Friday, March 16, 2012

Managing Confidentiality or Non-disclosure Agreements

I’ve worked on activities where confidentiality information needed to be strictly controlled where a limited number of copies was allowed, every page was numbered with the copy number, they needed to be retained in a controlled area with limited access. Access was managed on a need to know basis. Access required signing in and signing out.Information could only be reviewed. No copies or excerpts could be made. That is one extreme. I’ve also worked in activities where there was little control and higher potential risk.

In a non-disclosure agreement there are a number of common terms and the difference between one of strict control and loose control depends upon two factors. What the term requires you manage to ensure compliance and how you as a discloser or recipient choose to manage it. The following is a list of common requirements that may be in an NDA and what the contract manager may need to manage.

1.Parties. As the agreement applies only to the two legal entities that signed it you need to manage who you receive information from and who you disclose information to so it only goes to the party under the agreement. Subsidiaries are separate legal entities and would not be a party to an agreement signed by the parent company.

2.Effective date. The effective date establishes when the obligations of confidentiality go into effect. You do not want to receive or disclose information prior to that effective date.

3.Period for disclosures. This is the same as the contract term. Contract managers may need to amend the agreement if the need for disclosures extends beyond the agreed period or notify the team to stop disclosing or receiving disclosures if the term has lapsed.

4.Period to maintain information as confidential. This establishes from the date of receipt how long a recipient must maintain the information as confidential. Contract managers should be aware of the term so they can use their log of receipts to identify when individual disclosure obligations have lapsed. You can then advise the team on the need to no longer manage that specific information as confidential.

5.Limitations on what will be disclosed. The receipt confidential information creates potential liability for the recipient. You want to limit and control the flow of information into your company to manage that potential liability. One way to limit is to have a specific request from the recipient that identifies what they want disclosed. A second way is to require a separate agreement of document where there is a non-confidential description of what is intended to be disclosed and received to limit the scope. If you have a single product or service you could limit disclosures to only that information that applies to that product or service. If separate documents are used the contract manager should control, log and manage those.

6.Process for disclosures and receipt. A good NDA will identify contracts on both parties that all information must flow through. If you have this responsibility as the contract manager you would want all information going both ways to flow through. You need to maintain copies of what has been received or disclosed. You want to maintain logs of what has been received or disclosed. For receipts you to ensure that requirements for managing confidential information that has been met.

7.Requirements to mark information as confidential. For any outgoing disclosure you want to ensure that the required marking requirements are met before the information is mailed or transmitted. If others may receive or transmit information you need make sure that you are copied on those messages.Recipients should require that all confidential information provided to them must be adequately marked so that it will be properly managed. Common marking requirement will list the information as confidential and the fact that it is proprietary information of the named discloser.

8.Requirements with oral disclosures. If oral disclosure are allowed under the agreement, there will also be a requirement that they be confirmed by a writing. For oral disclosures made by the other party, you need to be copied on those and you should confirm the receipt and accuracy of the confirmation with the party that received it.

9.Standard of care to be used in managing the information. The standard of care is established through the language used in the NDA. Most of the time the requirement will required the same degree of care as the recipient uses to protect their own confidential information. If there are higher standards the Contract Manager needs to ensure that processes and controls are in place to meet the required standard.

10.Rights to use information disclosed. NDA’s may allow or restrict how the recipient may use disclosed information. The contract managers primary role with respect to this is advise individuals of any restrictions on the use of that information so readers will manage it accordingly.

11.Parties a recipient may disclose to.In today's business you have employees, consultants, third party contract employees and third parties that may have a need to know. A contract manager needs to review the NDA for any restrictions. Frequently agreements allow disclosures to third parties provided that they are subject to the same obligations of the agreement. The contract manager should verify that NDA’s are in place with those individuals and the terms of those NDA’s meet the requirements of this NDA before any information is disclosed to them.

12.Standards for those disclosures. Common standard can include limiting disclosure to only those parties that have “a need to know”. Some companies may require that any third party have a separate NDA directly with them or require that consent they consent to third party disclosures. This occurs when companies are extremely sensitive about their data. Having an NDA directly with the third party allows them to go directly after that third party in the event they breach their obligations. The contract manager needs to be aware of those standards to ensure they are followed.

13.Responsibilities for disclosure required by law. If a disclosure in required by law, such as through a court order, the recipient must make those disclosures of be in contempt of court. As such recipients look for those to be an exception to their obligations to maintain the information as confidential. A well-drafted NDA will place an obligation on the recipient to provide reasonable prior notice of such order so the discloser has the reasonable opportunity to obtain a protective order preventing that disclosure. Court orders are normally provide to the company’s legal department and the Contract Manager may need to advise the legal department of the specific obligations for them to respond. If confidential information is being disclosed to a court under and order it should be marked as such to put the court on notice that it is confidential.

14.Exceptions to the obligation to maintain disclosed information as confidential. In the NDA the parties will agree upon what events will end they recipient’s obligation to maintain the information as confidential. Some fairly common events are:

a.The information is already in the recipient’s possession having been rightfully received without a nondisclosure obligation.

b.The disclosed information is the same as information the recipient had previously developed independently on their own.

c.The information is publicly available when received, or becomes public through no fault of the recipient

d.Information was disclosed by the discloser without complying with the requirements or the NDA

e.The information is disclosed by discloser to a third party without the same a nondisclosure obligations.

Exceptions only apply to the specific information that would be excused. The obligation to maintain any information that is not subject to and exception remains in effect for that other confidential information until that either has an event that will except that or the term for holding the information as confidential has lapsed. The confidential information that is disclosed is the discloser’s proprietary information. The recipient has no right to use it. Exceptions only end the responsibility to maintain it as confidential, they don’t grant you a license to use that information. While a court ordered disclosures excuses you for the information that you disclose, it does not excuse you of your obligation to maintain that information as confidential. The contract manager’s responsibility is simply to be on the look-put for anything that would be an exception to the obligation and communicate specifically what no longer needs to be maintained as confidential.

15.Rights of use of ideas, concepts, know-how or techniques contained in discloser's information by recipient. Even if you collected and returned all copies, excerpts of the confidential information, there will always be “retained information” meaning information that is retained in minds of the individuals that read or worked with that information. To protect against infringement claims the parties may agree to allow the other party to use that retained information. A contract manager has no obligations in this area,

16.Disclaimers: The following a disclaimers that are common

a.Information is provided “As is”. This is used to both avoid liability based on dependence on the information and to avoid any responsibility to correct the information.

b.No grant of right or license under any copyright, patent, trademark owned or controlled by the other party; This simply reaffirms that in disclosing the information the discloser is not giving up any proprietary rights they have in the information.

c.Does not obligates either party to disclose or receive any information, perform any work, enter into an license, business engagement or other agreement. This makes it clear that in receiving information you are not being obligated to enter into any other activity or agreement and if the parties do agree to go forward a separate agreement is required. As NDA’s can provide information before there is an agreement, or may be used to provide information about additional or future products or service this is important.

d.Does not limit either party from offering competitive products or services or entering into business relationships with other parties. Simply receiving confidential information should not preclude you from conducting business with others. The discloser is still protected by both the proprietary rights they have in the information and your obligation to hold it confidential.

e.Does not limit assigning or reassigning employees. Except in situations where the information is extremely sensitive each party should have the right to assign the work of their parties wherever that want. For highly sensitive information a discloser may want to prevent assignment of recipients employees to work for competitors for a defined period.

f.Does not create any joint relationship or limit the ability to enter into business relationships with others.

g.Does not authorizes either to act or speak on behalf of the other; or These last two make it clear that the parties are both acting independently and can continue to do so as long as they meet the obligations of the NDA.Contract managers should be aware of all the disclaimers that exist so the can advise the business how the relationship works.

17.General Legal Terms. Common general legal terms that should be in NDA's or CDA's are:
a.No assignment
b.Amendments require written modification
c.Termination Rights
d.Survival
e.Applicable Law
f.Order of precedence when multiple documents are used,
g.Merger of prior understandings.
h.Additional or different terms and conditions (if any):

If the NDA involves technical information that is subject to control by the Government there will also be the obligation that the Recipient will comply with all applicable export laws and regulations and controls for technical information disclosed.

Contract managers should familiarize themselves with the terms to manage the agreement in accordance with the terms and advise people of what they are in the event of a problem or dispute.

18.Limitation of Liability. In most non-disclosure agreements you won’t find any limitations on the types of damages that may be claimed or any limits on the amounts that my be claimed. The reason for that is a breach of confidentiality obligations will frequently cause all the different types of damages including lost sales and lost profits. The limit on the amount that would be recovered is the actual damages the party sustains and can prove. For a Contract Manager if you are responsible to manage disclosing and receiving confidential information that is an extremely important task. The losses your company could have from not managing that properly are far and above any losses that you could sustain under other agreements as they will have both limitations on the types of damages and limitations on the total liability.


If you learned from this post, think about how much more you could learn from the book.
The book is only US$24.95 plus shipping. The hot-link to amazon.com is above the date.

No comments:

Post a Comment