Confidentiality: When and When Not?

Confidentiality: When And When Not

By Jonathan B. Wilson

I’ve heard some businesspersons claim that they protect their companies’ interests by requiring every potential business partner to sign a non-disclosure agreement (or NDA). I’ve also heard some businesspersons claim that they are willing to sign the NDAs served up by other companies because such a practice is “standard in the industry.” Both attitudes are an oversimplification of the issue and can be dangerous.

What does an NDA obligate you to do?

In most cases, an NDA obligates the signer (the recipient of the confidential information): (a) to maintain the secrecy of the discloser’s confidential information according to some standard, and (b) to refrain from using the discloser’s confidential information for any purpose that the discloser has not authorized. Each of these concepts can have a significant impact on the recipient.

The secrecy obligation is more than just a promise to “be discrete” with the discloser’s information. Most NDAs set a standard for the recipient’s obligations to maintain confidentiality. The NDA may require the recipient to maintain secrecy absolutely, may require “reasonable efforts” to maintain secrecy, or may require the recipient to take such efforts as the recipient may take with respect to its own confidential information. Each of these standards is easy to violate inadvertently.

To take an easy example, imagine a sales rep who signs an NDA in order to have preliminary conversations with a prospective customer. After signing the NDA, the customer gives the sales rep a copy of a technical specification for the customer’s network. The sales rep files the technical specification in the sales rep’s customer lead file. Imagine also, that the sales rep’s company has a policy that requires all company confidential information to be stamped with a special confidentiality notice. Although the sales rep does not disclose the customer’s technical specifications to anyone, there is a good chance that the sale rep is in breach of the NDA.

If the NDA imposes an absolute obligation of secrecy, the recipient is in luck, since no disclosure has occurred. But, if the NDA imposes either a “reasonable” standard or a standard that compares to the recipient’s handling of its own confidential information, the recipient may be in breach. In the first case, the recipient’s failure to stamp the technical specification with the standard warning could be argued to be a deviation from “reasonable” efforts. In the second case, even more clearly, the failure to stamp the document was a violation of the recipient’s policies for confidential information.

In this example, it’s unlikely that the discloser would sue the recipient over such a trivial occurrence. But, if there were a larger dispute between the parties, these facts could support a claim that the discloser could use, either to bolster a primary claim, or as a defensive counterclaim if the discloser were sued by the recipient.

The “stealth” risk

An even greater risk for the recipient is the covenant of “non-use” in the NDA. If the recipient independently developed a piece of technology that was part of the discloser’s confidential technology, the recipient could be forced to demonstrate that its development was truly independent.

In some ways, this type of problem is a stealthy risk for the recipient, because it is unlikely that the recipient will be aware of the problem until the discloser gave notice of its complaint. Imagine, for example, a recipient that is party to an NDA with a discloser with respect to the potential joint development of technology. At the same time these talks are progressing, a separate division within the recipient’s company is developing technology that is identical to the jointly developed technology. In such circumstances, the recipient is under a significant risk that its independently developed technology will be inseparable from the confidential information it received from the discloser. It is possible that the discloser could prevent the recipient from using its independently developed technology.

The stealth risk is especially great in large companies, where multiple development teams may be working on projects that have the potential to overlap.

The business risk

While NDAs will often contain risks for the recipient, they can also contain risks for the discloser (or the party that wants to require an NDA before it will begin discussions). In many cases, an NDAs is unnecessary and the requirement can lose the proposing party an opportunity.

For example, in most cases involving sales proposals of a company’s standard products, an NDA should not be necessary. Sales people talk about their products for a living. Requiring sales people to get their prospects to sign NDAs before the pitch begins runs the risk of stifling the sales process. Many large companies prohibit their procurement personnel from signing NDAs, often for some of the reasons described above.

In other cases, where the parties will not be exchanging any truly confidential information, requiring an NDA can raise the temperature of negotiations before they even begin.

The mutuality riddle

Another reason for a company not to require an NDA where it isn’t necessary is because of the possibility that the recipient will ask for “mutuality.” In most cases, the party presented with an NDA will take the position that it will sign only if the party presenting the NDA either modifies the NDA so that it protects both parties equally or signs the other party’s standard form of NDA.

Because signing an NDA imposes real burdens on the recipient, this problem alone should be enough to convince a party not to even raise the subject, unless an NDA is truly appropriate under the circumstances.

Jonathan Wilson is a technology lawyer in Atlanta. You can reach him through www.jonathanbwilson.com.