In my prior article addressing confidentiality agreements, I reviewed how to identify a company’s intangible assets and how to protect them with an NDA. This article will continue the discussion of preparing an NDA.
When preparing a confidentiality agreement it should go without saying – but it often needs to be emphasized – that a company should take the following steps:
Treat the company’s portfolio of confidential information as a valuable business asset. Confidential information can be used and shared more effectively and securely, to the greater benefit of the business, if the company routinely takes stock and assesses the value of its information assets.
Implement and adhere to company-wide information and data security policies, systems, and procedures. This includes at least:
A uniform confidentiality and proprietary rights agreement signed by all employees;
An information technology and communications systems policy that governs employees’ appropriate use of company confidential information;
Robust physical and electronic security measures, which should be regularly tested, audited, and updated;
Systems and processes to monitor and detect unauthorized disclosures of confidential information; and
Contingency plans and procedures to address any leaks that are detected, including notification of other parties whose information may have been disclosed in violation of applicable confidentiality arrangements and mandatory notification of individuals whose personal information is compromised.
Comply with contractual obligations governing others’ confidential information. A company may be challenged with respect to this issue though:
Clear nondisclosure obligations, that may, for example, preclude sharing protected information with subcontractors;
Restrictions on use of the information, that may limit using the information for a stated purpose like evaluating a business deal, or fulfilling contractual obligations like manufacturing a particular product;
Restrictions on access to the information within the recipient’s business and among its employees – typically, employees are allowed access to confidential information on a need-to-know basis – on this front the cooperation of a company’s human resources department is key;
Physical and electronic security requirements, which might be more stringent than the recipient’s policies and procedures applicable to its own confidential information; and
Obligations to return or destroy original materials containing confidential information or materials incorporating such information as per the applicable agreement.
Protect certain confidential information as trade secrets. Confidential information may also be a trade secret. If so, it will be subject to the protections of relevant state or federal law. For example, any of the following information might be considered trade secrets: client lists; marketing plans; pricing information; business plans; manufacturing processes; formulas; software algorithms; source code; and inventions (at least those not disclosed through a published patent application).
Comply with privacy and data protection laws and regulations. Certain kinds of personal information that are commonly held by businesses (such as employee records and customers’ financial accounts) may be subject to special requirements under various federal and state privacy and data protection laws and regulations.
Contact me today with questions or comments.