Creating a Better Confidentiality Culture — Part I: The Basics

13 min readOct 4, 2019

Introduction

Ask any employee in the tech, finance, customer service, or nearly any other industry in America, if they were required to sign a confidentiality agreement at the beginning of their employment. One in three U.S. workers will say yes. Next, ask those employees whether they could immediately identify what “confidential information” is. Likely, none would answer that question accurately.

Employers rely on confidentiality agreements, also called an “NDA” (short for Non-Disclosure Agreement) to protect sensitive corporate information from being leaked by careless or malcontent employees. Confidential information can range from trade secrets such as the Coca-Cola recipe to corporate strategies and policies.

However, most companies do not take any further steps to protect their corporate secrets beyond legal agreements. Many companies appear to be content with the mere existence of confidentiality agreements to prevent disclosures by employees. This reliance on confidentiality agreements, with their vague definitions and ambiguous damages clauses, causes companies to be over-dependent on legal agreements rather than concentrating on methods to prevent disclosure in the first place.

This 3-part series discusses the rampant use of confidentiality agreements, commonly referred to as NDAs, and how both employees and employers are facing greater uncertainties with the growing use of such agreements.

This first article discusses the history of confidentiality agreements from an employment context. Topics will cover why NDAs have become an integral part of the employee intake process as well as industry-specific concerns. The article will also review the chilling effects of NDAs on employees in the U.S. workforce.

The second article will discuss why confidentiality agreements are not the lone option for employers to protect their intellectual property and trade secrets. While NDAs are enforceable documents in courts, the enforcement of such agreements represents a reactive indemnification for an already-damaged company. The article argues that preemptive measures, such as better employee training and education, may be a better solution.

The last article will present a framework for employers better train employees and, hopefully, protect intellectual property and trade secrets. The article explains a 5 step process of implementing a training program for employees in addition to signing confidentiality agreements. The 5-step process broadly outlines a training module for new and existing employees as well as post-departure policies for employers to follow.

The hope is that enhanced training, defined policies, and better educated employees will reduce employers’ reliance on confidentiality agreements. Companies of any size can utilize this strategy to prevent intellectual property leaks and other employment issues, but is mostly likely to be adopted by companies with significant financial resources to implement the entire 5-step program (discussed in the 3rd part of this series).

Part I — What is a Confidentiality Agreement, and What Does it Cover?

A confidentiality agreement is an agreement between two or more parties to prevent confidential information from being disclosed to others. Employees often sign confidentiality agreements at the beginning of their tenure with their employers, promising not to disclose the company’s confidential information or other private information about the business.

Also called Non-Disclosure Agreements (NDAs), confidentiality agreements are enforceable contracts with three main purposes. The first purpose is to describe the legal relationship between the employee and the employer. The second is to define what confidential information the employee is not allowed to disclosed during their employment or after they leave. Lastly, the agreement details the penalties an employee will face for disclosing private information to unauthorized third parties.

The Legal Relationship

For an agreement to be enforceable, two parties must come together and agree to specific terms and conditions (for the purposes of this article series, those parties are the employee and the company). Businesses maintain valuable and sensitive information that they have a vested interest in keeping secret from others. However, for employees to successfully do their jobs, they have to be given access to this confidential information by the business.

NDAs establish a clear legal relationship between the employer and employee and the responsibilities of the employee. The employer is the sole owner of the confidential information and the employee is receiving that information. The company is effectively entrusting the information to the employee, and the employee is promising to protect that information for the benefit of their employer.[1] Essentially, a confidentiality agreement creates a “relationship of confidence” where the employer reduces its risks in disclosing confidential information to employees by retaining certain equitable rights in the case of a breach.[2]

Confidential Information

Confidentiality agreements also broadly define “confidential information” and explicitly prohibit the use of such information outside the scope of the employee’s position or from disclosing it to unauthorized third parties.

Companies have a serious interest in protecting their confidential information including trade secrets, formulas, software codes, and business strategies. To maintain an edge against competition and deliver innovative products, companies need to protect sensitive information from falling into the wrong hands.

Confidentiality agreements restrict the use of confidential information by employees and forbid its dissemination without prior authorization. NDAs typically employ a broad definition of “confidential information,” creating a catch-all definition for anything the company wants to keep private. The definition covers a broad class of information divulged to the employee, typically in all forms of potential communication (written, oral, in company materials).[3]

Almost all companies consider any information used or created at work, or “on the clock,” as information that employees must keep strictly confidential. This includes internal conversations, figures, performance, and even corporate policies. Companies treat the vast majority of information available to employees as confidential to maintain tight control over employees and encourage employees to think first before releasing any corporate information to outsiders.

This seemingly ever-expanding definition of “confidential information” has recently attracted negative attention in the employment realm, with a Harvard Business Review article aptly named “NDAs Are Out of Control” arguing that NDAs threaten to stifle employee growth. For example, Tesla recently sent a “friendly” reminder to its employees after reporters were given unfavorable information about the company’s production issues. The email to employees read, in part, “as an employee and a shareholder, each of us has a responsibility to safeguard all information and technology we use and generate every day.”[4]

Tesla’s email to employees on May 2, 2019

The issue of expansive definitions of “confidential information,” and the inefficiencies of that practice, will be discussed in the second and third articles of this series. While companies likely believe that broader NDA definitions afford better legal and business protections, that correlation is both overly-simplified and inefficient.

Penalties

The last topic that every confidentiality agreement typically covers are the potential penalties associated with intentional or mistaken leaks of confidential information. NDAs stipulate the pecuniary and equitable remedies available to the company in case of disclosure, including damages suffered by the company.[5]

Typically, lawsuits might seek compensation or injunctions for the disclosure of closely-guarded trade secrets, copyright infringement, or breaches of fiduciary duties.[6] However, employers might also argue for liquidated damages stemming from the losses suffered after the disclosure.

Furthermore, damages are not a set figure in almost all confidentiality agreements, meaning that employees potentially have unlimited liability if they do disclose confidential information.

Companies aren’t afraid to throw the legal weight of NDAs around at employees they believe are leaking confidential information. Using the Tesla email from above as an example, some companies are willing to utilize the tools in the NDA, specifically contained in the damages provisions, to penalize employees who are leaking important corporate information. The email cautioned employees, “Tesla will take action against those who improperly leak proprietary business information or violate the non-disclosure obligations to which we all agreed… including termination of employment… and even criminal charges.”[7]

Part II — Why do we have NDAs?

NDAs are not a recent development. The 1970’s ushered in the tech revolution, where big tech companies competed in a race to design new consumer technologies, pitting their engineers against other companies to develop faster machines and more complex algorithms.[8] Given the stakes, companies (and their shareholders) could suffer significant financial harm if an employee were to leak proprietary information to a competitor.

While companies would prefer to lock their secrets in a vault and throw away the keys, that isn’t a viable business strategy. Companies need to trust their employees with sensitive information, knowledge that is also required by the employee to do their job correctly. Research and development requires collaboration between internal teams and external vendors and advisors.

To understand why NDAs have become so prevalent, it’s best to review the main purposes of confidentiality agreements and how a legal document can lock-down sensitive information. Confidentiality agreements serve three main purposes. The first, and most obvious, purpose is to protect the company’s confidential information from being leaked by current employees or employees moving to new firms. The second purpose is establishing boundaries between what an employee can and can’t do with sensitive company information. The last purpose is to create a cautious environment where employees are more careful with private information and understand the consequences of leaking such information.

Purpose #1: Protection

Confidential information comes in many shapes and sizes. Inventions, business plans, client lists, and personal data are all types of confidential information that businesses want to keep safe. The term “confidential information” broadly categorizes a lot of information that a company does not want the public to know about. Arguably the most important category of confidential information is the intellectual property owned by the company.

A company’s intellectual property is its main revenue driver as it forms the foundation to the company’s product or service. Intellectual property includes inventions, patents, research data, formulas, and product designs created by the company’s employees. While employees create the intellectual property, the company holds exclusive rights to any ideas created in the course of business by its employees.[9]

Intellectual property can be created by employees in any manner: meetings, drafting sessions, even discussions at the water cooler. It’s important to remember that employees’ creative ideas, while on the clock, are ultimately for the benefit of the employer.

Purpose #2: Establishing Boundaries

One of the primary reasons for having an NDA is to establish boundaries for what a current or former employee can and can’t say or do. A confidentiality agreement is pivotal in deciding how much information from the employee’s duties are considered confidential and protected from exposure by the employee.

There are two main types of boundaries established by an NDA. The first boundary sets the threshold for what information is considered “confidential information.” The second boundary sets the purposes for which that information can be shared.

As discussed in an earlier section, the threshold for what is considered “confidential information” appears to be constantly spreading. This threshold has been creeping over the past decades into a broader catch-all definition. Whereas in the 1970’s the definition typically referred to secret formulas or blueprints developed internally, confidential information is now broadly construed to mean “anything the company may wish others not to know.”

For example, many template definitions state that confidential information is “any proprietary information of the Company not generally known to the public.” That definition can mean quite literally anything created within the company. The ever-expanding reach of confidentiality agreements, however, might have reached its climax. Recent scandals involving sexual harassment claims being stifled under NDAs raised speculations that confidentiality agreements are reaching too far when defining confidential information.

Purpose #3: Creating a Cautious Environment

Underpinning the physical confidentiality agreement document are the psychological effects of such legal agreements. Requiring all employees to sign NDAs sends a clear message that the company takes data privacy seriously and that employees will be held to a high standard of secrecy.

When every employee signs a confidentiality agreement on their first day of employment, the intended effect is to create a cautious environment. Every employee is aware of the legal ramifications of disclosing confidential information and acknowledges, in writing, that they must protect that information at all costs.

While some commentators argue that NDAs create a “culture of fear” in the workplace, that is not the ultimate goal of confidentiality agreements. Rather, a cautious culture is the company’s aim. The purpose is not to create a fear of the reprisals if a leak happens, but rather to constantly remind employees to not disclose information (either purposefully or inadvertently) before an issue arises.

Part III — What are the Effects of NDAs on Employment?

Confidentiality agreements have become prolific across most industries. Small startups and multinational corporations use NDAs to prevent leaks and protect their confidential information. Over one-third of U.S. workers are bound by an NDA and the trend continues to grow. More and more employees are welcomed by a suite of employment contracts, including an NDA.[11]

In addition, confidentiality agreements are gaining new attention from the mainstream media and legal scholars alike. More employees are covered by NDAs that cover more topics, ranging from private arbitration provisions to sexual harassment claims. While NDAs are certainly a powerful tool for companies to use to protect their most sensitive information, especially for innovations in early development, many commentators argue that NDAs are stifling employees rather than protecting sensitive information.[12]

Confidentiality agreement language developed over the past few decades, but fairly recently the term “confidential information” came to be a catch-all for anything the company wants to protect from disclosure. Many legal experts are alarmed at the use of NDAs to prevent allegations of sexual harassment, trade secret violations, and other whistleblower-esque claims.[13]

Chilling Effects

Many scholars argue that restrictive covenants, ranging from non-compete agreements to confidentiality agreements, deter employees from leaving for a competitor.[14] Generally, the argument holds that confidentiality agreements and non-compete provisions in employment contracts demand silence from employees and consequently limit an employee’s exit opportunities.

“NDAs chill competition, through expansive definitions of what must remain confidential and proprietary, reducing the ability of a discontent employee or an employee working in a hostile environment to go elsewhere.” — Orly Lobel, Warren Distinguished Professor of Law at the University of San Diego.

The chilling effects are two-fold: overly-broad NDAs can have the effect of preventing workers from speaking up while they are employed and can limit a worker’s employment options after leaving.[15]

Additionally, many companies require secretaries, interns, and other entry-level employees to sign confidentiality agreements,[16] even though they will likely never see or have access to sensitive corporate information.[17] Some scholars and legal experts wonder whether the prolific use of NDAs serves to deter employees from raising serious concerns during or after their employment rather than protecting the company’s important confidential information.

The Court Problem

While courts typically favor written agreements that are signed by both parties, the judge’s support is not absolute. Courts have sided with employees where they demonstrated a confidentiality agreement is overly-broad, non-applicable, or was used specifically to limit their freedom of movement.[18]

For example, courts will not enforce an NDA if the supposed confidential information was not in fact confidential or valuable to the company.[19] In addition, courts will not protect information that was available to the employee prior to signing the NDA, received from a third party, or independently developed without the use of confidential information. [20]

Even if an NDA is valid, companies can face an uphill battle if they choose to enforce a confidentiality agreement in court against an employee. For instance, during the Harvey Weinstein sexual harassment saga, several victims broke the terms of their NDAs to publicly announce their encounters with the media executive. Legal experts argued that while the agreements were still likely valid, even after two decades, the defense team and parent company would likely be excoriated if they asked a court to enforce the penalties available in the NDA.[21]

Companies Need To Create A Better Confidentiality Culture

Confidentiality agreements are increasingly gaining a bad reputation. To be fair, arguments that NDAs have a chilling effect on healthy competition and are unfair to employees aren’t unfounded. Because NDAs are being universally deployed and are covering more and more types of internal information, many companies should consider alternative courses to protect their confidential information that do not rely solely on legal agreements. But companies solely relying on legal documents are ignoring a major fault of legal documents: they can only recover damages once damages are done.

The primary goal of this series is to convince companies to move away from just using NDAs as stand-alone agreements and instead train employees to respect and protect a company’s confidential information. With employee education and participation, NDAs should be a back-up source of protection while the employee themselves are the company’s frontline defense against disclosures.

This is why changing the confidentiality culture is imperative. Instead of treating employees as suspects from their first day, companies should consider employees as integral partners in protecting the company’s secrets.

About the Author

Jared Arcari, J.D. is a recent graduate of Fordham University School of Law. During his undergraduate career at New York University, Jared began working with startups and continues to advise founders to this day. While at law school, Jared took a particular interest in business law and entrepreneurial topics. Jared was the president of the Fordham Business and Law Association and the Entrepreneurial Law Society. When he isn’t writing about entrepreneurial topics, Jared also enjoys researching and writing about blockchain technology, smart contracts, and legal topics. To contact the author, please email him at jarcari@law.fordham.edu.

Disclaimer

This article is the opinion of the author in their individual capacity and not that of any organization associated with the author. Any information contained in this post is for informational purposes only. The information, opinions and commentary contained herein does not constitute legal advice or tax advice. This post is not a complete overview or analysis of the topics presented and may contain information that varies in different jurisdictions. The transmission of information to the reader does not create a lawyer-client relationship. The reader should not rely upon this post or treat it as a substitute for legal advice. The reader should consult a lawyer familiar with their particular circumstances and licensed in the proper jurisdiction for legal advice.

[1] https://www.nolo.com/legal-encyclopedia/nondisclosure-agreements-29630.html

[2] https://corporate.findlaw.com/litigation-disputes/it-s-only-an-nda.html

[3] https://corporate.findlaw.com/litigation-disputes/it-s-only-an-nda.html

[4] https://thenextweb.com/insider/2019/05/04/this-is-the-email-tesla-sent-employees-after-a-series-of-recent-leaks/

[5] https://www.legalzoom.com/articles/employment-confidentiality-and-non-disclosure-agreement-how-to-guide

[6] https://www.rocketlawyer.com/article/loose-lips:-what-to-do-if-a-nda-has-been-broken.rl

[7] https://thenextweb.com/insider/2019/05/04/this-is-the-email-tesla-sent-employees-after-a-series-of-recent-leaks/

[8] https://www.theatlantic.com/ideas/archive/2019/03/trumps-use-ndas-unprecedented/583984/

[9] https://www.law.upenn.edu/clinic/entrepreneurship/startupkit/intellectual-property-kit.pdf

[10] https://www.rocketlawyer.com/article/nda-101:-what-is-a-non-disclosure-agreement.rl

[11] https://hbr.org/2018/01/ndas-are-out-of-control-heres-what-needs-to-change

[12] https://fortune.com/2019/04/29/silicon-valley-nda/