In this recent post (now extensively revised) I consider two standard exceptions to the definition of Confidential Information and propose what I’d do instead. Now we’ll look at another exception, the one relating to public information. With this exception, the question is how exactly to phrase it.
The Kind of Information
Let’s look at the different components of the exception, starting with what kind of information falls within the exception. Here are the possibilities I’ve encountered:
- public
- publicly available
- available to the public
- publicly known
- widely available to the public
- generally available to the public
- widely available in the widget industry
- in the public domain
Let’s start with public (option 1). Black’s Law Dictionary gives as the relevant definition “Open or available for all to use, share, or enjoy.”
Consider use of available in that definition. If I create a website, make no effort to publicize it, and put some information on that site, is the information available? In theory, anyone with an internet connection has access to it, but it wouldn’t make sense to say that that’s enough to make the information available. The word available must connote not just that one has access to information but also that one is aware that the information exists and where to get it.
I wouldn’t take seriously the “available for all” component of the Black’s definition. It can’t mean that everybody—every human on the planet—knows that the information is available. Instead, what you should consider is whether it’s availability in a given community. For purposes of a confidentiality agreement, the appropriate community might be whatever industry might want to make use of the information in question.
The Black’s definition suggests that availability is implicit in the word public, but you could make that explicit and say publicly available (option 2) or available to the public (option 3). But I suggest it’s redundant to refer to availabilty.
Instead of referring to availability you could refer to knowledge, as in publicly know (option 4). That would seem to represent a more demanding standard, but it doesn’t reflect our relationship with information. The information we actually know is only a tiny fraction of the information that’s available, and we can now retrieve information in the blink of an eye. Limiting the exception to information that is known doesn’t make sense.
In option 5 and option 6, widely and generally are redundant, as those concepts are inherent in the idea of information being public. But if you want to make it explicit that the community to be considered is a given industry, I’d use the formula in option 7.
Saying in the public domain (option 8) is simply a mistake, as it has no bearing on the general availability of information. Ned Barlas, my Penn Law Review colleague from long ago and one of my prized sources of intellectual-property advice, tells me that in the public domain refers to the copyright status of a work of authorship that is no longer subject to copyright protection, and that formerly patented inventions and unpatentable inventions are also sometimes said to be in the public domain. It’s safe to assume that anyone who uses in the public domain in the public-information exception simply assumes it’s a hey-I-sound-like-a-smart-lawyer alternative to public.
Timeframe
Next, let’s consider the timeframe. Here are the possibilities:
- is public
- becomes public
- is or becomes public
- is already public when the Disclosing Party discloses it to the Recipient or becomes public after the Disclosing Party discloses it to the Recipient
One or other of the first three options can be found in countless contracts, but the problem with each is that it raises the question, When? To make it clear that the reference point isn’t when the contract is signed but instead is when information is disclosed, use option 4.
A Limit to the Exception
The public-information exception can be limited as follows (one sees many variants):
- other than as a result of breach of this agreement by the Recipient
- through no fault of the Recipient
- through no wrongful act of the Recipient
- for reasons beyond the control of the Recipient
The sensible choice is option 1. It’s not clear what other kind of disclosure, if any, the other options might be contemplating.
It might not be necessary to include option 1: it would require serious chutzpah on the part of the recipient to leak confidential information so it becomes public, then claim that the information falls within the public-information exception. There’s no right or wrong choice, but I’m inclined to make that explicit.
The End Result
So here’s my version of the public-information exception:
information that is already public when the Disclosing Party discloses it to the Recipient or becomes public (other than as a result of breach of this agreement by the Recipient) after the Disclosing Party discloses it to the Recipient;
[I adjusted this proposed language based on Mark’s comment.]
Two useful posts – thanks. I have a couple of comments.
On the public-information exception, the bar on the recipient relying on its own breach is pretty universal (and, as you say, it would take serious chutzpah for a recipient to breach and then rely on the exception). While I understand the motivation for agreements to include this bar, I have never understood how it would be enforced in practice. Once information is public, then it is public (no matter how this has occurred). The recipient would be liable for its breach, but would a court would bar the recipient from using something that everyone else now knows and is free to use? Would the existence of the bar really make a difference to the court’s decision?
Assuming we feel more comfortable with the bar in place (even if it is of questionable effect), I think it should be moved further down your clause. In other words, it should only modify the ‘becomes public’ part (and not the ‘already public’ part). If the information is already public when the disclosing party makes the disclosure to the receiving party, then the public nature of the information couldn’t have occurred as a result of a breach by the receiving party.
Thanks, Mark, for your helpful comments.
Regarding your first point, I’m not sure where to look. I wouldn’t be surprised if there’s a general principle that if you illicitly create a situation, you won’t be allowed to take advantage of that situation.
Regarding your second point, d’oh! That’s the kind of point I miss when my nose is too close to the grindstone. What do you think of my revised version?
Looks good.
It feels like this should be analyzed with some of the issues that arise under the Uniform Trade Secrets Act (or its federal counterpart the DTSA) regarding the definition of a trade secret, and particularly its requirement that the proponent of a trade secret must be making reasonable efforts to keep a thing a secret. That feels to be the counterpart issue to what you’re discussing above. I’m not sure that changes the suggested drafting, but it may help in considering how a case might turn under your language (i.e., if the ‘public’ aspect should be what would cause a piece of information to lose its confidential status).
I’d slenderise the final by a few words:
Information already public at the point at which the Disclosing Party discloses it to the Recipient, or that becomes public after that point, but not by breach of this agreement.
I’m curious to hear thoughts on a specific issue concerning how one breach affects the rest of a company’s NDA’s. For example, if company A has separate NDA’s with B and C, but B breaches its NDA by making information public, should that mean that B’s breach “infects” the NDA between A and C, such that C now gets the benefit of the exception of publicly available information? Or, in an attempt to contain the damage of B’s breach, should company A try to protect itself in that situation using its NDA with C?
I’ve seen this dealt with by adding language to the end of the parenthetical in the A/C NDA so that it reads as follows: “(other than as a result of breach of this agreement by the Recipient, or otherwise from a source in breach of its confidentiality obligations to Disclosing Party)”.
Truthfully I haven’t put the strategy into broad practice, thinking that once public (especially online), information would be too difficult to re-privatize, so to speak, and company A is likely hosed anyway. I’m sure there are specific instances where it could come in handy though, and I continue to think about it enough that I’m curious if anyone else has encountered the issue.
Regarding the public information exception, there is a body of patent caselaw on that precise issue. The text of 35 USC § 102 states that a person is entitled to a patent unless the invention “was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public[.]” Because preservation of patentability is one purpose of confidentiality provisions, does that change your opinion about option 3 or its more succinct variant, option 2?
I’ll duck as MSCD is thrown at me and fortuitously falls open to § 13.123…
Hello from Singapore, Ken. I’ve been a fan of your work for a while although haven’t commented before. I’m not sure how widely accepted your point is that people should use “in the public domain” only in a copyright context and not to mean information that’s not confidential. I searched for that phrase in Lawnet (local Westlaw equivalent) and found both Singapore and English cases where the court used “in the public domain” in the confidentiality context.
Hi Stella. Yes, I’ve become more attuned to use of “in the public domain” to mean known to the public. In fact, a few days ago I encountered that usage in a bad martial arts movie!
But my point is still valid. Using “in the public domain” to mean known to the public is wordy and old-fashioned, and mostly British. Furthermore, use of the phrase to express the copyright meaning is entrenched in legal circles in the US and England. So using the phrase to mean “known to the public” in a document intended to act as a standard for confidentiality agreements is a poor choice.
Incidentally, I posted a comment to this effect on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:6830741384597659648?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6830741384597659648%2C6830886577695264768%29.
Question–if a hacker exposes confidential information, does that become publicly known/available/etc., such that any confidentiality agreements related to the information are moot?
Off the top of my head, I don’t know!
The “is or becomes” in either structure (3 or 4) bothers me. The concern I have is that if confidential information becomes public, then at that point it is public for which it would no longer be confidential information. However, prior to that point, it was confidential information and subject to the non-disclosure protection.
But something that later becomes public, should not preclude the obligations and any associated breach/cause of action which arises before that becomes public.
Because this type of clause is in almost every contract I’ve seen, am I wrong about this interpretation or is it otherwise not something worth worrying about?