Concluding of the NDA: does it protect trade secrets and confidential information?
Intellectual property

Concluding of the NDA: does it protect trade secrets and confidential information?

What is the NDA

NDA (non-disclosure agreement) – an agreement on non-disclosure of confidential information and trade secrets. The main provisions are enshrined in the Civil Code of Ukraine (Articles 505-508, 862) and the Commercial Code of Ukraine (Articles 36), which defines the concepts of trade secrets and confidential information, conditions of their use, illegal disclosure.

You can find the NDA agreement as part of the contract or as a separate document, and sign it to any cooperation, as the parties may already disclose confidential information (tasks, plans, work results, part of the code, etc.) and during ongoing or project work.

The primary purpose of the NDA is to protect the information, the results of work from unauthorized disclosure to third parties. 2 categories of data are subject to appropriate protection:

  • confidential information – includes information and information provided during the relationship (plans, proposals, customer information, financial information, project information, documentation, contracts, electronic data, etc.)
  • trade secret – technical, organizational, commercial, production, and other nature that constitutes commercial value (processes, ideas, techniques, software, algorithms, etc.)

How does the NDA work, and what terms should be mentioned in the contract?

Determination of information. In order to be effective, the NDA should determine what is considered as confidential information. The wording “confidential is all information that became known during the cooperation of the parties” does not work very well in practice. The parties must clearly define and describe the list of specific information (type, type, nature, features, specific information that already has identification) related to trade secrets and/or confidential information in the context of which the prohibition on disclosure should be determined.

Please note that information that is: publicly available and open (information from published data, etc.) or the disclosure of which is necessary for connection with the requirements of the law or at the court’s request may not be subject to protection under the NDA.

Courts may invalidate or limit the scope of an NDA that is unreasonable or excessively burdensome. In addition, the NDA may be invalid due to ambiguity if the conditions are too general to perform.

Of course, the NDA cannot include information that is not confidential.

Our recommendations for determining the information – to indicate both the general rules (plans, reports, contacts, databases, etc.) and specific to your company and these legal circumstances (access, passwords, servers, results, area of ​​responsibility of the parties, etc.). In practice, the list of confidential information is recorded on at least a few pages.

It is necessary to determine what actions can be qualified as the disclosure of confidential information, for example:

🔴sharing, distribution (including the Internet, social networks, press, radio, television)

🔴distribution for advertising and information purposes (use in own portfolio, resume, etc.), transfer of information on physical media)

🔴 failure to take all measures necessary to preserve information, etc.

Terms. Usually, the concluded NDA is valid until the termination of the relationship between the parties, but typically want to determine an additional specific period that will apply after the termination of such a relationship (for example, 3-5 years).

Responsibility. Probably one of the most critical elements of the NDA, which we always advise you to pay attention to. Of course, without the commitment, the NDA will not make sense.

Disclosure of trade secrets is subject to liability at the legislative level. For example, for disclosing a trade secret / confidential information, an administrative fine of UAH 153 may be imposed. Up to UAH 306 (Part 3 of Article 164-3 of the Code of Administrative Offenses). If the violation caused significant damage, then criminal liability is in the form of a fine of UAH 17,000 up to UAH 51,000 (Article 232 of the Criminal Code of Ukraine).

The legal regime of Action City also contains provisions on the possibility of concluding an NDA (non-disclosure agreement).

In addition, there are general provisions in the Civil Code of Ukraine (Articles 22, 624-625) and the Commercial Code of Ukraine (Articles 224-226) on damages. These rules stipulate that losses may be costs caused by illegal actions of the counterparty, unearned profits (lost profits), which the offender must reimburse.

Of course, disclosing trade secrets / confidential information may result in damages, but these circumstances are challenging to prove. In such cases, the evidence may be information about the termination of the commercial contract, applying penalties to the owner of the information, and so on. In addition, it is necessary to prove that such circumstances occurred as a result of disclosure.

The most effective tool is to determine the specific amounts of fines in the NDA and additional conditions for compensation for damages incurred due to disclosure.

The NDA parties are free to determine any conditions that do not contradict the legislation of Ukraine, as the principle of freedom of contract applies.

Please note that the NDA should clearly state the amount of the fine in a fixed amount or as a percentage, which can be tied to specific amounts. A fine may be applied on a case-by-case basis. It is necessary to pay special attention to the size of the fine. It may be reasonable for the specific legal relationship. In this case, as a rule, items with excessive fines may be declared invalid in court, as they will not correspond to the damage resulting from its disclosure.

Legal relations in the company and freelancers

Approaches to the application of NDA depending on the form of cooperation (with employees or with freelancers) can be different:

NDA and employees. The company can sign a general NDA with employees, but it won’t be easy to cover the entire array of confidential information.

Typically, companies additionally establish an internal regime of trade secrets / confidential information for their employees. Internal corporate documents establish this regime – in the charter, orders, regulations on trade secrets and confidential information, employee job descriptions, internal labor regulations, etc.

In-house IT staff are encouraged to read carefully the NDA text and other company documents governing the disclosure of trade secrets / confidential information, as these documents may set additional requirements and obligations for the employee regarding confidentiality.

Separately, it should be noted that a fine cannot be imposed on a developer-only based on a job description, etc., as labor legislation provides for only two types of liability (reprimand and/or dismissal). But, if the NDA sets a fine for the employee separately, it is possible to collect it.

NDA and freelancers. The NDA signs with freelancers, usually for specific term goals, tasks, projects. Unlike full-time employees, freelancers are required to comply with the provisions of a particular NDA and to bear financial responsibility in the event of a breach of its terms (which is usually provided for in the NDA). The parties to the NDA may jointly determine any of its terms in accordance with the principle of freedom of contract.

Law practice and court cases

In the jurisdiction of a conditional “measure,” the courts already have the practice of applying the NDA provisions and resolving disputes in the relevant field. Penalties for disclosure are a common consequence, and there are legends about the protection of trade secrets of companies such as Coca Cola, that only 2 people in the world know the original recipe and are obliged not to be together in one place – the details of these conditions are a trade secret.

Often, Ukrainian developers work for foreign companies that offer to sign an NDA, applying the country’s law in which the customer company is registered.

It is essential to consider which jurisdiction will apply to your non-disclosure agreement, as courts in different jurisdictions interpret NDA provisions differently.

An example is the case of online game developer Zynga Inc. to a former employee for misappropriation of trade secrets and breach of contract.

The employee was the general manager of Zynga’s CityVille game and signed the NDA. The contract required the protection of Zynga’s confidentiality and trade secrets.

Zynga claims a competitor in the lawsuit recruited the employee, and he agreed to join him. On the day of his dismissal, the employee kept confidential files on his personal Dropbox 760 account without Zynga’s consent. The documents included “unpublished game design documents” and other “strategic plans.”

In addition, the employee copied the contents of an email containing 14 months of confidential communication.

The San Francisco High Court heard the case, but both sides did not disclose whether a fine had been imposed by court order, as information on the size of the penalties is also part of the NDA. However, the employee issued a public apology to the company, indicating Zynga’s lawsuit satisfaction.

This case shows that the transfer of information to a competitor can be recognized as a violation of the NDA and simply storing it for their own needs.

Another interesting example is the lawsuit filed by technology developer InnoSys Inc. to his former engineer Amanda Mercer for violating the NDA by misappropriating a trade secret. Yes, the engineer forwarded confidential emails to his personal email account and copied the confidential business plan to his personal external storage.

The trial court found these circumstances, but the court noted that for InnoSys Inc., there is no real harm or threat due to Amanda Mercer destroying confidential documents that she has misappropriated, thereby destroying potential damage.

The Utah Supreme Court subsequently overturned the position of the trial court. The court noted that InnoSys Inc. has the right to a “presumption of irreparable harm,” even in the event of the destruction of confidential information. Other details regarding the application of liability to the engineer are not disclosed.

For Ukrainian courts, cases of breach of NDA agreements are a relatively new phenomenon, as a result of which we do not yet have precise mechanisms for implementing the provisions of the relevant contracts due to the lack of consistent case law.

Does the court protect customers in the case of disclosure of trade secrets/сonfidential information?

First of all, the customer must prove that the disclosure was due to the illegal behavior of the executor in court.

For example, according to the claim № 914/2231/18, the plaintiff alleged that the contractor had sent e-mails to third parties containing confidential information from a working e-mail under a service contract. The customer demanded a fine of 3,000 euros, the court of the first instance partially satisfied the requirements and ruled to collect a fine of 2,000 euros from the executor.

However, the Court of Appeal overturned the decision due to the fact that the e-mails did not contain information about the presence of an electronic digital signature, as a result, it was impossible to identify their author.

According to the court, it is impossible to establish that a specific person (Defendant) sent e-mails containing confidential information.

In our opinion, the way out of this situation can be:

– “stitching” EDS to correspondence or exchange of documents

– add clauses to the agreements that the party’s area of ​​responsibility is to store access and passwords to accounts, be responsible for all letters, etc. And if the disclosure takes place, it is the party responsible for this and the negative consequences and will continue to deal with “real” violators on its own.

Also, there is an example is a case № 922/4148/19, which resolved the issue of recovery of damages in the amount of 194696 US dollars for the disclosure of confidential information.

The Kharkiv company Code & Care LLC filed a lawsuit against the contractor under the Software Development Agreement. Code & Care LLC claimed that the contractor created a company that posted information about customers and developed projects (programs) Code & Care LLC on its website.

The court noted that it did not prove the relationship between the Defendant and the site and the company, and did not prove that the Defendant for the implementation of the Development Agreement received precisely the information posted on the site (no acts of acceptance of transfer, evidence of referral / providing such information).

That is, without specific evidence of access to specific confidential information and Defendant’s involvement in its disclosure, it is difficult to prove a violation of the NDA.

The person providing access to information must have factual data proving the information to the other party and sign the relevant documents (acts, annexes to contracts, etc.).

In case 757/17647/19-ts, the plaintiff managed to obtain a positive recovery on damages (lost profits) due to Defendant’s disclosure of confidential information in the amount of UAH 279,808. The court found that Defendant posted information about the plaintiff and his counterparties, preliminary sales of the plaintiff’s product) on personal pages on social networks Facebook and LinkedIn. Printouts from social networks confirmed relevant circumstances.

In addition, the plaintiff proved the causal link between the actions of the Defendant and the losses received by the plaintiff, which were expressed in the termination of the plaintiff’s counterparty contract and non-receipt by the plaintiff of the expected income. To confirm this circumstance, the plaintiff provided the court with a copy of the agreement and a copy of the Letter from the counterparty to terminate the contract, where the reason for termination is the disclosure of information by Defendant.

Thus, the case law is diverse. Summarizing the above, we can identify the main elements in litigation that are subject to proof:

  • proof that the actions/omissions of the party led to the disclosure of information

The mere disclosure of information does not automatically link this fact to the perpetrator. That is, it is necessary to gather evidence that can identify the disseminator of such information. For this purpose, the NDA specifies the actions that will be considered disclosure.

  • proof that the disclosed information belongs to the list of trade secrets / confidential information specified by the NDA

That is, the NDA must contain a specific list of information and/or identify particular sources that contain this information (for example, in services used for work, such as GetLab, etc.).

  • assessment of damages for the collection of fines. Before imposing a fine, it is necessary to assess the existing and potential damages to require the court to collect the fine. Too large a penalty, which does not correspond to the real consequences, potential damage, may not be accepted by the court.

As evidence in such cases may be any information, in particular: contracts, annexes, acts in writing and/or electronically; information on issued and paid invoices; correspondence of the parties in paper and/or electronic form (using an electronic digital signature); letters and notifications from contractors regarding the existence of the fact of the disclosure; recording of exposure on the Internet, etc. Because NDA violations are individual in each situation, such a list is not exhaustive.

NDA is a necessary solution for business, and the practice of their application will become more widespread. When signing the NDA, developers are advised to read the provisions carefully:

  1. a list of information that is confidential
  2. the terms of the agreement
  3. liability for disclosure (amount of fine, etc.)
  4. actions that will be considered as a disclosure
  5. the law applicable to the NDA.

It is essential to understand what you are signing and what terms you agree to. Specifics in the NDA will allow the developer to clearly understand the non-disclosed information as well as the responsibility for such disclosure. If there are general points in the NDA that you do not understand, ask your employer or customer to detail the relevant data, make changes, or provide appropriate clarifications about their content.

Part of the material is prepared for dou.ua

Link to the article

The authors of the material:

Sergiy Barbashin, Attorney at Law, Managing Partner at Trustme Law Firm, Intellectual Property Expert
Oleg Chip is a senior intellectual property lawyer