Template:Confidential information: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
No edit summary
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
==={{confiprov|Confidential information}}: what is ''in'' scope?===
====What is ''in'' scope?====
Parties give each other all kinds of information. Not all of it is sensitive. Seeing as a confi imposes onerous obligations, you should carefully define the “{{confiprov|confidential information}}” that’s in scope.   
Parties give each other all kinds of information. Not all of it is sensitive. Seeing as an NDA imposes onerous obligations, you should carefully define the “[[confidential information]]” that’s in scope. Consider the following:  
*'''[[Personal information]]''': Personal information about individuals is particularly tricky in this age of big data and fake news. There may be additional provisions concerning storage, processing and rights to access and correct that information. Especially now the [[EU]] [[General Data Protection Regulation]] ([[GDPR]])  is in force. Hoo boy.
 
*'''Client-identifying information''': some data is interesting and sensitive only to the extent it is identifiable with the client. Trading data, for example. That a vodafone trade was executed at close on the 1st of September at a price of 103 isn't especially sensitive. It isn't susceptible to [[copyright]].<ref>There's no copyright in a price, you see.</ref> Not until you can refer it to the client for whom the order was executed. Then it is sensitive. [[Market abuse]] and [[insider trading]] lie this way. Careful, soldier.
'''Personal information''': Personal information about individuals is tricky in this age of big data and fake news. There may be additional provisions concerning storage, processing and rights to access and correct that information. Especially now the [[EU]] [[General Data Protection Regulation]] ([[GDPR]])  is in force. Hoo boy. Data protection is an area of law of which JC has assiduously steered clear over his career and he is not about to change that now.
*'''Proprietary IP and technology''': Trading data tends to be valuable insofar as it relates to a given client. Other types of information (especially intellectual property: patents, copyrights, designs, trade secrets, secret sauce and so on) is valuable ''irrespective'' of the identity of the client.
 
==={{confiprov|Confidential information}}: what is ''out of'' scope?===
'''Client-identifying information''': some data is interesting and sensitive only as far as it can be associated with an person or entity. Trading data, for example. That a Vodafone trade was executed at close on the 1st of September at a price of 103 isn’t especially sensitive. It isn’t susceptible to [[copyright]].<ref>There’s no copyright in a price, you see.</ref> Not until you link it to the client who executed the order. ''Then'' it is sensitive. [[Market abuse]] and [[insider trading]] lie this way.
*'''What information that otherwise would be in scope, is out of scope?''': Even within the definition of confidential information, you’ll need to make exceptions:
 
**Information the receiver already held at the time of disclosure
'''Proprietary IP and technology''': Trading data tends to be valuable insofar as it relates to a given client. Other types of information (especially intellectual property: patents, copyrights, designs, trade secrets, secret sauce and so on) is valuable ''irrespective'' of the identity of the client.
**Information the receiver receives separately from someone else other than in breach of a confidentiality undertaking
 
**Information the receiver develops independently of the disclosure and without reference to information disclosed
====What is ''out of'' scope?====
==={{t|Trick for young players}}===
What information that otherwise would be in scope, is out of scope? Even within the definition of confidential information, you’ll need to make exceptions for  information the receiver already held, or receives or develops independently (and not in breach of a confidentiality undertaking)  or with reference to information specifically disclosed
*'''Information stays “confidential” even if you have to disclose it to regulators''': Don’t make the {{tag|schoolboy error}} of including in this exclusion from the definition of {{confiprov|confidential information}} “information required to be disclosed to regulators or government authorities”. This is a legitimate exception to the prohibition on disclosing information — see below — but it shouldn’t disqualify the information from being Confidential Information altogether. If it did, once you were required to give any information to the regulator, it would suddenly be open season and you could tell everyone about it.
 
*'''[[Proprietary information]]''': If your definition starts with “information belonging to the discloser” or “[[proprietary information]]” then you have excluded most of the data you are seeking to protect. “Belonging to” implies “possession”, implies “property” implies “[[intellectual property]]”. Intellectual property subsists in creative works — [[copyright]], [[patent]] and [[trademark]]s —  but not in facts or raw data. To be yours, you have to have created it. Your trading data, your client lists, your employees — this is not information ''belonging to you''. It is information ''relating to'' you which ([[QED]]) the receiving party wants but does not have, which is why it is worthy of protection by {{tag|contract}} even though no [[intellectual property]] rights attach to it.
{{confidentiality and regulatory disclosure}}
 
====Proprietary information====
If your definition starts with “information belonging to the discloser” or “[[proprietary information]]” then you have excluded most of the data you are seeking to protect. “Belonging to” implies “possession”, implies “property” implies “[[intellectual property]]”. Intellectual property subsists in creative works — [[copyright]], [[patent]] and [[trademark]]s —  but not in facts or raw data. To be yours, you have to have created it. Your trading data, your client lists, your employees — this is not information ''belonging to you''. It is information ''relating to'' you which ([[QED]]) the receiving party wants but does not have, which is why it is worthy of protection by [[contract]] even though no [[intellectual property]] rights attach to it.

Latest revision as of 13:30, 14 August 2024

What is in scope?

Parties give each other all kinds of information. Not all of it is sensitive. Seeing as an NDA imposes onerous obligations, you should carefully define the “confidential information” that’s in scope. Consider the following:

Personal information: Personal information about individuals is tricky in this age of big data and fake news. There may be additional provisions concerning storage, processing and rights to access and correct that information. Especially now the EU General Data Protection Regulation (GDPR) is in force. Hoo boy. Data protection is an area of law of which JC has assiduously steered clear over his career and he is not about to change that now.

Client-identifying information: some data is interesting and sensitive only as far as it can be associated with an person or entity. Trading data, for example. That a Vodafone trade was executed at close on the 1st of September at a price of 103 isn’t especially sensitive. It isn’t susceptible to copyright.[1] Not until you link it to the client who executed the order. Then it is sensitive. Market abuse and insider trading lie this way.

Proprietary IP and technology: Trading data tends to be valuable insofar as it relates to a given client. Other types of information (especially intellectual property: patents, copyrights, designs, trade secrets, secret sauce and so on) is valuable irrespective of the identity of the client.

What is out of scope?

What information that otherwise would be in scope, is out of scope? Even within the definition of confidential information, you’ll need to make exceptions for information the receiver already held, or receives or develops independently (and not in breach of a confidentiality undertaking) or with reference to information specifically disclosed

Information disclosed to a regulator is still confidential information

Don’t make the schoolboy error of excluding “information required to be disclosed to regulators or government authorities” from the definition of “confidential information”. Now, to be sure, this is a legitimate exception to a fellow’s general covenant not disclose confidential information to anyone[2] — but it shouldn’t disqualify the information from being “confidential informationaltogether. If it did, once you were required to give any information to a regulator, it would suddenly be open season and you could tell everyone about it. Not the intention.

One misconceived argument we have seen for this approach is as follows: “if I give information to a regulator then I cannot control what the regulator does with it. Regulators are all-powerful. They may publish sensitive information in the Luxembourger Wort for all I can do about it. Therefore your information, once I have rightly given it to a regulator, can no longer be treated as confidential.”

Not so fast: If you disclose my information legitimately to a regulator, and the regulator then discloses it to the world (whether or not legitimately) you have complied with the terms of your contract. Unless you have independently covenanted to procure that the regulator keeps it confidential (don’t do that: regulators are all-powerful, and you make yourself a hostage to fortune), you have not breached your NDA, and you cannot therefore be liable for resulting losses. They are regrettable externalities: obstreperous actions of impish third parties. On the other hand, if you disclose my information legitimately to a regulator, and then you separately disclose it to someone else, then you absolutely can and should remain liable for losses. If by disclosure to a regulator the information is deemed "no longer confidential" you would be free to disclose it to someone else without that sanction.

Proprietary information

If your definition starts with “information belonging to the discloser” or “proprietary information” then you have excluded most of the data you are seeking to protect. “Belonging to” implies “possession”, implies “property” implies “intellectual property”. Intellectual property subsists in creative works — copyright, patent and trademarks — but not in facts or raw data. To be yours, you have to have created it. Your trading data, your client lists, your employees — this is not information belonging to you. It is information relating to you which (QED) the receiving party wants but does not have, which is why it is worthy of protection by contract even though no intellectual property rights attach to it.

  1. There’s no copyright in a price, you see.
  2. See also permitted disclosure and permitted disclosees.