HANDLING CONFIDENTIAL INFORMATION
©1998,
2002 Bruce E. Burdick, JD
The
reaction I usually get from business people when I question their handling of
secrecy agreements (also called “confidential information agreements”,
“non-disclosure agreements”, “privacy agreements”) varies from "Who cares, everybody signs
these agreements." to
"You
lawyers are always holding us up for no good reason." to “These are really crucial, we aren’t moving until a secrecy
agreement is in place.”
An appropriate program for
handling confidential information can overcome these and similar myths. Those
same business people, when trained in the handling of confidential information,
handle matters of confidentiality with ease and legal acumen. They have found
that following correct procedures for handling confidential information
normally involves a minimal inconvenience to their business activities and that
by doing so they have better protected their trade secrets. As an example, one
of my clients, a large commercial and military ordnance manufacturer, had its
upper management visit most of the major ammunition factories in Europe without
signing a single confidentiality agreement. They were able to identify a
significant body of information of interest to the company without incurring
any restrictions on its use. At the same time, they were able to obtain
valuable restrictions when other companies visited here. If this can be done on
military production facilities, with proper planning and procedures it may be
possible with less secure facilities.
This turnabout is achievable in your company by a three-point program
backed by top management.
General
Considerations
A Three-Point Plan
First, clear policies and procedures relating to the receipt
or disclosure of confidential information must be set out. Second, an education program must be undertaken to your company’s
personnel with respect to the risks associated with receiving or disclosing
confidential information and the proper procedures which must be carried out to
minimize those risks. Third, little
or no delays must
exist in the legal function reviewing and providing acceptable form agreements
and prompt review procedures so as to accommodate the needs of the business
people. This will result in the business people being able to move quickly on a
sound footing with respect to trade secrecy issues, and thus encourage
businessmen not to try to take shortcuts in order to accommodate urgent
business.
What is "confidential information" or "proprietary information"?
It is non-public technical or
business information, such as trade secrets, know-how, technology, business
plans, forecasts, financial information, sales reports, customer lists, vendor
lists, equipment specifications, manufacturing parameters, and the like. If the
confidential information has business value, it is often called "trade
secrets." If the information relates to the military it may be
"classified" as CONFIDENTIAL
or SECRET or TOP SECRET, thus some companies (particularly those in the defense
industries) often use the term "proprietary information"
to refer to non-military confidential information to prevent confusion with
classified military secrets.
What are the risks?
Let us next take a look at
some of the risks relating to the handling of confidential information. The
misappropriation or misuse of confidential information received from a third
party can have very damaging consequences for your company. The courts view
such misappropriation as a form of theft, in a manner similar to patent
infringement (which is viewed as theft of an invention recognized by the
Government as worthy of protection.) Theft of confidential information can thus result in damages and
injunction against future use sufficient to put a company out of business in a product line or, in severe cases
or with smaller companies, even put the company out of business altogether. The tarnishment of a
company’s reputation from being "branded" as a thief can severely
impact business relationships
with customers and vendors who insist on honest dealings. Trade secrets, by
their nature, do not have to be novel or patentable and do not terminate after
a fixed period, as patents do. The long life of the Coca-Cola formula is a
well-known example worth billions of dollars. The loss of your company’s confidential
information to third parties can also cost your company its competitive edge
and waste valuable research and development efforts by allowing competitors free access to
and use of the "company jewels." Wal-Mart has closely guarded its
computerized purchasing and inventory control system, which has allowed it to
maintain a cost advantage over its competitors. Olin has kept its gunpowder
manufacturing procedures secret for more than 60 years, long after patents
would have expired. In any event, litigation expenses in trade secrecy cases
can be substantial and may jeopardize the secrets in the process of proving
what secrets were or were not stolen and employees involved are often summarily
terminated and "blacklisted."
The treatment of confidential
information differs depending on whether your company is receiving or
disclosing the information.
Receipt of
Confidential Information ("In")
It should be
your company’s general policy that it will not accept information in
confidence. In a
majority of cases, particularly those involving marketing, engineering or
sales, this general policy will not present any impediment to the carrying out
of business and it will reduce substantially the number of instances where your
company has to receive confidential information. Many companies, because of
their concern over the risk of handling confidential information of others,
have very strict policies against the receipt of confidential information and
virtually refuse to accept confidential information under any circumstances. In
certain instances where there are overriding business reasons which justify
accepting information in confidence, it can be done relatively safely if
properly managed, particularly where upper management approval is required
prior to receipt of confidential information.
The receipt of confidential information should require the
approval of a senior manager such as a Divisional President or his/her delegate.
The reluctance of personnel to request such high level approval acts as a
reinforcement of the general policy against receiving information in
confidence. If the approval is given, and if the information is received, the information should
be received pursuant to a carefully drafted confidentiality agreement. To ensure that your company's risks in
accepting the information are minimized, intellectual property counsel should
scrutinize the agreement. The intellectual property counsel will be in a position
to assess the effect on patenting activities of your company that receipt of
confidential information might impose and whether the information is the
subject of pending patent applications or has undesirable effects on other
divisions.
When entering into a confidential arrangement on information you
receive, every effort should be made to avoid restrictions on its use. It is the restrictions on the use of
the information that give the patent like character to the transaction. In
fact, your company undoubtedly already has many mutual confidential
arrangements with companies where both sides are free to use the information
within their own organizations and the only obligation is to not to disclose
the information to others. This type of arrangement is relatively risk-free
since it is in your company’s normal policy to maintain its business
information in confidence. Each party is protected from the other by its
patents and by limiting the scope of the information that it discloses to the
other.
Where a free use arrangement is not acceptable to the other
party, then your company will sometimes accept use restrictions. Normally, in
such instances, however, the term of confidentiality will be minimized, e.g.,
five years or less, so as to reduce the potential for misuse inadvertently or
otherwise. The information to be kept confidential should be limited to written
information since it is necessary for your company to know "with
confidence" what information it received "in confidence." There should be the normal exceptions
to confidentiality particularly including independent development by your
company. In such instances, the disclosure of the information within your
company should be carefully managed to ensure that your company’s research
operations are not tainted in their independent development efforts by receipt
of any information which would conflict with their programs.
Disclosure of
Confidential Information ("Out")
Non-confidential disclosure of your company’s
information, e.g., to customers, can result in loss of enforceable rights in
the information.
Government agencies will not treat your company’s confidential information,
e.g. health data, environmental data, financial data, etc., unless your company
can certify that all disclosures of the information were in confidence. If your
company is to have any opportunity to enforce its rights against potential
misappropriators or misusers of its confidential information, it must take
certain measures to ensure that such information is maintained secret and to
prove that it was considered by your company to be secret. These measures
include limiting disclosure to public officials and the media, plant security,
limiting the circulation of the information within your company and the use of
appropriate agreements, when disclosures of the information are made to others
outside the company.
The disclosure of confidential
information to outsiders must be carefully managed. It should require high level approval
before such disclosure can be made. Except to intellectual property counsel who
need full disclosure to best protect the information, disclosure of trade
secrets should be very limited. Even when disclosed, appropriate agreements are
required to control the disclosure and maintain its confidential nature.
Standardized agreements are used to permit purchasing, procurement and
marketing to disclose ordering and sales information within reasonable limits
without legal review. Where trade secrets are involved, those agreements should
extend for an indefinite term until the trade secrets become public. Where the
information will generally become public within a reasonable time, e.g., upon
commercialization, a shorter period of confidentiality can be accepted. Where
standard agreements are rejected or modified by the other party, intellectual
property counsel is normally involved to ensure that the changes are
acceptable. The standard agreement for confidential information going
"out" will normally be more onerous than a similar agreement that
would be accepted for confidential information coming "in." Indeed,
to the extent that difference can be maximized, the company is gaining
competitive advantages that may ultimately prove of significant value should
your company decide to sell the relevant product line or business to another
company.
The signing of a confidentiality agreement ("secrecy
agreement", "non-disclosure agreement") is only the first step in protecting the disclosure of
confidential information of your company. It is necessary for your company
personnel making the disclosures to understand the terms of the confidentiality
agreement so that they operate within its limits. It is important that the
disclosures themselves be limited to the minimum necessary to accomplish the
desired end result, since no matter how good the agreement is there is a risk
of misappropriation or misuse. Finally, the agreement should be consulted
before any disclosure is made since disclosures over a period of time have a
tendency to diverge from the limits of the original agreement.
By properly managing the disclosure of confidential
information and using appropriate agreements, you can maintain a strong trade
secret position that can be readily enforced against misappropriators and
misusers. When done well, the restricted disclosure of confidential information
to third parties can in many instances have the same effect as if you had a
patent on the subject matter. You might obtain secrecy agreements which
continue to exist as to specific secrets not disclosed in the patents even
though the underlying patents have expired, and these agreements might be
renewed because of the use restrictions on the confidential information and
technology which were disclosed.
In the past, European and Oriental businessmen complained
about confidentiality agreements because they seemed to indicate lack of trust
and thus were a uniquely American way of doing business. That is no longer the
case. There should be no fear by your company’s personnel of presenting a
foreign businessman with confidentiality agreement to protect disclosure of
your company’s information. Most foreign companies today will take the same
action with regard to their own disclosures.
SUMMARY
The disclosure or receipt of confidential
information can be managed with minor inconvenience to minimize the risks to
your company.
This requires:
clear policy and clear procedures for handling such information;
education of the business personnel involved with the information so that they are
aware of the risks and the procedures for managing the risks; and
minimizing delays
through cooperation between the legal and business functions so as to to
accomodate desired business activities.
*
* * * * *
© 1998, 2002 Bruce E. Burdick,
JD