Information that has value should be protected, and this is true in contract packaging as well, whether you’re a service buyer or a service provider. Confidential information can take many forms. Some companies have unique processes while others have formulas, marketing strategies, or customer lists that have taken years to develop and need to be protected from competitors. Other businesses seek to veil a product or innovative packaging in secrecy for a limited period of time while the product is being prepared for introduction into the market.
The common thread among these valuable assets is the need for both consumer packaged goods companies and contract packaging companies to prevent disclosure in order to preserve value.
The starting point for protecting valuable information is for the service buyer or the service provider to treat the information it seeks to protect as though it is confidential. Failure to do so could dilute a company’s competitive edge, leave the company vulnerable to misappropriation, and create a weakness that competitors can exploit.
The issues related to protecting confidential information are manageable, and a well-informed CEO or product manager should thoughtfully consider what information needs protection and take steps to protect that information. This article provides a roadmap of how to protect confidential information.
Identify value and access
The first step is to identify the information that needs to be protected. What type of information is valuable to your company? What information is essential or unique to your business? The value of a business can be tied to anything from a secret sauce to a customer list. Therefore, knowing the source of value is critical to adequately protecting a business.
Products, packages, customers, or processes can take years and significant cost to develop. To best maintain confidentiality, the appropriate strategies to protect valuable information need to be tailored to the nature of the information. An effective strategy for one type of confidential information may be less effective for another type of asset.
For example, food products with secret recipes can be delivered in pre-mixed batches so that users do not know all of the ingredients, while customer lists cannot be similarly protected. Sometimes a contract packager has developed an extensive list of vendors and pricing that is unique to its business. Each business must examine the aspects of its operation and customize its information protection strategy accordingly.
Identifying valuable information is only the first step in maintaining confidentiality. The next step requires the company to identify the people with access to the information and narrow access to those that actually need the information to perform their job functions. Frequently, information is available to employees who do not require access to the information, exposing the business to unnecessary risk. A CFO usually has no need to know secret formulas or processes needed to operate a plant, while the plant manager does not need access to financial information unrelated to the plant’s operations.
As most employees change employers over the course of their careers, exposing information to employees who do not have a “need to know” creates additional risk to outsiders. Likewise, suppliers and service providers may have access to confidential information beyond the scope required to perform or provide their services or products for the company.
Limit access to information
After a contract packaging services buyer or provider has identified its valuable information and narrowly constructed the list of employees, vendors, and service providers with access to confidential information, the company should take steps to limit access and use of information.
Offices and file cabinets containing confidential information should be locked and access to keys should be limited to such that people have access only to the information necessary to perform their jobs. In addition, computers, including laptops, and PDAs and software programs, should be password-protected. Finally, the company should limit vendors to the relevant portion of the secret sauce recipe, not all of the ingredients.
If the confidential information relates to a process or procedure, all aspects of that process should be treated as confidential. To the extent the details of the machine that grinds the food product to a fine powder, for example, are important, components of the company’s confidential process, the equipment manufacturer, the process design firm, the employees running the machines, and management should be required to sign a nondisclosure agreement or confidentiality agreement. A security code should be required to enter the facility housing the processing equipment. If nonemployees sometimes tour the plant, a physical barrier should be erected to avoid disclosing sensitive details of the process to outsiders. Keep in mind that disclosure—even to a noncompetitor—can be problematic.
Every person who is privy to the confidential information should be required to sign a non-disclosure agreement (“NDA”). Each stage of the process should be considered: employees of the product manufacturer, the OEM, packaging companies, distributors, vendors, and suppliers. Each stage in the process represents a potential weakness in the chain of preserving confidentiality.
In the case of employees, the NDA is often intertwined with an employment agreement. Omission of a key employee or vendor can open the door for a competitor to argue that the information was not treated as confidential and, therefore, should not be protected.
The authors, Jeffrey A. Hechtman and Megan M. Mathias, are both attorneys servicing mid-market businesses at Horwood Marcus & Berk Chartered in Chicago. Hechtman and Mathias represent privately held manufacturers, distributors, ad service companies, including packaging services buyers and providers, as outside general counsel.