A Program to Protect Your Company's Confidential Information
BY WILLIAM F. SWIGGART
AND RICHARD P. GOODKIN
Every successful company uses information that, if disclosed to a competitor, could undermine or even destroy the company's profitability or, where that information is held under license from others, subject the company to liability for damages for improper disclosure.
Such information, comprising the company's trade secrets and other confidential information, may consist of such items as computer software source code or other technical product descriptions such as machinery blueprints or production techniques, "secret recipes," financial data, customer or supplier lists, marketing analyses, or any other key product, business or financial data.
Unlike information that may be protected under the laws of copyright, trademark or patent irrespective of whether or not it is disclosed, confidential information may only be protected effectively by means of a company-wide program to protect secrets.
A confidential information protection program may be implemented in three phases: (1) confidential information and the need to protect it are identified to employees and consultants and labeled as such; (2) confidential information is hidden from prying eyes; and (3) all parties that might receive access to confidential information agree in writing not to disclose it to others. Such agreements are usually referred to as non-disclosure agreements, or NDAs.
If your company hasn't implemented a confidentiality program, now is the time to start before the cat is out if the bag. It really isn't a lot of work, and your competitors may be following one already.
1. Identify and Label Confidential Information
The confidential information to be protected may be (a) owned outright, (b) licensed from a third party, or (c) in the process of being reviewed under an NDA from a third party, and subject to the same obligations of protection that you give your own confidential information.
Have your company's managers and engineers identify which internal company documents may be of value. Documents containing sensitive information may be designated by a "Company Confidential" stamp. Instruct personnel to display "[Company Name] Confidential," in headers or footers on electronic documents, slides or other visual presentations of newly generated material.
Confidential information originating with third parties ought already to have been labeled as such by those parties pursuant to the terms of your company's NDAs or license agreements with them. If third party information is not so labeled, but existing NDAs require it to be kept secure, advise your managers of their obligations and hope for the best.
Have personnel employ confidentiality labels liberally, and ensure that they follow up all significant oral disclosures of confidential information with letters or memoranda to recipients describing and designating their statements as such.
2. Limit Disclosures
Instruct employees to store all confidential information securely. Not only is it difficult without such measures to prevent actual disclosures of widely available "trade secrets" to outsiders, but it is even more difficult to claim, when such items are misappropriated by an outside person, that a court should enjoin the use of such information. Follow and observe visitor sign-in procedures, and ensure that visitors are restricted, escorted, or both.
When company secrets must be disclosed in order to do business, instruct the employees involved to disclose only as much information as may be absolutely necessary, whether the information was internally generated by the company making the disclosure, or has been provided to it by another company under an obligation of confidentiality. Limit disclosures to those recipients having a "need to know" such information.
Have employees report any suspected misuse or theft of confidential information by customers, present or former employees, suppliers, or anyone else, to senior management or your company's attorney. Theft of confidential information, besides being immoral and a threat to one's company, is a felony under the laws of Massachusetts and many other states, and may be subject to criminal sanctions. Unauthorized copying of copyrighted material (for example, software) can also violate federal criminal and civil laws.
3. Obtain Signed NDAs.
A confidentiality agreement, or NDA, is a binding, legal document that makes it possible to disclose company confidential information without "giving away the store." An NDA may be a free-standing agreement such as is typically used when one party wishes to evaluate the other's business or technology, or it may consist of a set of confidentiality provisions contained within another agreement.
Any company that wishes to disclose confidential information to a prospective or current employee, consultant, customer, reseller, distributor, OEM, partner, joint venturer or investor must have that person sign an NDA or agreement with NDA provisions. Really, the only person who may be exempted from this requirement is your company attorney, who is automatically subject to binding confidentiality obligations by virtue of the attorney client relationship.
Obtain signed NDAs in the course of doing business, as follows:
- Have Human Resources use employment and consultant agreements containing non-disclosure provisions for employees and consultants;
- Marketing should use agreements that bind potential joint venturers, technology partners, public relations firms, etc. to non-disclosure of marketing plans;
- Technology license agreements used by the Sales department ought to contain non-disclosure provisions as to the technology being licensed and the terms of the agreements themselves; and
- Company executives need a form evaluation agreement containing non-disclosure provisions as to all company secrets to be signed by potential investors, joint venturers, and merger or acquisition partners.
To be binding, NDAs must be signed by authorized company individuals, preferably officers.
While NDA provisions may be either unilateral (protecting disclosures by one party only) or mutual (protecting each party), it is often easier to get a mutual NDA signed as a matter of practice, though whether or not a company should agree to one may be an issue to be evaluated in each instance.
Each executed, original agreement should be filed, as appropriate, with your company's Sales, Finance, Legal and/or Human Resources departments. This will ensure that there are a limited number of locations where departments may check concerning the existence of an NDA for a given company or individual.
Finally, no employee should ever sign a third party's NDA unless your company's attorney has reviewed it first.
Comment: A well maintained confidential information/trade secret protection program will pay your company large dividends relative to the small amount of effort involved.
© ASSOCIATION OF INDEPENDENT GENERAL COUNSEL 1998; (all rights reserved). This article is not intended as legal advice. Consult a qualified attorney for assistance concerning a specific issue or problem.