A standard element of confidentiality agreements is exclusions from the definition of “Confidential Information.” They’re sufficiently inevitable that longtime reader Michael Fleming refers to them as “The Four Romanettes®.”
I’ve been mulling over one of them, the exclusion for information that becomes public. Actually, that’s just one way of phrasing it. Here’s a range of alternatives:
- information that is or becomes public
- information that is or becomes publicly available
- information that is or becomes in the public domain
- information that is or becomes generally known to the public
- information that is or becomes widely available to [the software industy]
The first version is the simplest possible; the second, third, and fourth versions were offered in Brian D. Bowden, Drafting and Negotiating Effective Confidentiality Agreements, 59 Tex. B.J. 524, 526 (1996). (I learned about this article from Michael Woronoff’s chapter on confidentiality in Negotiating and Drafting Contract Boilerplate.) So, what are the implications of these different versions? Let’s consider them one at a time.
First, what does it mean to say that information is “public”? Black’s Law Dictionary (9th ed. 2009) gives as a definition of public “Open or available for all to use, share, or enjoy.” According to this definition, what matter is not how widely known the information is, but whether it’s available.
Let’s consider what “available” means. If I create a website, make no effort to publicize it, and put some information on that site, is the information available? In theory, anyone with an internet connection has access to it, but it would be hopelessly literal-minded to say that that’s enough to make the information available. To make sense, the notion of availability has to mean not just that I can access the information but also that I’m aware that the information exists and where to get it. I haven’t come up with a way of articulating that meaning more explicitly than does “available.”
And what about “available for all”? Does that mean that for a given piece of information to be public, everybody—every human on the planet—would have to know that it’s available? That’s a hopeless standard; I’d replace it with “widely available.”
Furthermore, when you’re considering how widely available, you have to consider community. If the information in question relates to quantum mechanics, it will never be widely available to every human on the planet. (Mind you, almost nothing could meet that standard.) Instead, what you should consider is whether it’s widely available in a given community. For purposes of a confidentiality agreement, perhaps the appropriate community is whatever industry might want to make use of the information in question.
What about the second version, using “publicly available.” That’s no more informative than “public.” I’ve seen the variant “generally publicly available”; that would seem to be a wordier version of “widely available.”
As for the third version, “in the public domain” has no bearing on how widely available any given information is. Instead, it means that the information isn’t protected by intellectual-property rights and so can be used by anyone free of charge. That would represent an irrationally narrow exclusion from the definition of “Confidential Information,” so I propose not offering it as a Koncision option.
As for the fourth version, I agree with Bowden that requiring that information not only be available but also be actually known represents a more demanding standard. But I don’t think the distinction is meaningful, so I don’t have in mind incorporating that standard in Koncision’s confidentiality-agreement templates.
The fifth version? That’s what I’m contemplating using in Koncision’s confidentiality-agreement templates. Of course, it remains a vague standard—how wide is “widely”?—but there’s no getting around that.
10 thoughts on “When Does Information Become Public?”
Regarding the fifth version, that’s a two-edged sword if not tempered by some other language (e.g. becomes widely available to [insert industry] without an obligation of confidentiality). Even then, I’d be tempted to avoid it because it introduces a question similar to the “person having ordinary skill in the art” question in patent law that itself is a difficult question on which to get agreement.
Whether number five makes any sense may depend on the market.
Frankly, my drafts always go with some flavor of number 2. It’s usually some form of: “is or becomes publicly available [through no fault of receiving party | by a third party without an obligation to keep such information confidential | both ].” I have seen people use “publicly accessible” which itself seems to indicate that you have to be able to get it.
I’ll throw out one other note, in some contexts (think market data, databases, testing results, etc.), the information in its individual constituent components may be “publicly available” but the information in total, the computations run on that information, the analysis of that information, etc. may not be. Those analysis and computations may be nothing more than common statistical methodologies applied to public information, but I’d wager that the “generator” of that information would want it treated as confidential if lots of time and energy went into making such information.
In this case it may be important to note that even if the constituent parts of the information are publicly available that does not move the entirety of the information into the non-confidential pile.
Mike: You might be conflating two standards, the “public” one and one geared to what the recipient knows. The latter is the one that refers to whom the recipient received the information from. I don’t think that works when you’re referring to something as amorphous as public knowledge.
And I’m not sure I share your concern regarding limiting the universe to a given industry. The same analysis applies, just to a smaller pond.
Regarding your entirety-of-the-information issue, do you want to propose some language?
What’s wrong with using “known” instead of “available”? I agree with your analysis of “available.” Information could be available to all in some sense, but if no one has actually received it, then I don’t think the exception should apply. I don’t see how modifying it with “widely” and an industry qualifier changes that. The real question is whether the information has actually become known to others.
I have tended to use “publicly known,” which is narrower than “generally known to the public.” However, after reading your post, I would consider something like “known to others in the ___ industry.”
Anne: I see two alternatives: The exception could apply if a wider population knows the information, or it could apply if the wider population is aware of where you can get the information. I think it would be fair to have it apply in the latter context. And the latter context perhaps poses less of an evidentiary problem. Ken
I am not sure that I like the use of the qualifier “widely” that you propose. To me that is an ambiguous term. If you want to use “widely” how do we define it – number of people, geography, level of knowledge, role? And if we say widely available within an industry, then that implies dissemination, publication and actual knowledge. Even if something is known or available to only a small part of an industry (i.e. not widely available) why should that not be considered non-confidential public knowledge if they could in theory act on it or use it? I fail to see the distinction. As to the need for it to be available to all in order for it to be public, if information is posted on a website and its content can be searched and obtained by a search engine, why is that not available to all? Why does it need more active publication and dissemination within an industry? Is it any different from an obscure law review article that nobody widely reads, but someone could in theory find and cite? The fact that the information is publicly available (even if not widely read) to me makes it non-confidential. I don’t see why it has to be known or available to people within an industry to qualify as non-confidential.
Pieter: Widgetco has a trade secret, the formula for WidgetFizz. A disgruntled employee posts the formula on a website, but inadvertently makes the site invisible to search engines and doesn’t otherwise do anything to spread the word. Should that be sufficient to make the formula fall under the “public” exception to the definition of confidential information? Ken
Ken, I’m not a web expert, so presuming one can “publish” a web site that is never crawled by a bot, never cached or indexed by any web search engine, and is therefore completely invisible and without trace, then I would not consider the information to be publicly known or available for the purposes of falling under a “public” information exception in a confidentiality agreement. Is that a realistic scenario? That hypo sounds like storing a file on your personal hard drive that nobody else can see or access. However even assuming the trade secret of Widgetco was published and available on the web, my understanding is that nobody in the industry would be able to rely on the “public” exception in order to use it, as the misappropriation and improper use of a trade secret would subject them to damages, lost profits, etc under the Uniform Trade Secrets Act or equivalent. Pieter
Pieter: No, my scenario isn’t realistic. But imagine that the information becomes, by degree, more accessible. At what point do you say that it’s accessible enough to be considered public? I don’t see that there’s any way to avoid drawing an arbitrary line at some point. And forget about misappropriation; what if the information was independently developed by the individual in question? Ken
Usually, the fact that the trade secret made it to the public domain because of malfeasance of someone who was supposed to keep it confidential would not remove the confidentiality of such trade secret
Here is my spin on it.. Just because something is on the Internet, does not mean that it is Public Knowledge. According to http://www.sciencefocus.com/
One way to answer how much information is on the Internet is to consider the sum total of data held by all the big online storage and service companies like Google, Amazon, Microsoft and Facebook. Estimates are that the big four store at least 1,200 petabytes between them. That is 1.2 million terabytes (one terabyte is 1,000 gigabytes).
Ultimately to state that something is Public Knowledge because it is on the available on the internet, would be without diligence, and a contradiction as we’re all using the Internet for research purposes..
I would say in a case where a party to contends that something is Public Knowledge, the party would have to bring substantive proof . In other words, let say a company is accused of breaching confidentiality by sharing it with others, it would have to prove that at least everyone of those it shared it with, had knowledge thereof.
Example, one cannot even state that the presence of companies like Google or Microsoft, being Public Knowledge, since millions of people is desolated areas may not know of them..
Possibly the only thing in this world that can be described as Public Knowledge is that there is such a thing as water or oxygen, all the rest would have to be proved.