What is Confidential Information? - OneNDA Provision

From The Jolly Contrarian
(Redirected from 1(a) - OneNDA Provision)
Jump to navigation Jump to search
NDA Anatomy™
Club.png

The OneNDA clause

1. What is Confidential Information?

1(a) Confidential Information means information that is disclosed:

(i) by a party to this Agreement (the Discloser) or on the Discloser’s behalf by its authorised representatives or its Affiliates,
(ii) to the other party to this Agreement (the Receiver), and
(iii) in connection with the Purpose.

1(b) Confidential Information does not include information that is:

(i) in the public domain not by breach of this Agreement,
(ii) known by the Receiver at the time of disclosure,
(iii) lawfully obtained by the Receiver from a third party other than through a breach of confidence,
(iv) independently developed by the Receiver, or
(v) expressly indicated by the Discloser as not confidential.

1(c) Affiliates means any entity that directly or indirectly controls, is controlled by, is under common control with or is otherwise in the same group of entities as a party to this Agreement.
view template


Comments? Questions? Suggestions? Requests? Insults? We’d love to 📧 hear from you.
Sign up for our newsletter.

OneNDA commentary

  • The “public domain: For all you That Guys out there, we have a whole separate page devoted to explaining why it isn’t such a big deal to write “public domain” when you mean “public”. In a nutshell, as used in an NDA, “public domain” does mean “public”.

General commentary

What is in scope?

Parties give each other all kinds of information. Not all of it is sensitive. Seeing as an NDA imposes onerous obligations, you should carefully define the “confidential information” that’s in scope. Consider the following:

  • Personal information: Personal information about individuals is particularly tricky in this age of big data and fake news. There may be additional provisions concerning storage, processing and rights to access and correct that information. Especially now the EU General Data Protection Regulation (GDPR) is in force. Hoo boy.
  • Client-identifying information: some data is interesting and sensitive only to the extent it is identifiable with the client. Trading data, for example. That a vodafone trade was executed at close on the 1st of September at a price of 103 isn't especially sensitive. It isn't susceptible to copyright.[1] Not until you can refer it to the client for whom the order was executed. Then it is sensitive. Market abuse and insider trading lie this way. Careful, soldier.
  • Proprietary IP and technology: Trading data tends to be valuable insofar as it relates to a given client. Other types of information (especially intellectual property: patents, copyrights, designs, trade secrets, secret sauce and so on) is valuable irrespective of the identity of the client.

What is out of scope?

What information that otherwise would be in scope, is out of scope? Even within the definition of confidential information, you’ll need to make exceptions:

  • Information the receiver already held at the time of disclosure
  • Information the receiver receives separately from someone else other than in breach of a confidentiality undertaking
  • Information the receiver develops independently of the disclosure and without reference to information disclosed

Other tricks for young players

Information disclosed to a Regulator is still confidential information

Don’t make the schoolboy error of excluding “information required to be disclosed to regulators or government authorities” from the definition of “confidential information”. Now, to be sure, this is a legitimate exception to a fellow’s general covenant not disclose confidential information to anyone[2] — but it shouldn’t disqualify the information from being “confidential informationaltogether. If it did, once you were required to give any information to a regulator, it would suddenly be open season and you could tell everyone about it. Not the intention.

One misconceived argument we have seen for this approach is as follows: “if I give information to a regulator then I cannot control what the regulator does with it. Regulators are all-powerful. They may publish sensitive information in the Luxembourger Wort for all I can do about it. Therefore your information, once I have rightly given it to a regulator, can no longer be treated as confidential.”

Not so fast: If you disclose my information legitimately to a regulator, and the regulator then discloses it to the world (whether or not legitimately) you have complied with the terms of your contract. Unless you have independently covenanted to procure that the regulator keeps it confidential (don’t do that: regulators are all-powerful, and you make yourself a hostage to fortune), you have not breached your NDA, and you cannot therefore be liable for resulting losses. They are regrettable externalities: obstreporous actions of impish third parties. On the other hand, if you disclose my information legitimately to a regulator, and then you separately disclose it to someone else, then you absolutely can and should remain liable for losses. If by disclosure to a regulator the information is deemed "no longer confidential" you would be free to disclose it to someone else without that sanction.

Proprietary information

If your definition starts with “information belonging to the discloser” or “proprietary information” then you have excluded most of the data you are seeking to protect. “Belonging to” implies “possession”, implies “property” implies “intellectual property”. Intellectual property subsists in creative works — copyright, patent and trademarks — but not in facts or raw data. To be yours, you have to have created it. Your trading data, your client lists, your employees — this is not information belonging to you. It is information relating to you which (QED) the receiving party wants but does not have, which is why it is worthy of protection by contract even though no intellectual property rights attach to it.

Derived information

Careful with derived information - here we are straying into the dappled world of intellectual property where a confidentiality agreement ought not be your natural first line of defence. (Your copyright — which is not a function of a contract — is).

  • Deriving new information from intellectual property: So: taking copyrighted information and fiddling around with it potentially takes it outside the realm of copyright. The point about copyright is that it attaches to a specific articulation of a creative idea. If you take that idea and change how it is expressed — if you derive new content out of it — then, potentially, you own that new copyright, not the person whose copyrighted work you modified. You can control a recipient’s ability to create/derive new intellectual property by contract, and it is fair to do so.
  • Deriving new information from data you have been given: With non-copyrightable data, you don’t own in the first place: by the lights of copyright law, you did not use your creative juices to produce it[3], so a person to whom you supply that information who then uses hers to derive some new information out of is not infringing your proprietary right. You don’t have a proprietary right. But you might still feel entitled to stop that derivative act: the publisher of a proprietary index who gives you a feed of the raw index data will not want you adding one more paltry variable, dividing by 0.99999, and calling it your own brand-new index. Here, too there are trademark and passing off issues: if you do that, without saying something incriminating like, “hey guys it’s just like the Eurostoxx! it’s the Eurostoxxx! with an extra x!” then perhaps you could say you weren’t doing anything to which the publisher of Eurostoxx could object. On the other hand, the publisher of Eurostoxx can remind you that the only way you can get that data in the first place is from it, and if you want it, you have to agree not to derive it.
  • Deriving new information from data you have accumulated yourself: the last case is where the information you’re futzing around with (a) is not copyrightable and (b) wasn’t given to you by your counterparty in the first place but, say, arose as a result of your execution activities while handling that client’s order. This is a right brokers are unlikely, in this age of big data, to want to give up.

Notes, memoranda and materials containing confidential information

You may see:

All notes, memoranda, analyses, compilations, studies and other documents prepared by the Recipient, to the extent they contain confidential information furnished by the Discloser will also be deemed to be confidential information.

Not so fast. If there is stuff in them that is confidential information, it is already captured in your definition. The substrate in which confidential information subsists is irrelevant. Anything else on those notes, memoranda and analyses ain’t confidential information of the discloser,and may well be your special sauce that you don’t want the discloser to even know about.

Written or oral

Written or oral” is a favourite incluso for a mediocre lawyer who can’t think of any other way of “adding value”. For purely practical reasons, resist the urge to include orally transmitted information. Especially in a service-provider - client relationship, and especially if you are the service provider receiving the information — it gives your client a free, and hard to disprove option to claim anything at all that they want to keep secret is something “I told you, remember?”. It may also interfere with service provider’s ability to claim it had prior possession of the information (and therefore the information is out of scope of the confidentiality obligation altogether).

Now chaps, really: — if data[4] is valuable enough for you to require an “injunctionable” right to stop me using it, it must be valuable enough for you to be bothered confirming in writing. If you do that you put beyond argument the fact that you did communicate it to me, and when.

References

  1. There's no copyright in a price, you see.
  2. See also permitted disclosure and permitted disclosees.
  3. If you had done, you would own copyright in it.
  4. i.e., material you don’t own, right?