Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/-940x300.) is not within the allowed path(s): (E:\vhosts/ejupes.adv.br\;C:\Windows\Temp\) in E:\vhosts\ejupes.adv.br\httpdocs\wp-content\themes\ejupes\include\plugin\filosofo-image\filosofo-custom-image-sizes.php on line 146

NDAs

Brazil – Your standard Non-Disclosure Agreement probably is a clawless tiger

By James P. Bartolomé[1] (jamesb@ejupes.adv.br)

 

Highlights:

  • It is routine for companies to sign non-disclosure agreements (NDA). Usually NDAs have a standard text copied or slightly modified from templates used by US companies.  This fact results in that the wording of many NDAs does not take into account the legal protection afforded to trade secrets under the laws of Brazil.
  • Furthermore most of such templates fail to address key precautions required when disclosing trade secrets.
  • In Brazil, because the unauthorized use or communication of a trade secret is illegal the customary provision in the NDA stating the obligation of a party not to communicate a trade secret disclosed by the other party is actually redundant.
  • But the fact that the unauthorized use or communication of a trade secret is illegal is not sufficient to assure effective enforcement. It is necessary to produce evidence of the infringement and of the defendant’s responsibility.  Because in many situations the trade secret is not used in a plain manner or not by the party to which the trade secret was originally disclosed, producing sufficient evidence of the unauthorized use or communication of a trade secret can be quite challenging.
  • Therefore the appropriate focal point of a NDA is to establish the contractual obligation of the receiving party to follow certain information security procedures that will make easier to detect and prove an unauthorized use or communication of a trade secret. By establishing the contractual obligation of the receiving party to follow a particular security program or at least to take certain explicit security measures the NDA adds value by creating a useful contractual obligation as opposed to the mere repetition of a legal duty.
  • If properly carried out security programs or basic security measures will produce digital evidence and paper trail on who/when/why accessed which confidential data. The findings thereof can then be employed in order to track and produce admissible evidence of unauthorized use or communication of the confidential information.
  • An additional point of focus for an effective NDA is to establish a material penalty in the event of a breach. This is very important because recovering damages in trade secret litigation can be quite difficult.  In most cases the damages correspond to lost profits, the uncertain nature of which make it difficult to calculate a reasonable certain claim.
  • Therefore, in Brazil (and other Civil Law jurisdictions) an effective NDA must include a material penalty clause so as to ensure a minimum meaningful recovery regardless of the feasibility of determining a damage figure.

It is routine for companies to sign a non-disclosure agreement (NDA) in situations such as preliminary negotiations for some possible business, and before or at the time of execution of various kinds of contracts like research and development, teaming, franchise and IP licensing agreements.  Here, the stated purpose of the NDA is to prevent the unauthorized use of trade secrets to be disclosed by one or all the parties involved.

Usually the NDAs have a standard text copied or slightly modified from templates used by US companies.  This fact results in that the wording of many NDAs does not take into account the legal protection afforded to trade secrets under the laws of Brazil.  Furthermore most of such templates fail to address key precautions required when disclosing trade secrets.

This paper will argue that many template NDAs used in Brazil focus on redundantly stating the obligation not to use or communicate trade secrets without authorization (from the disclosing party) while overlooking the adherence of the parties to security procedures that will ease the (considerable) burden of proving the actual unauthorized communication or use of a trade secret.

The unauthorized use or communication of a trade secret is a criminal offense in Brazil

Brazil’s Patent and Trademark Law[2] (PTL) provides criminal penalties for the unauthorized use – including use with intent to profit – or communication of a trade secret obtained by virtue of a contract (including employment) or by use of improper means.  In addition, the statute grants to the owner of a trade secret the right to bring a lawsuit against the infringer as well as to seek injunctive relief against the infringing use or communication of a trade secret. [3]

The PTL does not provide a definition of what a trade secret is.  It does exclude expressly (i) data and information on public domain and (ii) subject matter that is obvious to an expert in the related field.

Opinions from scholars[4] developed the concept of trade secret so that it comprehends two kinds of intangible assets:

  • industry secrets: a product, formula, machine, process, technical solution or improvement the owner of which decides to maintain secret (in most cases because it is not patentable or copyrightable);
  • business secrets: client lists, supplier lists, commercial strategies and solutions that will benefit a third party that gains knowledge of them.

The legal protection afforded to trade secrets is different from that granted to patents, trademarks and copyrighted works.  The owner of a patent, trademark or a copyrighted work enjoys the exclusive use of the same.  The owner of a trade secret only has the right to oppose to certain acts of competition held to be illegal but not to the legitimate use of the same subject matter by a third party.

What should be the focus of the NDA?

In Brazil, because the unauthorized use or communication of a trade secret is illegal the customary provision in the NDA stating the obligation of a party not to communicate a trade secret disclosed by the other party is actually redundant.  Its inclusion in the agreement can only be justified as a reminder to the parties’ lay personnel that such an act is illegal.

The question thus is:  is there a real benefit in signing a NDA in Brazil?  The answer is yes.

The fact that the unauthorized use or communication of a trade secret is illegal is not sufficient to assure effective enforcement.  It is necessary to produce evidence of the infringement and of the defendant’s responsibility.  Because in many situations the trade secret is not used in a plain manner or not by the party to which the trade secret was originally disclosed, producing sufficient evidence of the unauthorized use or communication of a trade secret can be quite challenging.

This is especially true in the case of industry secrets.  The receiving party can use the product, formula, machine, process or technical solution:  (i) in a different product or service, or (ii) modified so as to circumvent enforcement.  These tactics can pose a significant obstacle to the production of clear and convincing evidence of the infringement.

The above facts indicate the appropriate focal point of a NDA:  to establish the contractual obligation of the receiving party to follow certain information security procedures that will make easier to detect and prove an unauthorized use or communication of a trade secret.

Security programs:  creating trails of Evidence

By establishing the contractual obligation of the receiving party to follow a particular security program or at least to take certain explicit security measures the NDA adds value by creating a useful contractual obligation as opposed to the mere repetition of a legal duty.

A security program establishes policies for the proper custody, handling and protection of the confidential information.  It typically comprehends:  (i) policy statements applicable to the company’s personnel;  (ii) requirements that describe what the employees must do in order to comply with the policies and (iii) specific implementation steps.  The NDA must indicate what security program the receiving party is to comply with.  In doing so it may refer to a specific program such as the ISO27002, the (US) National Institute of Standards and Technology (NIST) Information Security Documents or Harvard’s Information Security Policy, or a bespoke program agreed upon by the parties.

If the parties are disinclined to take the responsibility of compliance with a full-fledge security program the NDA should at least establish the obligation of the receiving party to follow some specific basic security measures.  A simple security procedure is, for example, to maintain an accurate and updated list of the people that actually gained access to the confidential information, to be delivered to the disclosing party upon request.

To the extent they are properly carried out the above referred security programs and basic security measures will produce digital evidence and paper trail on who/when/why accessed which confidential data.  The findings thereof can then be employed in order to track and produce admissible evidence of unauthorized use or communication of the confidential information.

The difficult task of recovering damages in trade secret Litigation

There is an additional point of focus for an effective NDA:  to establish a material penalty in the event of a breach.  This is very important because producing sufficient evidence of the infringement is not the only difficulty in trade secret litigation.  In most cases the damages sought by the plaintiff correspond to lost profits (i.e., the amount of profits that would have been made on the commercial exploitation if defendant had not used or communicated the trade secret).  Here, plaintiff must produce evidence – facts, sums, calculation criteria – adequate to base a value judgment and set a damage figure.

The uncertain nature of lost profits however makes it difficult to calculate a reasonable certain claim.  The most persuasive types of evidence, such as verifiable data, corroborated profit history and comparative profit performance, may not be available in cases involving unreleased products;  on the other hand, evidence that involves a substantial degree of speculation or opinion may be held by the court as too uncertain to substantiate a recovery.

Civil law systems – like Brazil’s – provide mitigation against the risk of uncertain damages:  the penalty clause.  Differently from Common Law, Civil Law allows the penalty clause (i.e., a monetary charge unrelated to actual harm that can be assessed against the defaulting party) thus enabling the parties to an NDA to contractually ensure a minimum recovery in case of a breach of the obligation of confidentiality (and) or of the obligation to comply with a security program or explicit security measures.

Therefore, in Brazil (and other Civil Law jurisdictions) an effective NDA must include a sizable penalty clause (the amount of the penalty must be proportional to the background deal or the parties’ business, under pain of being considered “manifestly excessive” and reduced by a court of law[5]).  This way the NDA adds value by ensuring a minimum meaningful recovery to the aggrieved party regardless of the feasibility of determining a damage figure.

Confidential information communicated under a NDA must be labeled as Such

Lay personnel tend to believe that any and all information disclosed under a NDA constitutes a trade secret that cannot be used or communicated without authorization.  Litigation however shows that defendant usually challenges the characterization of plaintiff’s data/information as a trade secret, leading to factual review of the claim at trial.  In establishing whether the data/information is in fact protectable as a trade secret there will be a good deal of focus on the circumstances surrounding its disclosure to the defendant;  here, the fact that the information was or not marked as confidential will play a relevant role in presenting a persuasive case.  Therefore, it is very important that the confidential information disclosed under a NDA is expressly identified as being confidential in the manner and for the purpose of the NDA.

The effective NDA:  wrap up

In Brazil, a NDA that is worth the paper it is printed on must:

  • establish the contractual obligation of the receiving party to follow a particular security program or at least to take certain explicit security measures;
  • include a sizable penalty clause for breach of the obligation of confidentiality and/or of the obligation to comply with a security program or explicit security measures.

Rio de Janeiro, May 18, 2015.

Doubts, clarification or just more information?

Contact:  jamesb@ejupes.adv.br

IMPORTANT:  this article is for informational purposes only.  Persons receiving the information on this article should not act without seeking professional legal counsel.

©James P. Bartolomé.  2015.

 

You are free to copy, distribute and display the work under the following conditions:

attribution
Attribution. You must give the original author credit to Escritório Jurídico Elísio de Souza.

 

noncommercial
Noncommercial. You may not use this work for commercial purposes.

 

no-derivatre
No Derivative Works. You may not alter, transform, or build upon this work.

 

For any reuse or distribution, you must make clear to others the license terms of this work.

 

[1] Partner in the Business Legal Services Group of the law firm Escritório Jurídico Elísio de Souza

[2] Law Nº 9279/96.

[3] Chapters VI and VII of Law Nº 9279/96.

[4] In Civil Law jurisdictions (like Brazil) legal treatises and other publications are secondary sources for legal research.  Statutes, orders and regulations from the (Federal/State/Municipal) Executive or Legislature and court binding and nonbinding precedents are primary sources.

[5] Art. 413 of Brazil’s Civil Code.