Click here to bookmark Clausehound and search for clause/contract language

Choose from our expert-compiled document frameworks and customize from a vast library of clauses.

NDA before Negotiations! Otherwise, Risk a Leak of Confidential Information

Links from this article:
Read the article here.

A party that allowed access to its confidential designs but took no action to protect themselves beyond signing a confidentiality agreement with the company, lost their dispute. This article discusses the case of nClosures, Inc. v. Block and Co., Inc. where nClosures, in their contract negotiations with Block, did not require Block’s engineers to sign any confidentiality agreements. However, when negotiations broke down, Block’s engineers used the information that they had received during the negotiations to redesign a product that was similar to nClosure’s. One of the main reasons for why nClosure lost is that the court found that the disclosing party did not take reasonable efforts to safeguard the information covered by the agreement.  Specifically mentioned as missed opportunities to safeguard were actions including:  1) documents were not kept in a vault with limited access, 2) engineers using the drawings were not required to sign confidentiality agreements, 3) vendors given access to drawings were not required to sign agreements, 4) drawings were not marked “confidential” or with other words showing their proprietary nature.

Read the article here.

 

Take away: 

  • Parties to a business transaction may want to lay out detailed provisions in the NDA to safeguard their confidential information, they may also want to consider the further protection of entering into intellectual property agreements if the material in question is highly sensitive and not protected by copyright or patent. Specific suggestions on further safeguarding are itemized above.

 

–  –  –

This article is provided for informational purposes only and does not create a lawyer-client relationship with the reader. It is not legal advice and should not be regarded as such. Any reliance on the information is solely at the reader’s own risk. Clausehound.com is a legal tool geared towards entrepreneurs, early-stage businesses and small businesses alike to help draft legal documents to make businesses more productive. Clausehound offers a $10 per month DIY Legal Library which hosts tens of thousands of legal clauses, contracts, articles, lawyer commentaries and instructional videos. Find Clausehound.com where you see this logo.

What you don't know can hurt you! Subscribe to stay informed.

Sign up now and receive an email when we publish new content.

We will never give away, trade or sell your email address. You can unsubscribe at any time.

Read more...

Follow Your NDA Procedures or Risk Losing Confidentiality

Links from this article:
Read the article here.

The NDA stated that to trigger either party’s obligations, the disclosed information must be either marked as confidential at the time of disclosure, or be unmarked and treated as confidential at the time of disclosure and designated later as confidential by written memorandum identifying the confidential information. Years later, information which was not marked but was considered confidential was shared in a presentation. The written memorandum was never sent. The deal collapsed and one party used the other party’s “confidential” information. The (California) court held that the NDA did not apply to protect the information if the procedure set out in the agreement was not followed.

The authors conclude: “If an NDA has a marking requirement…a procedure to discuss and fix procedural errors should be instituted to prevent accidental disclosure of confidential information.”

Read the article here.

 

Take away:

  • If the NDA has a marking requirement, it is most important to understand the procedures for marking, and to implement them. If the procedures are not followed, the NDA may not protect those pieces of confidential information since the mark is what determines if that document was confidential.

 

–  –  –

This article is provided for informational purposes only and does not create a lawyer-client relationship with the reader. It is not legal advice and should not be regarded as such. Any reliance on the information is solely at the reader’s own risk. Clausehound.com is a legal tool geared towards entrepreneurs, early-stage businesses and small businesses alike to help draft legal documents to make businesses more productive. Clausehound offers a $10 per month DIY Legal Library which hosts tens of thousands of legal clauses, contracts, articles, lawyer commentaries and instructional videos. Find Clausehound.com where you see this logo.

What you don't know can hurt you! Subscribe to stay informed.

Sign up now and receive an email when we publish new content.

We will never give away, trade or sell your email address. You can unsubscribe at any time.

Read more...

Make Sure Your Actions are Consistent with your NDA, or Risk Waiving All Confidentiality

Links from this article:
Read the full article here.

It would be prudent to clearly lay out in an NDA how confidential information will be protected and to abide by it. The article warns that care should be taken by an insured when disclosing privileged material to an insurer because they could inadvertently waive the privilege. In determining whether a waiver of privilege is valid, the court looks at whether the client’s acts were inconsistent with the maintenance of the confidentiality in the communication. The test is an objective one, so that an implied waiver may be found despite that it may not reflect the actual subjective intention of the privilege holder.

Read the full article here.

 

Take away:

  • When undertaking a confidential transaction, one should respect the conventions set forth in the NDA. Actions which are inconsistent with the NDA could result in a party waiving their confidentiality.

 

–  –  –

This article is provided for informational purposes only and does not create a lawyer-client relationship with the reader. It is not legal advice and should not be regarded as such. Any reliance on the information is solely at the reader’s own risk. Clausehound.com is a legal tool geared towards entrepreneurs, early-stage businesses and small businesses alike to help draft legal documents to make businesses more productive. Clausehound offers a $10 per month DIY Legal Library which hosts tens of thousands of legal clauses, contracts, articles, lawyer commentaries and instructional videos. Find Clausehound.com where you see this logo.

What you don't know can hurt you! Subscribe to stay informed.

Sign up now and receive an email when we publish new content.

We will never give away, trade or sell your email address. You can unsubscribe at any time.

Read more...

Protection of Confidential Information

Links from this article:
my post on data security

I am often asked to either draft or review non-disclosure agreements. Within a standard agreement I will typically come across or include a clause on the standard of care required for safeguarding confidential information.

The clause might be worded as follows:

Confidential information is handled, at minimum, in the same way that the recipient would handle their own confidential information [or “in no event less than reasonable degree of care”, or in “strict confidence”, or at the “highest standard of care];  neither party shall be liable for the inadvertent or accidental disclosure of confidential information if such disclosure occurs despite the exercise of such care. 

The language noted above is not appropriate in all circumstances, but can be modified to suit the custom needs of the disclosure and recipient.

I was recently asked about the steps required in safeguarding information.  For the safeguarding of information stored electronically, please refer to my post on data security.

With respect to the safeguarding of information stored in physical files, I spent some time considering the recommendations of the Privacy Commission in response to complaints made against businesses on their handling of confidential information, to come up with the following  list of recommendations:

  • Ensure separation of confidential information storage/processing and open areas (such as your office reception area);
  • Ensure that access to confidential information storage and processing areas is key-controlled;
  • Ensure locked and guarded access to confidential information stored offsite: i.e.

    ensure information in storage is held off-site in a secure fenced facility, where entry is controlled by a security guard;

  • Ensure that a system exists for the monitoring and tracking of access to confidential information;
  • Ensure pre-screening and training of employees who have access to confidential information (with respect to training, employees should be oriented on their obligations to maintain the confidentiality and security of confidential information); and
  • Ensure that confidentiality protocols for accessing and storing confidential information are set out in a company code of conduct, along with protocol to notify employee supervisors in the event that confidential information is inadvertently stolen, lost, or unauthorized disclosures are made.

Consider taking the steps noted above (among other commercially reasonable measures) to protect the confidential information that is entrusted to you.

 

–  –  –

This article is provided for informational purposes only and does not create a lawyer-client relationship with the reader. It is not legal advice and should not be regarded as such. Any reliance on the information is solely at the reader’s own risk. Clausehound.com is a legal tool geared towards entrepreneurs, early-stage businesses and small businesses alike to help draft legal documents to make businesses more productive. Clausehound offers a $10 per month DIY Legal Library which hosts tens of thousands of legal clauses, contracts, articles, lawyer commentaries and instructional videos. Find Clausehound.com where you see this logo.

What you don't know can hurt you! Subscribe to stay informed.

Sign up now and receive an email when we publish new content.

We will never give away, trade or sell your email address. You can unsubscribe at any time.

 

Read more...

Data Security is Essential for Company Credibility

Links from this article:
Wall Street Journal article

This month Home Depot announced that it was hacked and that 56 million credit-card accounts were compromised, and that around 53 million customer email addresses were stolen as well.  This Wall Street Journal article indicates that the hackers breached security in the following manner (among other things):

(1)    Took advantage of the security credentials of a third party vendor;

(2)    Entered the main system using a Microsoft operating system vulnerability;

(3)    Targeted self-checkout payment terminals data storage but avoided the cash register data storage (self-checkout was labelled in a recognizable way, whereas cash register was labelled numerically making it difficult to find); and

(4)    For five months, lurked beneath the surface, collecting and transmitting data during normal business hours and erasing evidence of its sale.

While my posts focus mainly on business law issues, prior to my legal career I worked as an IT professional (for 11 years including 3 years of coding and 7 years as an IT manager), and the Wall Street Journal article reminded me of the vulnerabilities faced by companies that are managing significant volumes of data, and the potential embarrassment and credibility issues that result from situations like the Home Depot situation.

A company and its’ data security team should be alert to news articles like this one, or legal cases, as they will help to illustrate risks which can be used to develop methodologies and protocols.  A suggested security protocol could be composed as follows:

(1)    Periodic (daily/weekly/monthly) audit of third party vendor id’s by HR, data security staff, and project managers, to ensure that they are not active longer than they need to be;

(2)    Data security and data architect collaboration to separate user information and credit card data so they are not stored together;

(3)    Data security mandated access restrictions to prevent (even restricted users) from accessing all sections of data;

(4)    Periodic (daily/weekly/monthly) audits by data security personnel of IDs that have access to sensitive information

(5)    Data security and data architect collaboration to disguise confidential parts of the site to prevent easy targeting of sensitive information by hackers;

(6)    Data security periodic (monthly) stress tests of the system to look for new techniques to breach the system (rather than relying on industry standard security protocols);

(7)    Daily alerts to multiple levels of personnel (inventory personnel, data base personnel, data security personnel) to notify when data is being extracted whether usually or unusually;

(8)    Periodic training to staff (at time of hire, and, at minimum, at quarterly training refreshers) to react quickly when alerted (and so on); and

(9)    Daily scan of news and legal articles to uncover security breach situations at other businesses, to develop a “risk database”, and to compare the security protocols to your business.

While this is not an exhaustive list, it sets out the basic elements of development of a security protocol, which are:  who is responsible, what are they doing, and how often are they doing that.

The protocol could also include the PR aspects of dealing with a hacker attack.

 The Wall Street Journal article indicates that Home Depot had developed a protocol in the event of a hacker attack – a 45 page playbook which included media messaging, and executive responsibilities.  While these are sensible points that a large enterprise should include in their protocol, the protocol should have very specific tactical measures to reduce the deleterious effects of a hacker attack.

Regardless of the size of the business, and whether the payment processing is handled internally or outside of the company, the company CTO should develop a security checklist, and should periodically report back to management on the risks inherent in the company’s existing system, with reference to current security breach situations in the news and otherwise.

 

–  –  –

This article is provided for informational purposes only and does not create a lawyer-client relationship with the reader. It is not legal advice and should not be regarded as such. Any reliance on the information is solely at the reader’s own risk. Clausehound.com is a legal tool geared towards entrepreneurs, early-stage businesses and small businesses alike to help draft legal documents to make businesses more productive. Clausehound offers a $10 per month DIY Legal Library which hosts tens of thousands of legal clauses, contracts, articles, lawyer commentaries and instructional videos. Find Clausehound.com where you see this logo.

What you don't know can hurt you! Subscribe to stay informed.

Sign up now and receive an email when we publish new content.

We will never give away, trade or sell your email address. You can unsubscribe at any time.

 

Read more...

Additional Rent Announcements API Approval of Terms Asset Purchase Agreement Background Intellectual Property Board of Directors Business Case Law CASL Clausehound Collaboration Commercial Lease Confidential Information Confidentiality Consulting Agreement Contract Drafting Contract Negotiations Corporation Costs and Expenses CPD Definition of Intellectual Property Dispute Resolution Distribution Agreement Employee Employment Employment Agreement ESOP Events Farming Law Generally Used Clauses Grant of Licence Handling of Confidential Information Indemnity Independent Contractor Independent Legal Advice Informal Discussions Intellectual Property Investor Journey Licence Restrictions Limitation of Liability Long Form Marriage Contract Master Services Agreement NDA Non-competition Not for Profit Articles of Incorporation Notice of Arbitration No Waiver Obligations Ownership of Intellectual Property Ownership of Work Product Parties Partnership Prenuptial Agreements Privacy Policy Product Sales Agreement Purpose Representations and Warranties Restrictive Covenants Safeguarding Requirements Settlement Agreement Shareholder Agreement Software Development Start-up Subscription Agreement Technology Termination Term Sheet Terms of Use Trademark Registration Transfer of Intellectual Property Waivers and Releases Website Terms of Use
Show All Tags