Keeping your information confidential
QUESTION: I’m thinking about selling my rental business and I’ve heard I should require potential buyers to sign a confidentiality agreement before I send them any information about my company. Do I have to do that? What if I don’t? What’s the big deal?
Answer: There is no law that says you must require a potential buyer to sign a confidentiality agreement or non-disclosure agreement (NDA), but let me give you an example of what can happen if you don’t.
Several years ago, I received a call from a prospective client who had previously received a very intriguing offer from a potential buyer who was willing to pay way over the current market value for his business. The potential buyer was well-known, extremely persistent and clearly had the financial wherewithal to buy the business.
In his excitement, the prospective client went ahead and disclosed to the potential buyer critical information, including lists of equipment, customers, rental rates and suppliers, without bothering to first have the buyer sign a confidentiality agreement — he was concerned that getting an attorney involved would slow the deal down.
Weeks then went by with no word from the buyer and when the previously exuberant seller finally called to follow up, he was told that the buyer had elected to go in another direction. A few months later, the buyer opened a new facility a few miles away and began soliciting away the seller’s customers. The now former potential buyer had a fleet of equipment that was remarkably similar to the seller’s fleet, but it was newer and priced just below the seller’s offerings and the seller did not have the funds to pursue a lawsuit. If this doesn’t sound familiar to you, ask around. It happens all the time.
How can you protect yourself? Start by getting a properly written confidentiality agreement signed by every potential buyer before you disclose anything about your business. Any potential buyer should be prepared to sign such an agreement — this is standard practice when buying and selling businesses. In all but the rarest of cases, if a prospective buyer refuses, you should walk away.
What do I mean by “properly written?” Assuming the buyer is willing to sign a confidentiality agreement, what should that agreement say? This is one of those areas where “forms” websites have done a disservice to the general public by creating the impression that there exists a single boilerplate that covers all types of confidentiality issues, despite the fact that so many different forms of these agreements are available. They differ because the issues differ. Some address employment or independent contractor relationships, investment relationships, other business sales and more. Using one incorrectly can be worse than not using one at all. Among other things, it can create a false sense of security and compel the user to disclose even more than he might have if he, even subconsciously, realized he was disclosing information that could be used to ruin his business.
Basic considerations for confidentiality agreements. This list is not comprehensive, but it’s a good place to start.
- Define “confidential information.” This needs to be carefully considered. Defining it too narrowly can allow important information to slip through the cracks and be deemed unprotected. Defining it too broadly can compel a court to throw it out, as an Illinois U.S. District Court did in Trailer Leasing Co. v. Associates Commercial Corp., et. al. The court refused to enforce the non-disclosure obligation, saying it was overly broad and unreasonable. Consider tailoring the definition to the transaction under discussion, such as “all information disclosed in connection with the [subject relationship/transaction]”, and then incorporating particular items, such as lists of equipment, rental rates, suppliers, employees and customers.
- Establish a term or confidentiality period. Depending on what you anticipate being asked to disclose, the term of your confidentiality agreement should reflect how long any wrongful use or disclosure of such information could reasonably be expected to harm your business. Most disclosing parties would reflexively argue that the term should be perpetual. However, a court may refuse to enforce what it perceives to be an unreasonably lengthy or burdensome confidentiality requirement, as the court did in Lasership, Inc. v. Belinda Watson and Midnite Air Corp., with respect to a confidentiality provision that extended “for the rest of [the employee’s] life.” Some states, for example, New York and Illinois, may, in certain cases, limit such agreements in order to avoid invalidating them altogether. This is known as the “blue pencil” rule. But there is no guarantee a court actually will do so and you may be forced to spend thousands of dollars in attorneys’ fees to find out. Information that can fairly be characterized as a trade secret is typically granted greater protection. Consequently, trade secrets are commonly protected in perpetuity.
- Limit subsequent disclosure. Generally, the recipient should be required to restrict further disclosure of the confidential information to those of its employees and advisors who have a bona fide need to know the information, as opposed to just anyone in the recipient’s organization, which tends to invite leaks. Those people within the recipient’s organization who do receive copies or portions of your confidential information should be advised of its confidential nature and be required to maintain its confidentiality as well. Get their agreements to do so in writing whenever possible.
- Limit use. Often overlooked, the recipient’s use of your confidential information can be more damaging than unauthorized further disclosures. In the example outlined above, it was the recipient’s presumed use of the prospective seller’s confidential information that gave rise to the majority of the damage suffered by the seller. A confidentiality agreement should expressly prohibit the recipient’s use of the disclosing party’s confidential information for any purpose other than the current engagement, transaction, etc., if the agreement is to be useful operationally, not to mention legally.
- Require return or destruction. If and when the relationship terminates — for example, if a buyer backs out or an employee resigns — he or she should be required to return your confidential information and delete all digital/electronic copies. The disclosing party also may want to retain the option to require destruction, rather than return, of all or portion(s) of such confidential information. If so, the recipient should be required to certify such destruction in writing.
- Exclusions. Despite the disclosing party’s desire to protect all of its information as comprehensively as possible, some information simply will not be completely protected. For example, a recipient may be required by judicial order to make limited disclosures of such information for evidentiary purposes. Knowing this, a proper confidentiality agreement should give the disclosing party the right to oppose such disclosure and seek a protective order before any such disclosure is made.
- Recipients who are or may at some point in the future be subject to regulatory action and/or disclosure requirements, such as public companies may insist on retaining archival copies of confidential information in order to comply with such requirements. A disclosing party may have no choice but to permit this in some cases if a transaction is to proceed. If so, carefully restrict further disclosure and permissible uses of such information — permitting its use for procedural purposes alone, without for example, requiring proof of an associated regulatory requirement, arguably renders the confidentiality obligation toothless and can leave a disclosing party with little or no protection. Be sure to extend the term of the confidentiality agreement to cover any and all archival copies for as long as they might be retained.
- Define remedies for breach. Remedies for breaches of confidentiality obligations are notoriously difficult to enforce, partly because proof that the owner of the confidential information actually suffered any monetary damages can be elusive. In some cases, the best the owner can hope for is to drag the offender into court and make life difficult for a while. For that reason, including a provision enabling the owner to also obtain injunctive relief — the ability to enjoin, such as obtaining a court order or injunction directing the offender to cease and desist from further improper use and/or disclosure of confidential information — preferably without the necessity of posting a bond, is critical. The right of the prevailing party to recover attorneys’ fees and court costs always should be part of the agreement as well.
- Extend during breaches. If the confidentiality agreement expires within a stated period — usually three to five years for information other than trade secrets — be sure to include a provision automatically extending the term for the duration of any breach(es) by the recipient(s). Otherwise, you may face a situation where the agreement expires during litigation, leaving you in a kind of “no-man’s land” with respect to enforcement.
Confidentiality agreements are deceptively complex. Getting this wrong can leave a recalcitrant employee, prospective buyer, contractor or other recipient of your sensitive business information free to use it for almost anything, which can and often does destroy businesses..