Confidential information often ranks as one of the most highly valuable and principal group of assets for many companies, and protecting these assets should be a vital business priority. In the ordinary course of business, however, many companies regularly share confidential information with employees, business partners, customers, suppliers, consultants, and other third parties, which inherently puts the company’s confidential information at risk.
While not sharing confidential information with other parties is the most effective method for keeping such information secret, this approach does not work in reality for most companies and industries. Therefore, contractual measures, such as confidentiality agreements, confidential disclosure agreements, and nondisclosure agreements, should be used to protect a company’s confidential information. (In this article, “confidentiality agreement” refers to each type of agreement.) Confidentiality agreements, if carefully prepared, provide enforceable rights that help protect a company’s confidential information by identifying the confidential information to be protected and defining how the parties should treat such information.
Benefits of a Written Agreement
Confidentiality obligations memorialized in a written contract, as opposed to an oral promise to keep information confidential or no promise at all, provides greater protection of a company’s confidential information. Defining the terms under which confidential information will be shared between parties helps avoid confusion over what the parties consider to be confidential and allows parties to clearly identify how confidential information should be treated. Further, written contracts provide more solid ground for enforcing confidentiality obligations and showing that confidential information was inappropriately used or disclosed should complications arise. For some categories of confidential information, failure to have a written confidentiality undertaking will effectively devalue that information significantly.
Confidentiality agreements also provide protection for information that may not otherwise be protected by law. For example, while the federal Defend Trade Secrets Act of 2016 (“DTSA”) provides protection for certain information that falls under the DTSA’s definition of a “trade secret,” relying on trade secret laws alone to protect confidential information is insufficient. While information that qualifies for protection under trade secret laws is considered confidential information, not all confidential information is considered a “trade secret.” Further, trade secret protection, if applicable, can be weakened or deemed waived if disclosed without a written agreement in place requiring that such information be kept strictly confidential.
Written confidentiality agreements can also provide a platform for an organization to define other aspects of the business relationship, including non-competition and non-solicitation obligations. Such agreements also indicate a company’s desire to maintain and adhere to confidentiality standards that are expected in many commercial relationships.
Unilateral versus Mutual
The nature of the transaction or relationship between the parties desiring to exchange protected information will determine whether a unilateral or mutual confidentiality agreement is appropriate under the circumstances. In some business relationships, only one party shares its confidential information with the other. In this case, a unilateral confidentiality agreement may be appropriate as it stipulates confidentiality and nondisclosure obligations and use restrictions that apply only to the party receiving the confidential information. In business relationships involving a mutual exchange of information, a mutual confidentiality agreement ensures each party is bound to the same confidentiality and nondisclosure obligations as the other party with respect to the confidential information it receives.
Identify Confidential Information and Trade Secrets
For the most part, statutes do not define what should be considered “confidential information”. Therefore, a confidentiality agreement should clearly define the scope of protectable information. Agreements often broadly describe confidential information as any confidential, non-public, or proprietary information, whether written, electronic, oral, or visual, and address the protections to be afforded to the confidential information that is exchanged between the parties in connection with the business relationship. Some agreements may also specify certain categories of information to be treated as confidential, including business and marketing plans, customer lists, operation methods, pricing structures and methodologies, supplier and vendor lists, terms of commercial contracts, formulas, designs, and other trade secrets. Confidential information should also be defined to include information disclosed by a party’s affiliates or by other third parties in connection with the business relationship, as well as information that the disclosing party has an obligation to protect, such as personal identifying information or protected health information. Some agreements require confidential information to be clearly marked as such and require any confidential oral disclosures to be stated as such at the time of disclosure and confirmed in writing shortly thereafter.
Including trade secrets as a component of confidential information helps ensure appropriate protection of this important body of information. Trade secrets consist of confidential information that confers a competitive advantage upon its holder by virtue of being unknown to others. The DTSA outlines three essential elements of a trade secret: (1) the information has either actual or potential independent economic value by virtue of not being generally known; (2) the information has value to others who cannot legitimately obtain the information; and (3) the information is subject to reasonable efforts to maintain its secrecy. Most states have their own version of the DTSA. For example, Indiana adopted the Indiana Uniform Trade Secrets Act in 1982, which is modeled from the Uniform Trade Secrets Act that codifies the basic principles of common law trade secret protection. Identifying certain information as a trade secret provides additional protection for such information under federal and state trade secret law.
Certain information, however, may not be considered confidential information or a trade secret. Confidentiality agreements typically include four standard exclusions from the definition of confidential information, including any information that (1) is or becomes public other than through a breach of the agreement by the receiving party; (2) was already in the receiving party’s possession or was available on a non-confidential basis prior to disclosure; (3) is received from a third party that is not bound by separate confidentiality obligations to the disclosing party; and (4) is independently developed by the receiving party without using the disclosing party’s confidential information. Information may lose protection as a trade secret if the disclosing party fails to take adequate steps to prevent disclosure of the secret, through authorized disclosure of the secret, or if the secret is independently developed by another party.
Other Key Provisions
In addition to defining the unilateral or mutual nature of the agreement and information to be treated as confidential, confidentiality agreements also typically include the following key provisions:
- a clear definition of the parties to the agreement;
- the business purpose of the agreement;
- confidentiality and nondisclosure obligations;
- permissible disclosures of confidential information (for example, as legally required by law, regulation, or court order; provided that if the receiving party is not prohibited from doing so, the disclosing party is notified of such required disclosure);
- safekeeping requirements (e.g., the receiving party shall treat confidential information received from the disclosing party with the same degree of care as the receiving party treats its own confidential information);
- the agreement’s term and survival of nondisclosure obligations; and
- obligations to return or destroy confidential information upon the termination of the agreement.
Risks of Disclosing Confidential Information
Confidentiality agreements provide effective and important tools to prevent the misuse and unauthorized disclosure of confidential information, although companies should be aware of and be prepared to address certain risks that inherently arise when disclosing confidential information to other parties.
For example, if confidential information is wrongfully disclosed and therefore becomes part of the public domain, that information cannot be “undisclosed” and loses protection, as it is no longer considered confidential information. Further, while a receiving party may technically comply with all confidentiality obligations contained within an agreement, the confidential information may still be indirectly used to the receiving party’s commercial advantage.
Enforcing a confidentiality agreement and proving a breach of such an agreement may also be difficult for the disclosing party. Available remedies for breach of a confidentiality agreement may be limited due to the fact that damages can be difficult to ascertain, particularly where the value of a company’s confidential information is based on future benefit to the company rather than present value. Parties may seek injunctive relief to prohibit a receiving party’s future dissemination of confidential information; however, regardless of the outcome of a court proceeding, the disclosing party is likely to experience significant loss in the value of the confidential information.
While sharing confidential information certainly comes with risks, the commercial benefits often outweigh the risks of disclosing a company’s information under the protection of a confidentiality agreement. A disclosing party can effectively manage risks associated with sharing confidential information through the thoughtful drafting of confidentiality agreements, the careful management of confidential information and related disclosures, and a proactive plan for handling unauthorized disclosure of confidential information by the receiving party.
Ensuring Continued Protection of Information: Practical Considerations
Protecting your company’s confidential information requires more than just well-drafted confidentiality agreements. Companies should also implement effective strategies for protecting all confidential information handled by it, whether the information relates to employee information, customer information, or information of other business partners. Such practices may include the following:
- develop and maintain internal policies and practices to protect confidential information;
- regularly remind and train employees about importance of protecting confidential information and best practices;
- implement physical security measures (e.g., secure destruction of confidential documents, locked storage cabinets, facility visitor restrictions, and policies regarding removal of confidential information from company premises);
- implement electronic/cyber security measures (.e.g., control access, encryption, password sharing policies, and systems to monitor and detect suspicious activity or unauthorized disclosures); and
- maintain appropriate and consistent confidentiality agreements and practices for all employees, contractors, and other third parties.
Every company should take reasonable measures to maintain confidentiality of information, including the following: (1) identify confidential information; (2) assess the best method for protecting confidential information (i.e., confidentiality agreements, physical and cyber security to protect information, protection under other intellectual property law); (3) define “confidential information” and “trade secrets,” if applicable, in contracts with employees, independent contractors, and other parties who may have access to such information; (4) enter into legally compliant confidentiality agreements and update such agreements as necessary; (5) for trade secrets, establish, monitor and implement protocols that keep those trade secrets accessible only to those who need to have access; and (6) educate and regularly remind employees and others who may have access to confidential information about relevant contractual obligations and the importance of safeguarding such information.
Protecting confidential information is an important part of protecting a company’s present and future value and ensures that companies maintain their competitive edge in their industry. Companies should implement detailed strategies to protect their secrets, as the value and competitive edge of confidential information provide a meaningful asset to each individual company.