So you’ve got your business partner, employees, and potential investors to sign your confidentiality agreement. Great, now all your confidential information is safe and sound, right? Wrong.
Signing your confidential agreement is only half the challenge of protecting your business information. The other half is enforcing it, a hassle often requiring an expensive and messy litigation process.
If you suspect that your confidentiality agreement has been breached and your company’s confidential information has been misappropriated (obtained through improper means), learn how to prepare to take action and mitigate potential losses to your company with this article.
- Even without a confidentiality agreement, violating confidentiality can lead to liability under various laws.
- For a successful confidentiality case, ensure your confidentiality agreement is valid, the breach is proven, and damages demonstrated.
- Courts may award actual damage, punitive damage, or injunctions in successful confidentiality breach cases.
- Minimize breach risks via controlled information sharing, proper document labeling, and stringent partner security checks.
- What Is a Breach of Confidentiality?
- How to Deal with Breach of Confidentiality (5 Steps)
- Ways to Protect Your Confidential Information
What Is a Breach of Confidentiality?
Before accusing anyone of it, you must clearly understand what constitutes a breach of confidentiality.
What is a breach of confidentiality?
Breach of confidentiality refers to “the unauthorized acquisition, access, use, or disclosure of confidential information that compromises the security, confidentiality, or integrity of the confidential information.”
In simpler terms, if someone has obtained, exploited, or disclosed information deemed confidential — either by law or by a confidentiality agreement they have entered — they have breached confidentiality.
Breach of Confidentiality: Examples
Breach of confidentiality can take place in many fields of work, including medical, legal, and general business. Some common examples in the business field include:
- A disgruntled job candidate leaks information to the public, violating their interview NDA
- A competitor offers your employee compensation in return for trade secrets
- A former employee uses your client information to start their own competing company
It’s important to note that one can breach confidentiality without entering a confidentiality agreement.
Various kinds of information are confidential under federal and state laws (such as personal medical records and trade secrets), and you can be liable for the damages arising from a confidentiality breach even if you did not sign a confidentiality agreement.
If you suspect a confidentiality agreement violation from an employee or business partner, below are some steps you will likely need to take.
What if someone merely demonstrates an intent to breach confidentiality?
Although highly dependent on the specific confidentiality agreement terms and facts of the actual situation, demonstrating an intent to breach confidentiality (i.e., copying down a secret recipe but not yet distributing it) will likely still be considered a breach. It may be less severe because the information was not disclosed, but the breaching party could still be sued.
How to Deal with Breach of Confidentiality (5 Steps)
Step 1: Investigate and Gather Evidence
Note that the damaged party bears the burden of proof in a confidentiality breach case. This means that if you bring this matter to court, you are responsible for proving that the confidentiality violation actually happened, the violating party is liable for the breach, and you suffered damage from the violation.
Therefore, the investigation is essential when dealing with a confidentiality breach. The evidence you obtain will determine whether or not you can seek retribution and prevent further loss.
As litigation could be an excruciatingly long and costly legal process, you’d want to ensure you can win it before bringing the case to court. Here’s a list of what you need to consider.
Your confidentiality agreement is well-written and has a reasonable scope.
If you have signed a confidentiality agreement (or other legal documents containing a confidentiality provision) with the breaching party, review it with your attorney before proceeding. There have been countless cases where judges eventually dismissed the effectiveness of poorly drafted confidentiality agreements. While standards of reasonableness vary among jurisdictions, you can get a general idea from the following guidelines:
- You have a reasonable interest in keeping the information protected;
- The duration of the period of confidentiality is reasonable;
- The purpose of the agreement is reasonable and clearly stated;
- The protected information is within a reasonable scope and isn’t any information usually excluded from being defined as “confidential information.”
You have proof of the breach.
You have to have concrete evidence that the breach actually took place. The kind of evidence you need can vary depending on the circumstance; however, some commonly seen proof can include:
- The non-disclosure agreement you and the breaching party entered;
- Relevant documentation (i.e., a copy of the email sent to a third party containing confidential information);
- Financial records;
- Expert testimony;
- Witness testimony (i.e., if the information was leaked orally).
Make sure that the evidence you gathered can answer the following questions:
- Who is involved in the breach?
- What was the confidential information that was accessed/leaked?
- How was the information accessed/leaked?
- How was the confidential information used in a way that damaged you?
- What was the breaching party’s intention?
In addition, consider hiring an investigator to collect evidence that requires special skills or resources, such as forensic analysis, surveillance, or background checks of witnesses.
What if confidentiality was breached accidentally?
Intent is not required for a breach to occur. Ignorance of the confidential nature of the information also does not necessarily completely absolve someone from liability for a breach. Of course, this will depend on the specific facts of the breach, but there can still be consequences for the breach, even if it was unintentional.
You can prove that you suffered a loss due to the breach
On top of proving that the breach happened, you also have to prove that you suffered loss caused directly by the breach — which can sometimes be very challenging, as it requires establishing a clear and convincing link between the breach and the specific harm or losses suffered.
The difficulty of proving causation can depend on several factors, including the complexity and nature of the loss, availability and quality of evidence, battling any counterarguments, and applicable laws. State laws vary on the legal standard required to prove causation, so the specific legal standard can also determine the difficulty level.
There was no lack of consideration
For a contract to be considered valid, there must be an exchange of “things of value” for both parties to gain something from it. This exchange is referred to as consideration.
If a judge finds that there was a lack of consideration when your non-disclosure agreement was signed, it could potentially impact the verdict as it could compromise the enforceability of the contract itself.
For example, A (employer) and B (employee) enter an employee confidentiality agreement upon hiring. The consideration exchanged would be A hiring B and B agreeing to the confidentiality agreement.
However, suppose the confidentiality agreement is signed after hiring. In that case, there may be a lack of consideration as B has nothing to gain by signing the confidentiality agreement, which was initially not part of the conditions of B’s employment.
You made reasonable efforts to maintain confidentiality
You must prove that you take proactive measures to protect your company’s confidential information. These measures can include appropriate labeling, physical and cyber security systems deployment, employee training, and many more.
If you fail to demonstrate your efforts in protecting the information, the court could deem you partially responsible for the breach.
In many cases, gathering enough evidence to connect all the dots could be highly challenging. Have an attorney review your non-disclosure agreement together with the evidence so that they can suggest the best course of action. If the evidence is substantial, proceed to the next step.
How much evidence is enough?
The court will only find the breaching party liable or guilty if you can provide “substantial evidence,” which by standards is defined as:
- Evidence directly related to the matter
- Evidence from a reliable and trustworthy source
- Evidence of sufficient quality and quantity to support a reasonable conclusion
- Evidence admissible within applicable laws (i.e., not obtained unlawfully)
- Evidence with probative value (i.e., evidence that can prove or disprove a fact or issue in dispute)
Step 2: Notify the Breaching Party
The next step is to notify the breaching party in writing that you have learned about the breach. The appropriate form of communication will depend on the specific circumstances of the breach and the desired outcome. Common options include a cease and desist letter, a demand letter, a mediation or settlement offer, or a letter from an attorney. Regardless of the type of written notice applied, the notice should contain the following information:
- A reminder of the details of the confidentiality agreement;
- A summary of the proof that the person has breached the non-disclosure agreement;
- Demand a specific action (usually to stop sharing/using confidential information);
- A warning of what will happen if the accused does not comply within a particular time.
After the breaching party receives your notice, you should allow them sufficient response time to review the allegations, seek legal advice if necessary, and then respond to you. The specific timeframe for a response may vary depending on the circumstances and the letter’s content.
Ideally, the breaching party should respond by taking responsibility for the breach and promptly addressing the situation in a manner consistent with the terms of the confidentiality agreement (assuming the breach did occur). However, if the breaching party does not acknowledge the violation or refuses to take appropriate corrective actions, you may consider proceeding to the next step.
Step 3: Determine the Damages
It’s time to measure how much dollar damage the breach has caused you so you can ask the breaching party to compensate you (or “legal remedies” in legal terms).
Calculating damages resulting from a breach of a confidentiality agreement can be a complex process, and the specific approach may vary depending on the circumstances of the breach. Here are some general steps you can take to calculate confidentiality breach damages:
- Identify the harm caused by the breach of the confidentiality agreement. This may include financial damages, such as lost profits or increased costs resulting from disclosing confidential information. It may also include types of non-financial harm, such as reputational harm.
- Determine the value of the information that was disclosed or misused. This can include the cost of developing the information or the potential revenue that could have been generated.
- Calculate the actual damages resulting from the breach. They may include lost profits, the reduced value of confidential information, or other costs incurred due to the breach.
- If applicable, consider punitive damages that may be awarded in addition to actual damages. Punitive damages aim to punish the party that breached the confidentiality agreement and deter future breaches. You may be awarded punitive damage if you prove the breach is intentional and malicious.
- Take appropriate actions to mitigate damages resulting from the breach.
Unfortunately, the damages awarded to you will likely not be sufficient to remedy your loss. The damage may be irrevocable once the cat is out of the bag.
Step 4: Take Legal Action
After calculating the damages, you and your attorney must discuss what legal grounds you have to sue the breaching party. Depending on your case, there are a few legal claims that you can make besides breach of contract.
Misappropriation of trade secrets
Charge type: Civil/Criminal
Penalty: Injunction; fines; royalty fees
Misappropriation of trade secrets is the improper use, disclosure, or acquisition of trade secrets. Even without a confidentiality agreement, company trade secrets are still protected under the Uniform Trade Secrets Act (UTSA) and the Defend Trade Secrets Act (DTSA).
Misappropriation of trade secrets can constitute a federal crime under DTSA and a state crime under some state laws. The damaged party can report the misappropriation to local law enforcement officials, and they can assist if the matter is reported as a criminal offense.
Consequently, the violating party may face serious consequences, including fines and jail time.
Breach of fiduciary duty
Charge type: Civil
Penalty: Actual damage; punitive damage (if applicable)
A fiduciary duty is a legal obligation to act in the best interests of another party due to a special relationship of trust, confidence, and reliance. This duty is often present in various relationships, such as business partners, company directors and shareholders, trustees and beneficiaries, or attorneys and clients.
For example, a contractor is legally obliged to act in an employer’s best interest when hired, which includes complying with confidentiality obligations.
If the contractor destroys the employer’s trust by breaching confidentiality, it can be considered that the contractor has violated their fiduciary duty, with or without a confidentiality agreement.
Patent or copyright infringement
Charge type: Civil (primarily)/Criminal (rare)
Penalty: Actual damage; statutory damage (if applicable); imprisonment (in severe cases)
An infringement of intellectual property takes the form of unauthorized use of copyrighted or patented works. Consider this claim if the disclosed or exploited confidential information concerns a patent you have filed or copyrighted works you have created.
Charge type: Civil/Criminal
Penalty: Actual damage; imprisonment (if applicable)
Conversion happens when someone takes your property and pretends they are the owner with full authority over it. If the breaching party stole your confidential information — including invention, design, or idea — and acted like they were the original owner, pursue this legal claim.
While conversion may sound a lot like theft, they are essentially different. Take Coca-Cola’s secret recipe as an example:
If John made a copy of the recipe, produced a product using the formula, and claimed that he owned the recipe, then that would constitute conversion.
If John stole the secret recipe from Coca-Cola’s database and factories, causing Coca-Cola to lose possession of the recipe entirely, it would be considered theft (even if John didn’t use the recipe in any way).
Charge type: Civil/Criminal
Penalty: Fines; imprisonment
Trespass generally refers to unauthorized entry or intrusion onto someone else’s property or premises. In the context of a breach of confidentiality case, an example of trespass could occur when a party gains unauthorized physical access to restricted areas or premises where confidential information is stored or handled.
Racketeer Influenced and Corrupt Organizations (RICO) Act
Charge type: Civil/Criminal
Penalty: Enhanced penalties, fines, imprisonment
The Racketeer Influenced and Corrupt Organizations (RICO) Act is a federal law that aims to combat unlawful activities of those engaged in corrupt organizations and organized crimes. Many offenses are defined as racketeering by the act, including theft, bribery, and fraud.
An individual can be charged with RICO violation when engaging in a pattern of racketeering activities connected to an enterprise.
If you have enough evidence to prove that the confidentiality breach is a malicious effort of an entire business entity, consider pursuing this claim. However, be mindful that RICO civil suits can result in very high legal fees.
How difficult is it to prove any of these legal claims?
Unfortunately, there is no straight answer to this question. It will vary significantly depending on the state, whether the wrongdoing is civil or criminal, and the specific circumstances of the misappropriation.
Step 5: Receive Remedies
When the court rules in your favor once you present all evidence, it may award you different remedies that compensate for your loss or prevent the breaching party from further violation. Commonly seen remedies for a confidentiality breach include:
A typical contractual remedy, actual damage (or compensatory damage), aims to provide you financial compensation for your actual monetary damages, which can include both your financial loss and the gains of the violating party resulting from the breach (unjust enrichment).
When calculating unjust enrichment, the aim is to restore the aggrieved party to the position they would have been in had the unjust enrichment not occurred.
The parties provide the evidence and arguments, but the court ultimately decides the amount.
As previously mentioned, punitive damage punishes the violating party for the violation. To be awarded such damage, you must demonstrate gross negligence or intentional misconduct, egregious conduct, and directly caused actual harm.
The amount of punitive damage can vary across states. In states that have adopted the UTSA, punitive damages can be as much as twice the compensatory damages.
An injunction is a court order requiring a person to do or stop doing a specific action. Apart from litigation, the parties can agree to an injunction in mediation, mutual agreement, or a negotiated settlement. They could go through arbitration to obtain an injunction.
Sometimes, the confidentiality agreement also states how the parties can obtain an injunction.
An injunction can be an effective legal remedy in situations with a risk of ongoing harm or irreparable damage if the breaching party’s actions are not halted.
Once granted, an injunction is a court order that legally requires the breaching party to stop the specified activities or comply with certain terms outlined in the order.
The cost to obtain an injunction can vary significantly. It typically includes attorney fees, court filing fees, costs associated with gathering evidence, and any other legal fees related to the legal proceedings.
The time it takes to obtain an injunction will also vary. It depends on the court’s caseload, the complexity of the legal issues involved, and whether the breaching party contests the injunction.
In some cases, obtaining a temporary or preliminary injunction relatively quickly may be possible, providing immediate but temporary relief.
However, obtaining a final or permanent injunction can take longer as it is more involved.
The limits of injunctions
Violating an injunction can result in serious consequences, including monetary penalties, contempt of court charges, and even imprisonment in some cases.
However, while an injunction provides legal recourse and can serve as a powerful deterrent, it may not guarantee absolute compliance from the breaching party.
In some instances, the breaching party may continue to violate the injunction, necessitating further legal action or enforcement measures to ensure compliance.
Ways to Protect Your Confidential Information
As you can see above, acting on a non-disclosure agreement can be a complex process that exhausts time and money. That’s why it is crucial to proactively protect trade secrets and sensitive information instead of merely being reactive when misappropriation occurs.
Be selective with whom you share information.
One of the easiest ways to minimize risk is to only share confidential and private information with those motivated and capable of keeping it a secret.
Whether they are employees or business partners, whoever you share the information with should feel invested in keeping it safe.
Properly label confidential documents.
Next, make sure that people are aware that a specific piece of information (product plans, customer lists, supplier lists, emails, etc.) falls under a non-disclosure agreement by appropriately labeling it with something to the effect of “THIS DOCUMENT CONTAINS CONFIDENTIAL INFORMATION OWNED BY [COMPANY NAME]. UNAUTHORIZED DISCLOSURE IS PROHIBITED.”
Law firms also suggest using additional safety measures like “electronic date and time stamps, tag lines, embedded code, digital certificates, watermarks, or metadata” to mark materials as confidential and to prove authorship.
Ensure that business partners protect your secrets.
Lastly, before collaborating with another company, you must review their security protocol to ensure that they protect any sensitive information you share with them.
Emphasize the need to secure trade secrets and to guard your valuable business information as they would their own.
All of the above safety practices are simple but necessary ways to minimize the risk of a security leak and protect yourself if one occurs.
A confidentiality agreement is a crucial deterrence mechanism that helps prevent the loss of your company’s valuable trade secrets. However, when it comes to actually dealing with a confidentiality breach, the process can be challenging.
Don’t just wait for someone to break your confidentiality agreement. Be proactive about implementing the proper security measures to appropriately respond to an information leak.
Finally, when drafting your confidentiality agreement, ensure your documents comply with all state and federal laws.