or electronic documents how they must be marked.

o   For oral conversations, when and how their confidential nature must be identified and document.

·       What the specific confidentiality obligations are with respect to the information

o   The standard you need to use to manage the information.

o   Who it may be disclosed to without breaching the confidentiality obligation (such as Governmental Authorities); and

o   How long the information must be maintained as confidential.

As exceptions to the confidentiality obligations, you want to be absolved from inadvertent disclosures or for managing information that becomes public or is provided to you through another means. You also want to have a limited period during which you need to hold it as confidential. Most confidential information really only has a limited period in which it has value. For example, information about unannounced products should only need to be held as confidential until the product is announced. As technology changes, technical design information will also have limited value because it is either replaced with other technology or once it is for sale in the marketplace it may be easy to evaluate what the product does and how it does it.

Suppliers usually want broad coverage for their information and want the term to be long. In negotiating the term, use the product life cycle to keep it the term short. In negotiating the scope, limit the information to only that information for which you have an absolute need to know and limit it to only what you request, not what they want to give you. The more they give you the greater the potential exposure. The more technical the information the more you need to control the flow of information within your company so the Supplier’s ideas and concepts are kept separate from engineers and groups that may be developing alternative or competing products.

Highly sensitive information requires strict controls on the management of confidential information. I’ve worked in programs where there was a limited number of copies that could be maintained, All copies were controlled by a central administrator. Access to the information was limited to the program team who had a need to know and copies of the information could not leave the area or be copied. Individuals could only read the information.

As another way of managing against the risk of claims for misappropriation of trade secret information, some companies may include the right to use disclosed information in any manner within the company as long as it isn’t disclosed to a third party. Many Suppliers won’t agree to such broad use and frequently what may get negotiated is having the right to use information that is "retained in the minds" of individuals who were exposed to the information. If there is a retained information right there may also be an obligation to either return or certify the destruction of the information at some point in time so the receiving company will only have "retained information".