Dawn/dusk reflection of the RPC building.

Key legal pitfalls of starting up: Protect your confidential information

11 December 2017. Published by Charles Buckworth, Senior Associate

Good commercial practice and robust contractual agreements are essential to safeguard confidential information.

With any start-up, the crown jewels of the business will be the ideas of its founders – whether these are the code for an app or a new algorithm to calculate risk across a defined group of people. Whatever it may be, much like the Queen, you should ensure that these crown jewels are protected (preferably in a large tower with armed guards, but we will forgive you that step this early on!). 

How to protect your crown jewels?

There are some basic steps you can take to help prevent your trade secrets from falling into the hands of potential competitors:

  • ensure that you mark any documents which contain confidential information or trade secrets as "confidential" – this will put recipients of the information on notice that the information is confidential which will help to establish an obligation under the common law of confidentiality (and also under many NDAs);
  • limit the pool of people privy to the information to the minimum possible and keep a log of those individuals. All in all, choose recipients carefully;
  • give out as little of your confidential information as necessary to achieve your commercial objectives; and
  • you should enter into a non-disclosure agreement (NDA) before handing over sensitive information.

What is an NDA and when would a start-up need one?

A well-drafted standard form NDA is an important first-step for any well-run business.  Not only does it help to protect your business but it also shows you are professional and mean business!  An NDA is a binding contract that enables two (or more) parties to exchange sensitive commercial information. In simple terms, NDA's allow a business to contractually protect confidential information and know-how. 

Throughout its life, businesses will want to share confidential information but, at the same time, want to ensure that the recipient of that information does not attempt to misuse it. As a result, start-ups should always seek to ensure that appropriate contractual confidentiality obligations are in place, for example:

  • between co-founders, to act as protection should relationships ever sour (this would normally be in a shareholders' agreement or other agreement governing the co-founders relationships in respect of the business rather than in a separate NDA;
  • when presenting ideas/concepts to potential investors/new partners/potential licensees;
  • when bringing employees on board who have access to sensitive information (this would normally form part of their employment contracts rather than being in a separate NDA);
  • when sharing financial or marketing data; or
  • when eventually looking to sell/entering into a bidding process.

Key things to look out for when entering into an NDA

Broadly, the key concepts in an NDA (and similarly in confidentiality obligations in broader agreements) are the ideas of "confidential information", "purpose" and "authorised recipients". A start-up should ensure these are carefully worded so it obtains the protection it requires.

Firstly, "confidential information" should be defined specifically (but where you are the disclosing party, broadly to take account of potential future disclosures), making clear the types of information that are covered. That will enable the parties to understand the exact information protected by the NDA and eliminate any room for error e.g. source code, designs, recipes etc.

It is also important to clearly set out the purpose for which you are disclosing your trade secrets and ensure that there is a clear obligation on the recipient to only use the information for that purpose. This will prevent the recipient from using it in a way that you had not anticipated e.g. to develop a similar product. 

Finally, make sure that you list the categories of people/ entities that the recipient is allowed to disclose the information to. Remember, the larger the number of people who are privy to the information the harder it becomes to control and the more likely a breach of your confidentiality will take place.  You should ensure that the recipient of the information is responsible (and liable) for the acts and omissions of any person to which it discloses your information – this ensures there is a clear chain of responsibility which is enforceable by you against your contractual counterparty.

Final thoughts

Remember that, while NDAs are an important step to take to protect your confidential information, in reality they offer few guarantees.  NDAs are notoriously difficult to enforce (you have to prove that it was the recipient that disclosed the information or used your information other than for the purpose (which in many cases is a significant evidential barrier to enforcement)). 

Further, as a start-up, you may simply not have the money to enforce your NDA which would likely involve complex, expensive and time-consuming litigation. 

As such, the safest approach is to combine the NDA with the recommendations at the beginning of this article: limit the persons to which you disclose information to those that absolutely need to know it to progress your business and limit the information you disclose to the information which those persons absolutely need to know.  By this multi-pronged approach you can seek to manage your risks and hopefully keep the crown jewels safe!