This is the final post in our three-part series based on a paper co-authored by myself and Shannon Ferrell of Oklahoma State University.
As you can tell from our last blog post in this series, there is not a legal framework specifically suited for the protection of agricultural data. Trade secret comes closest, and if indeed a farmer can prove their data is protectable information (with the burden of such proof resting on the farmer), no written agreement between parties is needed for trade secret law to apply. However, this scenario poses a tremendous amount of uncertainty as to whether trade secret law will apply generally to big data and more particularly to the facts of a specific farmer’s data. To determine this answer, farmers may be exposed to costly, time-consuming litigation.
Conversely, farmers disclosing their data, and service providers receiving it, could proactively could enter a non-disclosure agreement (NDA) in which both parties agree in advance to hold the information confidential and agree to what uses can and cannot be made of the data. Such an agreement would be contractually enforceable regardless of whether the farm data was found to meet the legal definition of a trade secret. This approach would provide some certainty to both parties about what each of their duties and responsibilities are and how the data will be treated. I would certainly recommend that farmers consider this type of agreement to protect their information.
Privacy Policies & Principles: Not Enough to Legally Protect Data
Recognizing that big data issues are a serious concern for agriculture (and a hot topic of coffee shop conversation), several companies have developed privacy principles or policies to help ease their customer’s minds. For example, in November 2014, the American Farm Bureau facilitated an agreement on data privacy and security principles that was signed between a coalition of major farm organizations and agriculture technology providers, including the American Soybean Association, Dow AgroSciences, John Deere, National Association of Wheat Growers, National Corn Growers Association, Monsanto, the USA Rice Federation, and the National Farmers Union. The principles state that the companies signing on agree that certain measures are needed and should be adopted by technology providers. These measures include educating growers about their rights, making clear that farmers own the data, ensuring that affirmative consent should be required prior to releasing data, providing notice to growers when data is collected and how it will be used, explaining differences and abilities of farmers to opt in or out of data collection, and providing that technology providers should not disclose or sell data to third-parties unless bound by the same limitations. To read more about this, read Ashley Newhall’s blog post “Big Data What’s the Big Deal.”
John Deere, for example, has a Privacy and Data Statement addressing similar issues:
John Deere understands that you may not want us to provide Personal Information and Machine Data to third parties for their own marketing purposes. We limit our sharing of Personal Information and Machine Data as follows:
We may share Personal Information and Machine Data with our affiliated companies, suppliers, authorized John Deere dealers and distributors, and
business partners, which may use it for the Purposes listed above.
We may also share Personal Information and Machine Data with our service providers to fulfill the Purposes on our behalf. Our service providers are bound by law or contract to protect the information and data, and to only use it in accordance with our instructions.
We may disclose Personal Information and Machine Data where needed to affect the sale or transfer of business assets, to enforce our rights, protect our property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions.
We will also disclose Personal Information and Machine Data when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.
John Deere, Inc. 2014. Privacy and Data, available at https://www.deere.com/privacy_and_data/privacy_and_data_us.page, last accessed May 21, 2015.
Although this type of policy is a great recognition of the issues surrounding big data, it is important to understand that policies or principles are not generally legally binding contracts between the company and the farmer. Unless the terms of the privacy statement are included or incorporated into a signed written agreement between the company and the farmer, such statements are not legally enforceable. A contractual NDA–signed by all parties involved in data collection and analysis–would be much more desirable.
Terms to Consider in a Non-Disclosure Agreement
The following is a list of items the farmer and his or her attorney should consider in drafting an NDA for the disclosure of farm data to a service provider. These considerations are compiled from the works of Bowden (1995) and Fishman and Stim (2001). Bowden, Brian. 1995. Drafting and Negotiating Effective Confidentiality Agreements (with forms). The Practical Lawyer, 41:7, pp. 39-56.. Fishman, Stephen and Richard Stim (2001). Nondisclosure Agreements: Protecting Your Trade Secrets and More. Nolo Press.
1) Execute the agreement prior to data disclosure: Trade secret law will not protect information voluntarily disclosed or publicly available (see Uniform Trade Secret Act, § 1 above). Thus, it is critical the NDA be executed before the disclosure of any data.
2) Define who is disclosing and receiving the information: In most cases, the farmer will be the disclosing party, and the service provider will be the receiving party, though this is not necessarily always the case. In many cases, the obligations of the agreement will be defined the role of the party, so defining when those roles are triggered is important. For those involved in custom harvester relationships, Todd Janzen offers advice on provisions to include in the custom contract related to big data here.
3) Define what information will be regarded as confidential: Blanket statements that all information disclosed by the farmer to the service provider may be ineffective as the protection of all information may be impractical or counterproductive to the services provided. As a result, the agreement should define what information is, and is not, to be kept confidential, whether by category of information or the channel by which such information is transmitted.
4) Exclude information that will not be regarded as confidential: By the same token, it may be useful to define what categories of information are not to be treated as confidential and may be disclosed without further consent from the parties. Other information may be discloseable, but only with the express written consent of the party providing the information.
5) Establish a duty to keep the information secret: Perhaps the most important portion of the agreement, an affirmative contractual duty should be established that the party receiving the information must keep it secret. On the other side of the same coin, this portion of the agreement should also explicitly prohibit the disclosure of the information, and should also define the measures the receiving party must take to maintain the secrecy of the information. This portion of the agreement may also be accompanied by a time limit on its enforceability, which is usually defined by an event (such as execution of a release by the party providing the information, or the public disclosure of the information by that party) rather than a period of time.
6) Specifically allowed/prohibited uses of information: This section of the agreement can spell out what uses of the information are specifically allowed, and which are specifically prohibited. The farmer and his or her attorney will wish to use care in making sure that the beneficial uses of the data
motivating the farmer to seek the service provider’s services are not blocked by these terms.
7) Data destruction requirements: The farmer may wish to require the destruction of all data transmitted to the service provider in the event of a breach of the agreement by the service provider or some other event terminating the agreement. While there may be merit in such provisions, it should also be noted that data destruction in today’s highly-interconnected computing environment may be a practical impossibility. The most one may be able to achieve is the destruction of any hardcopies of the information and the complete erasure of physical drives where the data is stored.
8) Provision for injunctive relief: Without boring the reader with a discussion of civil procedure rules, suffice it to say that proving the case for “injunctive relief” (that is, an order from a court commanding an offending party to immediately cease a harmful activity such as releasing data, as opposed to the much more common remedy of ordering the offending party to pay monetary damages to the injured party) can be both costly and time-consuming, permitting the farmer to suffer continuing damages from data disclosure until it is stopped. A provision stating that the parties both agree that injunctive relief is appropriate in the specified circumstances can drastically shorten this process and limit the expenses in securing such relief.
9) Indemnity clause: The farmer may desire a clause stating the service provider will indemnify the farmer for any of his or her expenses (or the expenses of third parties asserting a claim against the farmer) caused by the wrongful disclosure of data.
10) Integration clause: An integration clause will state the entire agreement between the parties has been reduced to writing through the NDA. The effect of the integration clause is to exclude evidence of the parties’ discussions in the negotiation of the agreement and to limit the resolution of any disputes to the language in the agreement itself. If the parties agree to an integration clause, it is critical all of their concerns be addressed in the text of the agreement.
11) Attorney’s fees: The “American Rule” in most civil litigation is the parties pay for their own attorney’s fees, unless a statute or other legal rule overrides this presumption. Frequently, contracts override this rule and require the losing party pay the prevailing party’s costs; this is usually an attempt to minimize the chance of frivolous claims by one party. Farmers should use care in the inclusion of such language since it may result in the payment of significant legal fees if they should initiate what is eventually proven to be an unsuccessful claim against the service provider.
12) Alternative Dispute Resolution (ADR) and venue provisions: The parties may want to require any dispute among them be first submitted to ADR (arbitration or mediation) before the claim may be litigated. Large corporations often prefer arbitration as it may be faster and less expensive than litigation, but a growing body of research suggests arbitration may favor the corporation over other plaintiffs. The farmer may wish to specify mediation as a first line of ADR. At the same time, many large corporations fear they will be treated unfairly at the hands of local juries, where the opponent will have “home field advantage.” This may or may not be true; by the same token, if there is to be such an advantage, does the farmer wish to relinquish it?
13) Disclosure under legal process: One situation in which the receiving party may have little choice in disclosing information is when they are legally compelled to do so. However, there may be disagreement about when a party is “legally compelled” to disclose information. To provide the best possible opportunity for both parties to determine is such disclosure is indeed legally required, many attorneys recommend a fourfold approach: (a) disclosure of the information is prohibited unless the receiving party is subpoenaed or otherwise compelled by some form of legal process; (b) the disclosing party must be given as much notice as possible, allowing them to contest the legal process; (c) the receiving party must use best efforts to cooperate with the disclosing party; and (d) the receiving party may disclose only information which, in the written opinion of its legal counsel, it is required to disclose.
14) Liquidated damages: It may be difficult (or even impossible) to determine the amount of damages that the farmer has sustained from the disclosure of protected information. As a result, the farmer may wish to define an amount of liquidated damages in advance. Liquidated damages are simply an amount, agreed to in advance of a contractual breach, to be paid if a breach is proven to have occurred. The counterpoint to liquidated damages is that they serve as both a floor and ceiling to claimed damages; even if a farmer sustained greater damages than those negotiated in the liquidated damages provision, he or she will likely be deemed to have waived any claim to a greater damage amount.