Sharing of personal information is all the rage right now, as we all evaluate whether we are over-sharing in our personal lives. The risks to businesses of over-sharing business and technical information are similarly significant. Put two groups of engineers in a room together to discuss the nifty new technologies that each of their respective companies is developing, and over-sharing by businesses often runs rampant. While not nearly as sexy a topic as personal privacy, the risks to businesses of over-sharing can be substantial.
What’s the Big Deal? Over-sharing can strengthen potential competitors, lead to loss of control over the company’s core assets and intellectual property, impact reputation and limit a company’s freedom to operate.
- When companies share sensitive information, they assume the risk that this information may be used or disclosed in a way that hurts them competitively.
- Evaluations and solicitations of feedback can result in claims by those providing such feedback that their feedback is now proprietary to them.
- Companies lose their ability to file patents on inventions if they don’t maintain the confidentiality of the invention prior to filing for patent protection.
- Sharing of sensitive information by a company with others can enable the recipients to develop patentable inventions that then can be used to block the company’s future activities (this is sometimes described as limiting “freedom to operate”).
It is common knowledge that companies should enter into agreements to protect the confidentiality and restrict the use of the sensitive information they disclose to others. Many don’t understand, though, that not all of these arrangements are alike. Some can turn out to have “bet the company” implications, while others are routine and raise few risks to the business.
Guide for Assessing High-Risk Sharing
The trick is in distinguishing the potential minefield from routine disclosures. Here are a few questions that can help you gauge whether or not a particular arrangement is high risk and therefore requires a more in-depth review:
- How sensitive is the information that your business is disclosing?
If the disclosures, when taken together with other information that is known to the recipient, can be used to compete more effectively with you or result in substantial harm to your business, then the risk of disclosure is higher.
- Does the recipient have other licenses or rights to the information disclosed? Is any material transfer occurring, or are any development activities contemplated?
The risks are much higher if the recipient has rights to use the information as part of a broader development effort, or the confidentiality provisions give the recipient the right to use information retained in the memory of individuals for broad purposes (sometimes referred to as a residuals clause).
- Is the business partner that is receiving the shared information a potential future competitor?
This can be a tough one to assess. Larger, more sophisticated companies often evaluate many potential products and technologies in making a decision as to whether to “make” that product or technology itself, or “buy” it from a third party. It is not uncommon for larger companies to run parallel, competitive development programs while engaging with third parties.
- Is the business partner that is receiving the shared information capable of developing in your core area? There are inherent risks in underestimating this capability. Companies with resources can hire third parties with core competencies well outside of their own.
The intent of these companies in engaging with you is not necessarily to take your solution and replicate it. Rather, companies may simply want to educate themselves thoroughly about the problems and challenges with existing solutions, and then make reasoned decisions about what solution to pursue.
Depending on the type of information shared, you may be educating the recipient on just the issues that you ultimately need to solve to develop and commercialize your own solution or technology. Part of their process of evaluating your solution is to educate themselves about your solution’s potential vulnerabilities.
The more specific and deeper your disclosures, the greater the likelihood that the recipient will look for innovative ways to address these vulnerabilities. And if these innovations are then patented, they could then be used to block your business from practicing the very solutions and technologies that you need. There are several ways to address this risk, and I will describe these in a future post.
Even if actual inventions don’t result, when exchanges of information occur, it is natural for those reviewing and evaluating that information to want to provide feedback and input about your solutions as part of the evaluation process. Contracts can be drafted with this in mind to provide your business with appropriate rights to feedback. Without these rights, those providing suggestions can claim as theirs the input they provide about your own products, services and technologies.
This post has focused on the red flags for companies that disclose confidential information to one another but has steered clear of issues relating to user data and data about usage of products and services. Check back as I will be providing short posts on these issues over the next few weeks.
Disclaimer: This is a personal blog. The views on this blog are my own and not that of my employer, Orrick Herrington & Sutcliffe, or its clients. Nothing on this blog is provided for, nor should it be relied upon as, legal advice. This blog is for informational purposes only. This site is not intended to substitute for obtaining legal advice from competent, independent, legal counsel in the relevant jurisdiction. Your use of this site is not intended to create and does not constitute a lawyer-client relationship. Neither this publication nor the lawyers who authored it are rendering legal or other professional advice or opinions on specific facts or matters.