425 Broadhollow Road
Suite 416
Melville, NY 11747

Freiberger Haber LLP
420 Lexington Avenue
Suite 300
New York, NY 10170


Confidential Information Does Not Lose Its Protection Even After The Sale To Third Parties

Print Article
  • Posted on: Nov 16 2016

On October 25, 2016, the Appellate Division, First Department issued a unanimous decision addressing the protection of confidential information.  In BitSight Technologies, Inc. v. SecurityScorecard, Inc., 2016 NY Slip Op. 06980, the Court reversed the decision of the motion court, holding that “[w]hen a party sells information to [third parties] with the requirement that the latter keep the information confidential, the information is still protected.”

The Facts:

The action arose from a March 18, 2014 agreement between one of the plaintiffs, Anubisnetworks (“Anubis”), and the defendant, SecurityScorecard, Inc. (“SecurityScorecard”). See BitSight Technologies, Inc. v. SecurityScorecard, Inc., Docket No. 650042/2015, Motion Seq. No. 003, 2016 NY Slip Op 30138(U), at 1 (Sup. Ct., N.Y. Cnty. Jan. 25, 2016). Pursuant to the Agreement, Anubis agreed to provide SecurityScorecard its subscription-based feed service, known as the Cyberfeed Service (“Cyberfeed”), for a one year period, and SecurityScorecard “agree[d] that it [would]: a) Use provided feeds for own internal use only [and] b) Not resell cyberfeeds to customers (customers using directly cyberfeeds in their systems).” Id. (quoting the Agreement).

Almost 7 months later, on October 7, 2014, Anubis claimed that SecurityScorecard had breached the Agreement by “‘making Anubis’ Cyberfeed Service available and/or reselling it to third parties.’” Id.   Anubis demanded that SecurityScorecard cease using the Cyberfeed service in violation of the Agreement and that it delete all Cyberfeed data from “‘any external websites, databases, subscriptions, product offerings, servers or other services or offerings.’” Id.  Anubis also gave notice that it was terminating the Agreement. Id. SecurityScorecard denied selling the Cyberfeed service to any third parties. Id. at 1-2.

Three days later, Bitsight Technologies, Inc., a long-time customer of Anubis and a competitor of SecurityScorecard, acquired Anubis. Id. at 2. The Agreement terminated on November 5, 2014. Id.

The Motion Court’s Ruling:

The plaintiffs sued SecurityScorecard, alleging that it breached the Agreement and  misappropriated confidential information, among other things.

Regarding the misappropriation claim, the motion court held that the plaintiffs failed to state a claim upon which relief could be granted.  In so holding, the court found that since there was no breach of the Agreement concerning confidentiality, there could be no misappropriation of the Cyberfeed service. This was especially so since “neither the complaint nor plaintiffs’ opposition papers specif[ied] any confidential information allegedly misappropriated by SecurityScorecard.” Id. at 4. Moreover, the court found that Anubis failed to take sufficient precautionary measures to ensure that the Cyberfeed service remained confidential. Id. at 5. In fact, the court noted that the plaintiffs even “concede[d] that Anubis’s business hinged on making this data available to Cyberfeed subscribers.” Id. As such, there could not be any misappropriation of confidential information.

The First Department’s Reversal:

The Court addressed the breach of the Agreement first, since the issues on appeal stemmed from the motion court’s analysis and decision on whether the Agreement’s definition of confidential information included the Cyberfeed service. In that regard, the Court found that the definition of confidential information in the Agreement was “ambiguous”, making the dismissal of the breach of contract claim in error. Since the motion court’s dismissal of the misappropriation claim substantially rested on its finding that there was no breach of the Agreement, the dismissal of that claim necessarily had to be in error too:

The first cause of action (misappropriation of confidential information/unfair competition) should not have been dismissed. When a party sells information to subscribers with the requirement that the latter keep the information confidential, the information is still. At least for the purposes of a CPLR 3211 motion to dismiss, Anubis took sufficient precautionary measures to keep cyberfeeds confidential, since a trier of fact might find that cyberfeeds are covered by the contract’s confidentiality provisions.

Slip op. at 1 (citations and internal quotations omitted).


The First Department had to reach back to the early 1900s (citing International News Serv. v Associated Press, 248 U.S. 215, 237 (1918); Dodge Corp. v Comstock, 140 Misc. 105, 109 (Sup. Ct., Erie Cnty. 1931)) to underscore the point that “[w]hen a party sells information to [third parties] with the requirement that the latter keep the information confidential, the information is still protected.” The Court made it clear that it is incumbent upon the owner of the information to clearly state that the information is confidential and is to remain confidential. One way to convey that message is to draft contract provisions that clearly and unambiguously state this position.  This is especially important if the owner of the information wants to show that it took precautions to keep the information protected.

Tagged with:

Freiberger Haber LLP
Copyright ©2022 Freiberger Haber LLP | Disclaimer
Attorney advertisement | Prior results do not guarantee a similar outcome.
425 Broadhollow Road, Suite 416, Melville, NY 11747 | (631) 574-4454
420 Lexington Avenue, Suite 300, New York, NY 10017 | (212) 209-1005
Attorney Website by Omnizant