Reprinted with permission from the January 2004 issue of the Intellectual Property & Technology Law Journal. Beyond the NDA: Digital Rights Management Isn’t Just for Music By Adam Petravicius and Joseph T. Miotke heft of proprietary information causes companies to lose to a particular project, little regard is given to whether the T billions of dollars each year.1 Yet to compete effective- information is actually needed for the project. ly, companies often must share their most valuable secrets Before sharing its proprietary information, a company with third parties, even their fiercest competitors. should carefully consider the scope of information that needs Companies routinely enter into non-disclosure agreements to be shared. This should be done both at the beginning of (NDAs) when sharing their proprietary information but then each relationship and periodically throughout the relation- forget about them shortly after they are signed, assuming ship. When doing so, a company should not just identify that their information is fully protected by the NDA. general categories of information to be shared but should However, there are a number of steps that companies should identify the specific information in each category. For exam- consider taking to protect their proprietary information after ple, if a company decides to share its customer information, signing an NDA. These steps range from simple steps, such it may not be necessary to disclose customer names; names as marking information appropriately, to sophisticated tech- could be withheld or replaced with random, unique identi- nological solutions, such as using digital rights management fiers. (DRM) software. One factor that should be considered when determining Although a well-drafted NDA provides significant legal which information to share is the scope of protection provid- protection to a company’s proprietary information, the best ed by the relevant NDA. For example, if an NDA requires protection is often non-legal security measures.2 Theft or information to be protected for only a limited time, a com- misuse of information is often difficult to detect and even pany should consider whether information to be disclosed more difficult to prove. Legal remedies may be expensive will have value beyond that time. When reviewing the scope and time-consuming to obtain and may not fully compensate of protection, a company should not just look at the duration a company for the harm that it suffers. On the other hand, of protection but also should look at terms regarding the a company may be able to implement security measures that handling of information. In some cases, a company may minimize the risk of theft or misuse in the first place. The decide not to disclose certain information until the NDA is cost of these security measures is relatively low when com- updated to protect the information adequately. pared to the staggering losses that could result from theft or A company may be able to make the process of selective misuse. disclosure more efficient by routinely categorizing its propri- etary information in advance of disclosure. The categories to Selective Disclosure be used should be selected to guide decisions regarding dis- The most effective method of preventing a third party closure. One or more categories may be used for informa- from stealing or misusing proprietary information is not shar- tion that should never be disclosed outside of the company. ing the information with it. Although collaborating with a Other categories may be used for information that should third party sharing some of a company’s proprietary informa- not be disclosed unless certain conditions are met, such as tion, companies often disclose more information than they written approval by specified individuals. Finally, categories should. Once an NDA is signed, companies frequently may be used to identify information that can be freely dis- engage in a free flow of information. Although the flow of closed as long as there is an appropriate NDA in place. information may be naturally limited to information relating Limiting the scope of information to be disclosed some- times means that information cannot be disclosed in the form Adam Petravicius is a partner in the Intellectual Property and that it is usually kept. Instead, a company will need to pre- Technology Practice of Jenner & Block LLP. His practice focus- pare the information in a different form (e.g., by redacting es on transactions involving intellectual property or technology, unnecessary information). This is a big reason why compa- including licenses, strategic alliances and joint ventures, and out- nies often disclose more than they should; they simply dis- sourcing agreements. Joseph T. Miotke is an associate in the close information in whatever form it exists at the time of dis- firm, focusing primarily on patent, trademark, trade secret, and closure. The costs of preparing information for disclosure copyright matters. Volume 16 • Number 1 • January 2004 Intellectual Property & Technology Law Journal 1 will need to be considered when determining what informa- above, calling attention to improper behavior. For example, tion will be shared. However, these costs are usually relative- consider a confidential document that is required to be kept ly small, especially for electronic information. in a certain room. If the document is only marked by use of the word “confidential” in its header, then removing the Proper Marking document may be as simple as covering it with another piece Although it should go without saying, many companies of paper. Removing the document would be much more dif- fail to mark their proprietary information appropriately.3 Yet ficult if it is printed on red paper and bound in a red note- companies may significantly reduce their risk of loss by tak- book with the word “confidential” appearing on the covers ing the simple step of appropriately marking their proprietary and sides of the binder and on the sides of the pages of the information as confidential. Marking information will likely document itself. prevent it from being inadvertently stolen or misused (e.g., In addition to marking information as confidential, a com- because the individual or company doing so did not realize pany may wish to include markings that specify restrictions the information was confidential). Perhaps more important- applicable to the information. In the red notebook example ly, it deters intentional theft or misuse by making it difficult above, the document would be much better protected if it for an individual or company to claim ignorance about the contained equally conspicuous markings indicating that the confidential nature of the information after being caught. document was not to be removed from the specific room. If For individuals acting on their own, 4 intentional behavior information is subject to numerous restrictions, it may be may also be deterred by the real, or even perceived, increase easier to include a reference to the applicable NDA or other in the likelihood of being caught because the markings may document that identifies the relevant restrictions. However, call attention to behavior that would otherwise go unno- referring to another document only works if the other docu- ticed. Finally, the terms of many NDAs require information ment is actually read. As a result, it may be preferable to to be marked in a certain way in order to be protected by the include all of the essential restrictions on the document itself, confidentiality provisions in the NDA. even if doing so requires attaching a separate instruction When marking its proprietary information, a company sheet (e.g., as a cover sheet). should do so in a manner that clearly and conspicuously iden- A company should take care not to mark information tifies it as confidential. At a minimum, this should include a indiscriminately. It should avoid marking as confidential prominent placement of the word “confidential” or similar information that is in fact not confidential or of little value to words on every page of information. A company should also it. By indiscriminately marking this type of information as consider adding its name or a project or code name next to confidential, a company may undermine the effectiveness of the word “confidential.” Doing so eliminates confusion marking its truly confidential information and, as a result, about the source of the information and the corresponding lose the benefits of marking described above. For example, restrictions that go with it. For example, an employee who it may be difficult for a company to rely on a marking to finds a document simply marked “confidential” may assume prove that someone knew its information was confidential it belongs to the employee’s own company (and not to the when the company has frequently put the same marking on competitor with which the employee’s company is collabo- publicly available information.5 Perhaps more importantly, rating). Although the employee will likely treat the informa- the individuals handling proprietary information (whether a tion in accordance with the company’s policies, this treat- company’s own employees or the employees of a third party ment may go far beyond what was permitted by the NDA to which information is disclosed) may stop treating informa- between the company and the competitor and may never be tion as confidential simply because it is marked as “confiden- detected by either the company or the competitor. The com- tial.” petitor could have avoided this situation by simply adding its Another form of marking that may be used for more sen- name to the confidentiality legend. sitive information is to apply unique numbers or other iden- A company should consider additional ways to identify its tifiers to each copy of information that is disclosed (e.g., a information as confidential and distinguish it from any other unique number on each copy of a document).