Disclosing Confidential Information
by Vivien Irish, Director of Intellectual Property, NXT plc September 2003
Worldwide, the law protecting confidential business information (or trade secrets) is very varied. This summary of confidential information, what it is, and how it can be protected, is based on English law. However, the principles of English law in this context can be applied to good effect in many other countries.
All companies have secrets. Some are technical such as the detailed specification of a manufacturing process; some are business-related such as a list of customer names and addresses, which would be useful to a competitor. Some are of enormous value, e.g. the recipe for Coca Cola; others are less valuable. Some are simple, even one word long, such as the name of a company takeover target, others are complex, such as the details of a planned advertising campaign. The common factor is that all can be protected.
In recent years, many countries have introduced laws on the protection of confidential business information along the lines proposed by the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS), which states that for information to be legally protectable:
- (i) the information must be secret, i.e., not generally known ore readily accessible to persons that normally deal with that kind of information;
- (ii) it must have commercial value because it is secret;
- (iii) the owner must have taken reasonable steps to keep it secret.
The most important thing is for SMEs to have a basic understanding and sensible internal rules, so that their valuable information retains that value and remains confidential.
An important factor in protection is proper management control. Managers should restrict access to secrets to the staff who need to know them - the biggest loss of confidential information from a company occurs when its staff leave and move to another firm in the same area of business. Also it is important to mark documents with a word such as "confidential" if this is the case, but avoid the tempting mistake of marking every document, because such marking will have no real meaning and will be ignored. Other security precautions may be needed, such as imposing password protections on access to information.
In a normal business it is sometimes necessary to share a secret with another company. A manufacturer may need to have specialised tests carried out on a prototype, and does not want competitors to know details of the new product. An assembly company may wish to know if a supplier can meet a new, tough specification which will give a quick market advantage, but does not want anyone else to use the same specification. In both of these examples the prototype and the new specification must pass out of the owner's hands, but the owner will of course wish to retain control.
The solution is to get the company to which the confidential information is to be disclosed to sign a Confidentiality Agreement, sometimes called a Non-Disclosure Agreement (NDA)
A simple example of an NDA is annexed and can be used as a model. Again it is valid in English law, and readers in other countries are advised to take local advice on the law which applies in their country -but the principles set out in the example are used in many countries.
The Agreement names the owner of the information (Owner), the company receiving it (Recipient), and there is a space to fill in the reason for handing over the information - the Permitted Purpose. It briefly defines what the information is, and it says that records of the information (which may be documents or drawings or software) should be marked "Confidential" or "Proprietary".
The definition of what the confidential information consists of is followed in clauses 1.1 to 1.3 by what are known as Releases from Confidentiality, i.e. a list of events which put the secret into the public domain, so that the Recipient no longer needs to comply with the NDA conditions. But of course the Recipient must not be the person that publishes the information in the first place.
The NDA goes on to set out how the Recipient must look after the information, what the Recipient is allowed to do with the information (use it only for the Permitted Purpose), and what the Recipient is not allowed to do (tell anyone who does not need access to the information).
The Agreement says how long the information must be kept secret - this can be set as the length of time the secret will give the owner a market advantage, plus a little bit of leeway. Two or five years are common periods.
Once the Recipient has signed the NDA, the Owner can pass over the confidential information with improved peace of mind.
Sometimes the flow of information is two-way, with both parties disclosing confidential information to the other, such as when a joint venture is being set up between them. A few changes to the model one-way NDA can cover such an arrangement.
The model states clearly that English law applies. An advantage of English law is that, if there has been misuse of the confidential information, the English courts are willing to act very quickly - within a few days - to hear the arguments and to stop any repeated misuse. Of course the information cannot be "made secret" again, but at least the misuse can be quickly stopped so that the company misusing does not continue to profit from it.
In other countries such a rapid response may not be available, and as always local checks of the applicable law must be made. In the USA, the law which applies is the law of a named State and the speed of response of the courts in that state must be considered.
In a cross-border disclosure, often the owner of the secret will provide the text of the NDA and will suggest use of the law applying in the owner's home country. This is not essential; if the parties can agree, the law of any country could apply.
Companies should not use a Non-Disclosure Agreement too often. The best way to keep a secret will always be: don't tell anyone. If a secret really must be shared, tell as little as necessary to achieve the commercial objective; sometimes a general outline is all that is needed, although for a technical appraisal the full detail of the knowhow will need to be passed over for review.
Sometimes an NDA sets out a period of time so that information disclosed, say within a defined year, falls within the agreement. This is useful for complex technical deals, such as joint ventures (JV), although a separate JV agreement will eventually be needed.
Also, chose the recipient very carefully - are you as sure as you can be that a promise of secrecy will really be kept?
One weakness of legal protection for secrets is that once they have been published in some way they cannot be "made secret" again. Even if the owner of the secret goes to Court and wins a payment for the damage suffered, this will not be as good as having the information kept confidential. Your competitors will be free to use your hard-won secrets. So the best practice is to make sure that the secret is kept in the first place.