Disclosing Someone Else's Confidential Information

Here’s another confidentiality-agreement issue that I’ve been mulling over. I don’t recall having seen it discussed in the literature.

As I understand it, in a commercial context it’s commonplace for the disclosing party under a confidentiality agreement to disclose to the recipient information that the disclosing party is itself required to keep confidential under the terms of a confidentiality agreement with someone else. (Let’s call that other person “Acme”; let’s call the party disclosing Acme’s information the “Secondary Discloser.”)

Disclosure to the recipient might well be authorized in the Secondary Discloser’s contract with Acme, but on the other hand it might constitute breach. My question is, does the recipient care enough about the possibility of breach by the Secondary Discloser to want to address it in the confidentiality agreement with the Secondary Discloser?

Acme couldn’t successfully bring a claim against the recipient based on breach by the Secondary Discloser unless the recipient were aware that the Secondary Discloser had breached an obligation to Acme by disclosing to the recipient, or if the recipient were aware that its use of the confidential information goes beyond the use authorized in the Secondary Discloser’s contract with Acme. See Henry H. Perritt, Trade Secrets: A Practitioner’s Guide § 7:2 (“Strangers do not have implied fiduciary obligations to trade secret owners.); see, e.g., Imed Corp. v. Systems Engineering Associates Corp., 602 So. 2d 344 (Ala. 1992) (“[O]ne who loses a trade secret has no recourse against one who innocently received the trade secret. The sole recourse is against the misappropriator.”)

But even if you assume that management of the recipient is unaware of the obligation to Acme, what if its employees come to learn of that obligation in the course of receiving confidential information from the Secondary Discloser? That could conceivably constitute notice of breach by the Secondary Discloser.

Furthermore, according to Melvin F. Jager, Trade Secrets Law § 7:16, “The position of an innocent user of a trade secret for profit is difficult, as it should be, to sustain in court. Notice of the trade secret and its disclosure in breach of confidence need not be actual notice. It is sufficient that ‘a person of ordinary prudence would inquire as to the existence of a trust.'”

And if Acme successfully brings an injunction against the Secondary Discloser, it could succeed in bringing an injunction against the recipient, even if the recipient couldn’t be subject to damages for past use of the confidential information. Trade Secrets Law says, “At the very least, the service of a complaint for trade secret misappropriation on the allegedly innocent user would constitute effective notice of the breach of trust. An injunction against future use, and an accounting for damages resulting from sales after the service of the complaint, would be appropriate relief for the trade secret owner under such circumstances.”

So the possibility of breach by the Secondary Discloser of an obligation to keep information confidential would seem a legitimate issue. The recipient could seek to address it by asking that the confidentiality agreement with the Secondary Discloser make it an obligation of the Secondary Discloser not to disclose any information if that disclosure would constitute breach of an obligation of confidentiality that the Secondary Discloser owes to someone else. The recipient could go further by also asking the Secondary Discloser to indemnify it against any claims against the recipient based on any such alleged breach, the notion being that the Secondary Discloser wants no part of any squabble between Acme and the Secondary Discloser, no matter who has the better of any given argument.

What do you think?

About the author

Ken Adams is the leading authority on how to say clearly whatever you want to say in a contract. He’s author of A Manual of Style for Contract Drafting, and he offers online and in-person training around the world. He’s also chief content officer of LegalSifter, Inc., a company that combines artificial intelligence and expertise to assist with review of contracts.

8 thoughts on “Disclosing Someone Else's Confidential Information”

  1. It might be helpful to the hypothetical above if we talked about what you call the ‘disclosing party’ as the ‘secondary discloser’ or something like that (since my mind kept thinking of ‘disclosing party’ as the original discloser — Acme — the one who is damaged in your scenario). It was hard for me to follow the players in this game…

    • Michael: I changed “the disclosing party” to “the Secondary Discloser.” Better? (And one instance of “the disclosing party” should in fact have been “the recipient”; I fixed that.) Ken

  2. I’m still considering the implications of this, so this is a very preliminary comment. Do keep in mind that remedies for violations of a trade secret statute may be dependent on a number of elements, such as the existence of a proper contractual undertaking where appropriate. But, in spite of its relationship to the contract, trade secret remedies derive from a statutory cause of action and not from the contract. On the other hand, a straight violation of an NDA would be a breach of contract action (and would not itself depend on the existence of a trade secret statute).

    There are none-too-subtle differences between the two scenarios, not the least of which is the viability of third-party-beneficiary theory in a pure contract mode (versus the easier to make case in a statutory trade secret action against the third-party recipient, since that’s not dependant on making out the whole 3rd party-beneficiary claim). (Of course, in many cases the harmed party will sound out both theories at the same time, just to make it more difficult…)

  3. I don’t really see this as too much of an issue.

    First, most NDAs have a warranty or statement regarding the right of the disclosing party to actually disclose the information, something like: “The Disclosing Party warrants that it has the right to disclose Confidential Information actually disclosed by it to the Receiving Party.” Similar language is sometimes baked right into the definition of Confidential Information: e.g., means… information the Disclosing Party owns or otherwise has the right to disclose… .

    Second, it should be noted that the scope of use of the third party’s “trade secret” is likely not so expansive under the terms of the NDA. Most of the “innocent recipient” (IR) cases in which the IR is using the TS for profit will have a different factual scenario than one contemplated by an NDA. In those case, the IR gets the information without restriction to the Secondary Discloser. The Secondary Discloser usually inadvertently disclosed it in the first place. The IR then uses the TS for profit. The risk for the IR is that a court will force the IR to stop using the TS at the time it becomes aware of the TS nature.

    In our case, the disclosure is still going to be limited to use for the purpose of the NDA and usually only for the benefit of the disclosing party. And it’s not likely that the recipient could just go use the information for whatever purpose.* So there is little risk of an injunction to real business/profits outside the relationship with the secondary discloser .

    Finally, I don’t think that an indemnity is a good idea — and certainly not one that a disclosing party would accept without a fight. If there is an IR-using-a-TS-for-profit problem, then the type of liability will far outstrip the value of the NDA. In those case, you’re talking about consequential damages, harm to business and revenue, etc. And again since this use should almost entirely be eliminated by a proper scope of use, adding an indemnification is simply creating unnecessary negotiation.

    * To the extent the third party claim arises after the obligation of confidentiality expires, there might be a small risk. For example, the IR uses a third party’s TS after the 2 year obligation of confidentiality expires.

    • Mike: Your comment serves as a reminder that you can address some issues using different categories of contract language. I suggested language of prohibition; you suggested using a representation (in MSCDspeak). If disclosure is spread out over any period of time, language of prohibition might work best, but I’ll mull it over.

      And thank you for setting me straight by reminding me that in this context the recipient won’t be putting the confidential information to commercial use, which limits the risk. But what if the CI plays a part in whatever proposed transaction caused the Secondary Discloser and the recipient to enter into an NDA?


      • I think there are two things. First, if the TS from S.D. was important to the transaction (not just the NDA) then the recipient will likely have contract damages under both agreements for at least the reason that S.D. will not be able to fulfill its obligations under the contract.

        Second, the recipient will likely have to stop whatever commercial activity that arose out of the use of the TS. But the recipient will not have any liability to the original discloser for the use until they know, assuming an innocent recipient fact pattern. So, there should be no real additional liability if the recipient simply stops using the TS. As such, the damages will be limited to that business deal with S.D., and I don’t really see the “risk” any differently than one might see the risk of any other deal-ending breach by S.D..

  4. Dear all,

    This topic has probably dried up completely, but as I haven’t seen this challenge anywhere else on the net. What IF the information that the secondary discloser is willing to share (owned by the first discloser) isn’t confidential in the eyes of the first discloser, but is in fact of the second discloser.

    This can be the case for ex. for products that are sold through a distributor (intermediary) with documentation that discloses the name of the source. The intermediary would like to very much cover any knowledge of the source with a confidentiality agreement. This to make sure the end-customer doesn’t cut-out the intermediary.

    Any thoughts on this?


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.