So you’ve got your business partner, employees, and potential investors to sign your confidentiality agreement. Great, now all your confidential information is safe and sound, right? Wrong.
Signing your confidential agreement is only half the challenge of protecting your business information. The other half is enforcing it, a hassle often requiring an expensive and messy litigation process.
If you suspect that your confidentiality agreement has been breached and your company’s confidential information has been misappropriated (obtained through improper means), learn how to prepare to take action and mitigate potential losses to your company with this article.
- What Is a Breach of Confidentiality?
- How to Deal with Breach of Confidentiality (5 Steps)
- Ways to Protect Your Confidential Information
What Is a Breach of Confidentiality?
Before accusing anyone of it, you must clearly understand what constitutes a breach of confidentiality.
In simpler terms, if someone has obtained, exploited, or disclosed information deemed confidential — either by law or by a confidentiality agreement they have entered — they have breached confidentiality.
Breach of Confidentiality: Examples
Breach of confidentiality can take place in many fields of work, including medical, legal, and general business. Some common examples in the business field include:
- A disgruntled job candidate leaks information to the public, violating their interview NDA
- A competitor offers your employee compensation in return for trade secrets
- A former employee uses your client information to start their own competing company
It’s important to note that one can breach confidentiality without entering a confidentiality agreement.
Various kinds of information are confidential under federal and state laws (such as personal medical records and trade secrets), and you can be liable for the damages arising from a confidentiality breach even if you did not sign a confidentiality agreement.
If you suspect a confidentiality agreement violation from an employee or business partner, below are some steps you will likely need to take.
How to Deal with Breach of Confidentiality (5 Steps)
Step 1: Investigate and Gather Evidence
Note that the damaged party bears the burden of proof in a confidentiality breach case. This means that if you bring this matter to court, you are responsible for proving that the confidentiality violation actually happened, the violating party is liable for the breach, and you suffered damage from the violation.
Therefore, the investigation is essential when dealing with a confidentiality breach. The evidence you obtain will determine whether or not you can seek retribution and prevent further loss.
As litigation could be an excruciatingly long and costly legal process, you’d want to ensure you can win it before bringing the case to court. Here’s a list of what you need to consider.
Your confidentiality agreement is well-written and has a reasonable scope
If you have signed a confidentiality agreement (or other legal documents containing a confidentiality provision) with the breaching party, review it with your attorney before proceeding. There have been countless cases where judges eventually dismissed the effectiveness of poorly drafted confidentiality agreements. While standards of reasonableness vary among jurisdictions, you can get a general idea from the following guidelines:
- You have a reasonable interest in keeping the information protected;
- The duration of the period of confidentiality is reasonable;
- The purpose of the agreement is reasonable and clearly stated;
- The protected information is within a reasonable scope and isn’t any information usually excluded from being defined as “confidential information.”
You have proof of the breach
You have to have concrete evidence that the breach actually took place. The kind of evidence you need can vary depending on the circumstance; however, some commonly seen proof can include:
- The non-disclosure agreement you and the breaching party entered;
- Relevant documentation (i.e., a copy of the email sent to a third party containing confidential information);
- Financial records;
- Expert testimony;
- Witness testimony (i.e., if the information was leaked orally).
Make sure that the evidence you gathered can answer the following questions:
- Who is involved in the breach?
- What was the confidential information that was accessed/leaked?
- How was the information accessed/leaked?
- How was the confidential information used in a way that damaged you?
- What was the breaching party’s intention?
In addition, consider hiring an investigator to collect evidence that requires special skills or resources, such as forensic analysis, surveillance, or background checks of witnesses.
You can prove that you suffered a loss due to the breach
On top of proving that the breach happened, you also have to prove that you suffered loss caused directly by the breach — which can sometimes be very challenging, as it requires establishing a clear and convincing link between the breach and the specific harm or losses suffered.
The difficulty of proving causation can depend on several factors, including the complexity and nature of the loss, availability and quality of evidence, battling any counterarguments, and applicable laws. State laws vary on the legal standard required to prove causation, so the specific legal standard can also determine the difficulty level.
There was no lack of consideration
For a contract to be considered valid, there must be an exchange of “things of value” for both parties to gain something from it. This exchange is referred to as consideration.
If a judge finds that there was a lack of consideration when your non-disclosure agreement was signed, it could potentially impact the verdict as it could compromise the enforceability of the contract itself.
For example, A (employer) and B (employee) enter an employee confidentiality agreement upon hiring. The consideration exchanged would be A hiring B and B agreeing to the confidentiality agreement.
However, suppose the confidentiality agreement is signed after hiring. In that case, there may be a lack of consideration as B has nothing to gain by signing the confidentiality agreement, which was initially not part of the conditions of B’s employment.
You made reasonable efforts to maintain confidentiality
You must prove that you take proactive measures to protect your company’s confidential information. These measures can include appropriate labeling, physical and cyber security systems deployment, employee training, and many more.
If you fail to demonstrate your efforts in protecting the information, the court could deem you partially responsible for the breach.
In many cases, gathering enough evidence to connect all the dots could be highly challenging. Have an attorney review your non-disclosure agreement together with the evidence so that they can suggest the best course of action. If the evidence is substantial, proceed to the next step.
Step 2: Notify the Breaching Party
The next step is to notify the breaching party in writing that you have learned about the breach. The appropriate form of communication will depend on the specific circumstances of the breach and the desired outcome. Common options include a cease and desist letter, a demand letter, a mediation or settlement offer, or a letter from an attorney. Regardless of the type of written notice applied, the notice should contain the following information:
- A reminder of the details of the confidentiality agreement;
- A summary of the proof that the person has breached the non-disclosure agreement;
- Demand a specific action (usually to stop sharing/using confidential information);
- A warning of what will happen if the accused does not comply within a particular time.
After the breaching party receives your notice, you should allow them sufficient response time to review the allegations, seek legal advice if necessary, and then respond to you. The specific timeframe for a response may vary depending on the circumstances and the letter’s content.
Ideally, the breaching party should respond by taking responsibility for the breach and promptly addressing the situation in a manner consistent with the terms of the confidentiality agreement (assuming the breach did occur). However, if the breaching party does not acknowledge the violation or refuses to take appropriate corrective actions, you may consider proceeding to the next step.
Step 3: Determine the Damages
It’s time to measure how much dollar damage the breach has caused you so you can ask the breaching party to compensate you (or “legal remedies” in legal terms).
Calculating damages resulting from a breach of a confidentiality agreement can be a complex process, and the specific approach may vary depending on the circumstances of the breach. Here are some general steps you can take to calculate confidentiality breach damages:
- Identify the harm caused by the breach of the confidentiality agreement. This may include financial damages, such as lost profits or increased costs resulting from disclosing confidential information. It may also include types of non-financial harm, such as reputational harm.
- Determine the value of the information that was disclosed or misused. This can include the cost of developing the information or the potential revenue that could have been generated.
- Calculate the actual damages resulting from the breach. They may include lost profits, the reduced value of confidential information, or other costs incurred due to the breach.
- If applicable, consider punitive damages that may be awarded in addition to actual damages. Punitive damages aim to punish the party that breached the confidentiality agreement and deter future breaches. You may be awarded punitive damage if you prove the breach is intentional and malicious.
- Take appropriate actions to mitigate damages resulting from the breach.
Unfortunately, the damages awarded to you will likely not be sufficient to remedy your loss. The damage may be irrevocable once the cat is out of the bag.
Step 4: Take Legal Action
After calculating the damages, you and your attorney must discuss what legal grounds you have to sue the breaching party. Depending on your case, there are a few legal claims that you can make besides breach of contract.
Misappropriation of trade secrets
Charge type: Civil/Criminal
Penalty: Injunction; fines; royalty fees
Misappropriation of trade secrets is the improper use, disclosure, or acquisition of trade secrets. Even without a confidentiality agreement, company trade secrets are still protected under the Uniform Trade Secrets Act (UTSA) and the Defend Trade Secrets Act (DTSA).
Misappropriation of trade secrets can constitute a federal crime under DTSA and a state crime under some state laws. The damaged party can report the misappropriation to local law enforcement officials, and they can assist if the matter is reported as a criminal offense.
Consequently, the violating party may face serious consequences, including fines and jail time.
Breach of fiduciary duty
Charge type: Civil
Penalty: Actual damage; punitive damage (if applicable)
A fiduciary duty is a legal obligation to act in the best interests of another party due to a special relationship of trust, confidence, and reliance. This duty is often present in various relationships, such as business partners, company directors and shareholders, trustees and beneficiaries, or attorneys and clients.
For example, a contractor is legally obliged to act in an employer’s best interest when hired, which includes complying with confidentiality obligations.
If the contractor destroys the employer’s trust by breaching confidentiality, it can be considered that the contractor has violated their fiduciary duty, with or without a confidentiality agreement.
Patent or copyright infringement
Charge type: Civil (primarily)/Criminal (rare)
Penalty: Actual damage; statutory damage (if applicable); imprisonment (in severe cases)
An infringement of intellectual property takes the form of unauthorized use of copyrighted or patented works. Consider this claim if the disclosed or exploited confidential information concerns a patent you have filed or copyrighted works you have created.
Charge type: Civil/Criminal
Penalty: Actual damage; imprisonment (if applicable)
Conversion happens when someone takes your property and pretends they are the owner with full authority over it. If the breaching party stole your confidential information — including invention, design, or idea — and acted like they were the original owner, pursue this legal claim.
Charge type: Civil/Criminal
Penalty: Fines; imprisonment
Trespass generally refers to unauthorized entry or intrusion onto someone else’s property or premises. In the context of a breach of confidentiality case, an example of trespass could occur when a party gains unauthorized physical access to restricted areas or premises where confidential information is stored or handled.
Racketeer Influenced and Corrupt Organizations (RICO) Act
Charge type: Civil/Criminal
Penalty: Enhanced penalties, fines; imprisonment
The Racketeer Influenced and Corrupt Organizations (RICO) Act is a federal law that aims to combat unlawful activities of those engaged in corrupt organizations and organized crimes. Many offenses are defined as racketeering by the act, including theft, bribery, and fraud.
An individual can be charged with RICO violation when engaging in a pattern of racketeering activities connected to an enterprise.
If you have enough evidence to prove that the confidentiality breach is a malicious effort of an entire business entity, consider pursuing this claim. However, be mindful that RICO civil suits can result in very high legal fees.
Step 5: Receive Remedies
When the court rules in your favor once you present all evidence, it may award you different remedies that compensate for your loss or prevent the breaching party from further violation. Commonly seen remedies for a confidentiality breach includes:
A typical contractual remedy, actual damage (or compensatory damage), aims to provide you financial compensation for your actual monetary damages, which can include both your financial loss and the gains of the violating party resulting from the breach (unjust enrichment).
When calculating unjust enrichment, the aim is to restore the aggrieved party to the position they would have been in had the unjust enrichment not occurred.
The parties provide the evidence and arguments, but the court ultimately decides the amount.
As previously mentioned, punitive damage punishes the violating party for the violation. To be awarded such damage, you must demonstrate gross negligence or intentional misconduct, egregious conduct, and directly-caused actual harm.
The amount of punitive damage can vary across states. In states that have adopted the UTSA, punitive damages can be as much as twice the compensatory damages.
An injunction is a court order requiring a person to do or stop doing a specific action. Apart from litigation, the parties can agree to an injunction in mediation, mutual agreement, or a negotiated settlement. They could go through arbitration to obtain an injunction.
Sometimes, the confidentiality agreement also states how the parties can obtain an injunction.
An injunction can be an effective legal remedy in situations with a risk of ongoing harm or irreparable damage if the breaching party’s actions are not halted.
Once granted, an injunction is a court order that legally requires the breaching party to stop the specified activities or comply with certain terms outlined in the order.
The cost to obtain an injunction can vary significantly. It typically includes attorney fees, court filing fees, costs associated with gathering evidence, and any other legal fees related to the legal proceedings.
The time it takes to obtain an injunction will also vary. It depends on the court’s caseload, the complexity of the legal issues involved, and whether the breaching party contests the injunction.
In some cases, obtaining a temporary or preliminary injunction relatively quickly may be possible, providing immediate but temporary relief.
However, obtaining a final or permanent injunction can take longer as it is more involved.
Ways to Protect Your Confidential Information
As you can see above, acting on a non-disclosure agreement can be a complex process that exhausts time and money. That’s why it is crucial to proactively protect trade secrets and sensitive information instead of merely being reactive when misappropriation occurs.
Be selective with who you share information
One of the easiest ways to minimize risk is to only share confidential and private information with those motivated and capable of keeping it a secret.
Whether they are employees or business partners, whoever you share the information with should feel invested in keeping it safe.
Properly label confidential documents
Next, make sure that people are aware that a specific piece of information (product plans, customer lists, supplier lists, emails, etc.) falls under a non-disclosure agreement by appropriately labeling it with something to the effect of “THIS DOCUMENT CONTAINS CONFIDENTIAL INFORMATION OWNED BY [COMPANY NAME]. UNAUTHORIZED DISCLOSURE IS PROHIBITED.”
Law firms also suggest using additional safety measures like “electronic date and time stamps, tag lines, embedded code, digital certificates, watermarks, or metadata” to mark materials as confidential and to prove authorship.
Ensure that business partners protect your secrets
Lastly, before collaborating with another company, you must review their security protocol to ensure that they protect any sensitive information you share with them.
Emphasize the need to secure trade secrets and to guard your valuable business information as they would their own.
All of the above safety practices are simple but necessary ways to minimize the risk of a security leak and protect yourself if one occurs.
A confidentiality agreement is a crucial deterrence mechanism that helps prevent the loss of your company’s valuable trade secrets. However, when it comes to actually dealing with a confidentiality breach, the process can be challenging.
Don’t just wait for someone to break your confidentiality agreement. Be proactive about implementing the proper security measures to respond to an information leak appropriately.
Finally, when drafting your confidentiality agreement, ensure your documents comply with all state and federal laws.