Protecting Company Secrets:
NDAs and Employment
In the past Non-Disclosure Agreements were fairly unusual in the normal run of employment. Mostly they were reserved for very senior staff who might be privy to key company plans and strategies, new products or services in development and confidential information about the working and financial status of the firm. We find however that employers are increasingly using these agreements with existing staff at all levels as well as new hires and contractors. Here we explore a few of the reasons for that change.
Why are NDAs more necessary?
Modern business life is a lot different to what it was a decade ago and this makes our information less secure and exclusive to particular individuals than it used to be. This puts key information at risk, either from carelessness or from people who are not especially loyal to their employer.
- We are more informal and less hierarchical at work
- Communications are faster and easier to distribute and the sheer volume makes it difficult to monitor who is sharing what with whom and who has access to particular documents or meeting notes.
- Getting the job done or a problem fixed often means that support or technical staff need access to password protected areas.
- If someone is really looking to get inside information on your firm, passwords themselves are pretty valuable to them.
- People work from home, accessing company information and systems from their own private devices.
- Intellectual property is far more of a real asset than it was in the past. Where once a document containing the prototype for a new product might have existed in a typed document in a locked drawer, now your "secret sauce" might be a some lines of code for instance.
- Businesses are subject to far higher liabilities if they do not protect the personal and business information of their clients, employees, prospects or even suppliers.
What kind of information should you protect?
On the whole the best advice is that an NDA should be as specific as possible about the information that it prohibits from disclosure. However, it's entirely possible to put in place a fairly lightweight, but effective, NDA to cover the general information that an individual might come in contact with in the course of working for you. Items may include:
Passwords and access codes
The content of internal communications, meetings or discussions
Proprietary code for closed source software belonging to the company
The company's intellectual property (this could be a lot of things obviously, depending on the business - research, prototypes, plans)
Creative concepts, copy and designs
Personal and contact information about 3rd parties - clients, other employees, investors, directors and their families for instance.
Sales leads and other customer information about buying habits.
How effective and enforceable are NDAs?
To qualify for protection under an NDA, and for a breach to be considered actionable by a court, the information must meet the following criteria:
- It must be confidential
- The recipient must have been clearly informed that the information was confidential.
- The individual's use of the information must be shown to be unauthorised.
- Some harm, loss or detriment must have been suffered by the information owner as a result of the disclosure.
A legally binding general employee or contractor's NDA will go a long way towards providing you with these grounds, especially where a specific type of information has been defined in the agreement, but if you are sharing anything highly sensitive you would still be wise to seek an updated or new agreement with the other parties.
What does an NDA not cover?
Information that has subsequently become public knowledge is no longer effectively covered by an NDA.
An NDA also does not prevent an individual disclosing information when it is:
Required by law or by a regulatory body
Given to the police
Provided to a legal advisor
Covered by the Public Interest Disclosure Act (1998)
NDA's cannot be used to cover up serious wrongdoing or to hide information that it is in the public's interest to have revealed (things like Health and Safety regulations being ignored or abused, environmental regulations (wrongful disposal of waste for instance).
NDAs have been in the news quite a bit recently, in the USA particularly but also in the UK (The President's Club scandal jumps to mind).
In March 2018 the SRA (Solicitor's Regulation Authority) issued a warning notice to UK solicitors that they should not attempt to use NDA's as a deterrent to deflect employees from disclosing wrongdoing such as sexual harassment:
We are concerned that you do not:
- use NDAs in circumstances in which the subject of the NDA may, as a result of the use of the NDA feel unable to notify the SRA or other regulators or law enforcement agencies of conduct which might otherwise be reportable
- fail to notify the SRA of misconduct, or a serious breach of our regulatory requirements, by any person or firm: including wrongdoing by the firm, or harassment or other misconduct towards others such as employees or clients
- use NDAs as a means of improperly threatening litigation or other adverse consequences, or otherwise exerting inappropriate influence over people not to make disclosures which are protected by statute, or reportable to regulators or law enforcement agencies.
Solicitors Regulation Authority, March 12th 2018
What we recommend in light of this warning is that when you ask an employee, at any stage of their employment, or for that matter, any other individual, that you make it absolutely clear that signing the NDA does not affect their normal legal rights to disclose wrongdoing either internally or to appropriate authorities. You should also highlight your robust complaints and anti-harassment and bullying policies and procedures.
You can also reassure employees that your policy of asking all employees to sign NDAs also protects their own personal information held by the company.
Disputes and settlements
Employee NDA's are often part of settlement agreements where there has been a dispute between employer and employee. In order to receive a settlement sum, the employee signs an NDA promising, basically, not to mention the matter again, and not to disclose the matter publicly, or even, sometimes, that the NDA itself even exists (their spouse, their accountant and their lawyer are all excluded from this). Sometimes a non-disparagement agreement is also signed.
These NDAs can be one-way - the employee signs to agree not to disclose the matter or disparage the employer - or mutual where, basically, both parties agree to put an end to the matter and not talk about it again. It is often the case that both parties are keen to avoid reputational damage. Again, if serious or criminal wrongdoing is involved then it is doubtful that the agreement would stand up in court, particularly if the same or similar information has been disclosed by someone else.
This is why you will often see a number of other people come forward after one whistleblower or victim of, say, sexual abuse or harassment, has gone public. The NDA's of the others have at this point diminished almost entirely in power.
Are general employee NDA's worth having?
In a word, very often - Yes.
Anything that clarifies the employer's policies and company requirements is valuable to lay down before it ever becomes an issue that has to be raised with an individual.
Introducing the issue of confidentiality is a great way of opening employee eyes to the significance of the information they deal with every day. Back in World War 2 the government ran the famous public information campaigns on the theme of "Careless talk costs lives". It's unlikely that any of us are dealing with quite the level of threat that those posters were targeting (!) but it was realised that people simply didn't realise that information they might casually disclose, for instance about what was being made at the factory where they were working, in the normal run of conversation at a bus stop or in the pub, could be highly damaging in the hands of the enemy. So a big argument in favour of an NDA that is signed routinely at the beginning of employment and perhaps periodically reviewed and re-signed, is that it raises awareness that company information may be valuable to outsiders, especially competitors, and should be protected .
With regard to 3rd party information such as client and employee information, GDPR has made this a much more live issue. You should in any case be taking steps to ensure that employees have very clear awareness of their own individual responsibilities under the new legislation. For the first time data processors (eg sales staff who have access to and work with your customer and prospect lists) have liability for wrongful use of personal data under law. And that doesn't diminish your responsibility as the data controller - you could both be fined in the event of a serious breach. See the GDPR Quickfire Guide on our sister company, Tiger Law's blog for more information on this very important current issue. This should also be highlighted in your Employee Handbook.
Finally, having an agreement dealing with confidentiality already in place protects you if members of staff form personal relationships with people who you do not wish to have access to information that they do. This might include clients, competitors or suppliers but also other members of staff within the same business. It is much easier and less likely to cause offence if the agreement is already part of the furniture and you can simply remind them of it when the issue occurs than if you were to try and introduce an NDA and ask them to sign it once it has. See our blog post Love in the Workplace for more on this common HR management issue.
Need some help?
Protecting your business is what Tiger HR is all about.
If you would like to discuss safeguarding your firm's confidential information with NDA's or any other measure to help you build sound ongoing staff relationships please get in touch.