What Are the Limits of Nondisclosure Agreements and the Security Implications for Your Company?
“It’s fine, I got a nondisclosure agreement.” I heard that recently from a friend who’d revealed his source code for a new software to a contractor and it made me flinch. We tend to put a little too much credence into the power of the nondisclosure agreement. While it has a deterrent effect, it doesn’t prevent someone from disclosing confidential information about your company. It just creates recourse for you if they do.
But really, how much recourse is there? In the case of the disclosure of intellectual property, a company can lose millions—even billions. Suing the individual for violating the agreement isn’t going to recover those lost funds. While a non-disclosure agreement is a good step toward protecting your intellectual property, it’s the last step. The first is hiring people who are trustworthy enough to handle that confidential information.
What Does A Nondisclosure Agreement Really Cover?
Nondisclosure agreements are basic contracts that just about everyone has signed at one point or another. In essence, it’s an agreement between two parties that the receiver won’t reveal any of the discloser’s confidential information. It also outlines what will happen if the agreement is violated. But, here are a few things it doesn’t do:
- It doesn’t prove the case – If your confidential information is released by the person who signed the agreement, the burden is on you to prove it in a court of law. While this might be straightforward, like if the individual outright stole and sold your ideas, it can sometimes be much more complicated. Say, for example, the individual sells that information to a third party, who sells it to another company. You may not learn about it until years after the breach. By then, the damage is already done.
- It doesn’t cover things not specifically listed – Your nondisclosure agreement can’t just be a blanket statement about all your company information being confidential. Instead, you must specifically list the information your company considers confidential and clearly identify how it’s to be used. If you overlook something, you can’t just claim it was part of the overall project and you might not have legal recourse.
- It doesn’t guarantee you full recovery – If someone violates a nondisclosure agreement, you’re permitted to sue them for damages that occur from that disclosure. However, if the individual doesn’t have the money to cover those damages, even if you win, all you’ll have is a piece of paper saying you’re owed money. In addition, it’s going to cost you money to enforce the agreement. Intellectual property lawsuits are expensive.
- It doesn’t protect you in all jurisdictions – Nondisclosure agreements may not be enforceable if you’re signing them with someone not based in the US. The laws in other countries are different and may block you from obtaining damages for a violation.
Really, the only certainty a nondisclosure agreement offers you is its deterrent effect. It makes someone think twice about using your confidential information for personal gain. It’s the last step in deciding if you want to work with someone. If they balk at signing the NDA, then you should be concerned that they won’t adhere to it. However, your best bet is to thoroughly vet them ahead of time and watch for the red flags that show they may be a risk for your intellectual property.
Red Flags to Watch For in Protecting Intellectual Property
Intellectual property could be the most valuable property your company holds. Protecting it means consistently investigating all the people your company works with, not just before you start work, but throughout your entire contract with them. When looking for confidential disclosure risks you want to:
- Seek out the threats in your ranks – A RDaaS (Risk Data as a Service) program can help you locate high-risk individuals who your company works with by automatically monitoring for high-risk activity. High-risk activity may include:
- Arrests for theft or fraud – You should regularly check backgrounds throughout your contracts with employees and third parties to ensure that they’re not engaging in fraudulent activity outside of work which may make them a higher risk for intellectual property theft.
- Deception during standard interviews – A good way to collect risk data is to use Remote Risk Assessment as a means of spot-checking for leaks in your organization. RRA allows you to conduct remote interviews to check for concerns regarding individuals disclosing confidential information. It can be used as part of a RDaaS program to find areas of high risk in your company.
- Sudden unexplained absences or a decrease in work ethic – If an employee is getting ready to sell confidential information, they may start using up their sick time or not put much effort into their work. After all, if they’re about to make money selling your intellectual property, they really aren’t worried about keeping their job.
- Consistently monitor access to confidential information – If the disclosing party doesn’t make a concentrated effort to prevent the leaking of confidential information, the NDA may not be enforceable. As such, you need a strong password management system in place to show this information is protected.
- Respond to all concerns immediately – If there is an issue with a potential leak, you need to have a lockdown system in place to close off the ability to gather confidential information. If you believe that an NDA has been violated, then you need to follow the terms of the contract to show that your company takes these issues seriously.
Risk Data as a Service is a process that can help you monitor for the risk of IP theft before the NDA is violated. The NDA won’t protect you from everything. It just gives you recourse after the agreement is violated. To prevent these violations in the first place, AC Global provides Remote Risk Assessment technology which can be used as part of a Risk Data as a Service program. Contact us to learn more.