Most IT managers are responsible for hiring and contracting with outsourcers, vendors, and contractors, but working with outsiders requires taking steps to protect the company's trade secrets and proprietary information. Once information is leaked, it is impossible to control, says Jay Hollander, principal of Hollander and Company, a New York law firm specializing in Internet and computer law. The answer, says Hollander, is to protect disclosure of the information before hiring the vendor by creating an effective and legally binding NDA (nondisclosure agreement).
1. Enforce an in-house confidentiality plan"In evaluating any NDA, the first thing to consider is how well the disclosing company has developed a policy protecting its confidential information and how well it follows its own policy," Hollander says. If the disclosing company cannot protect its own secrets, the company will not have legal grounds to sue the obligated party -- vendors or outsourcers, for example -- for breach of contract. A company's internal confidentiality policy should be documented and closely followed by managers and employees.
2. Investigate vendors
Before entering into a business relationship in which confidential information will be disclosed, the manager must conduct due diligence -- an investigation -- on the vendor. Hollander suggests researching the vendor's professionalism, reputation in the industry, and whether the vendor has maintained client confidentiality in the past, along with other issues relevant to the project. According to Hollander, you must be able to trust the parties to whom you will disclose corporate data from the outset.
3. Collaborate closely with your legal teamTo write a solid NDA, the company's legal team must know specifically what corporate information is to remain confidential and how the company protects proprietary information. Corporate counsel will also need to know why, how, and with whom -- including the companies and their representatives -- the IT manager plans to share proprietary information. Because an NDA is a contract and contract law varies by state, working with an attorney is important.
4. Create context-specific NDAs
Hollander outlines three broad categories of NDAs: bilateral, unilateral, and unilateral with a noncompete. Bilateral agreements are used in joint ventures and prevent each party from disclosing the other's proprietary information.
Unilateral NDAs are the most common and prohibit outsourcers from disclosing the company's proprietary information. Whether a vendor advertently or inadvertently leaks confidential information, the disclosing company will incur the resulting harm. Therefore, the NDA should detail how the vendor will keep the information confidential both during and after the contract period. The legal standard in unilateral agreements holds the vendor to "best efforts," Hollander says. This means the vendor must go to extraordinary lengths to ensure confidentiality of the disclosed data.
Unilateral NDAs that include noncompete agreements are often used by companies when hiring a free-lance or temporary contract worker. Noncompete agreements limit when, where, and for whom the contractor may work after the assignment is completed. "A common trap IT managers fall into is bundling [the nondisclosure and the noncompete] without distinguishing the nature and extent of the obligations for each promise," Hollander says.
5. Create fact-specific NDAs
All NDAs should spell out the information to be kept confidential, how both companies will keep that information confidential, and even which specific individuals at the vendor company will be bound by the NDA, Hollander says. The NDA must also differentiate among the kinds of confidential information to be disclosed. "Merely to say 'trade secrets' is not enough. Not all confidential information is considered a trade secret, such as business processes or contact lists," Hollander says.
6. Understand NDA breach ramifications
Breaches of confidentiality can be extremely damaging to the company because once the confidential information has been released, it cannot be recaptured. "If you reach a point where legal action is required, it is most likely already too late," Hollander says.
Companies can pursue two possible legal remedies for disclosure breaches: monetary damages and injunctive relief. Court-awarded monetary damages are extremely difficult for a company to prove and almost impossible to quantify, says Hollander, because it is tough to show what future profits or benefits a company would have received from the confidential information had it not been disclosed. A court may also grant injunctive relief, in which the vendor is ordered by the court to cease disclosing; again, says Hollander, the damage has already been done.
NDAs shield vendors, contractors
To protect their interests, vendors should insist on well-drafted, thorough, and reasonable NDAs (nondisclosure agreements), says Jay Hollander of Hollander and Company, a New York law firm.
* In general
Before drafting the NDA, the company you will be working for must demonstrate that it already follows its own internal confidentiality procedures.
The NDA should spell out the specific kind of information to be kept confidential and clearly delineate the vendor's obligations and responsibilities.
The NDA should include specific procedures for identifying which information is confidential, such as documents "Confidential."
* For vendors and outsourcers
If the two companies work in similar fields, the R&D teams at both companies may arrive at similar conclusions or develop similar data, which should be handled separately from any intellectual property developed through collaborative work.
If the contracted relationship is more collaborative, use a bilateral agreement, which typically carries a lesser standard of confidentiality obligation.
* For individual contract workers, free-lancers, or temporary employeesFollow the same contractual guidelines as a corporate vendor.
An NDA that includes a noncompete agreement should spell out specific, reasonable, and separate, limitations. The promises or damages for breach of the NDA should be separate from the promises or damages of the noncompete.
Leverage your skills and experiences during negotiations to create an NDA that will not unreasonably limit you in finding future employment.