focus on
-
Average read time 7'

NDA and disloyal clients: the case of stolen projects and confidential materials

Published in: Intellectual Property
by Margherita Manca
Home > NDA and disloyal clients: the case of stolen projects and confidential materials

When a client breaches confidentiality, legal protection becomes far from straightforward. In this article, we analyze what to do in cases of project, file, and confidential material misappropriation by an untrustworthy client. From evidence gathering to legal action—through cease and desist letters, injunctions, and compensation—we outline an effective strategy. We also explain how to create truly enforceable NDAs and implement tools for prevention, control, and fostering a culture of confidentiality within the company.

  1. Misappropriation of information and other disloyal client behavior
  2. How to prove the theft of ideas, data, and confidential documents
  3. Legal strategies: surprise actions, evidence, and protective measures
  4. Preventing theft: NDAs, technological monitoring, and internal policies

Misappropriation of information and other disloyal client behavior

When offering high-value services—such as strategic consulting, proprietary methods, confidential formulas, technical models, or design solutions—the golden rule is simple: never share what you can’t afford to lose. Absolute confidentiality is the most effective protection. However, in many professional contexts, sharing becomes necessary: to propose a tailored solution, participate in a selection process, or co-develop a project.

In such cases, it’s essential to regulate access to information through a confidentiality agreement—the classic Non-Disclosure Agreement (NDA)—which formally binds the recipient to neither disclose nor use the information beyond the agreed purposes.

Typically, NDAs are used by clients to protect themselves from suppliers. But the reverse scenario is also possible: the professional or supplier may be the one harmed. This happens when a client, after receiving confidential documents, ideas, or materials, decides to use them independently, perhaps involving another partner or replicating them without authorization.

In these situations, the NDA is an essential tool for the party who shared sensitive content. But compliance with the agreement is never guaranteed. Signals of a possible violation can be subtle: out-of-context technical questions, sudden communication drop-offs, or exclusion from crucial operational phases. Sometimes it becomes apparent only when a “too similar” product is announced by someone else [see: Copied products: the case of the former reseller turned competitor (Court of Brescia, December 5, 2024) – Canella Camaiora].

When you suspect a violation, speed is fundamental. It’s not enough to be right—you must be able to prove it with solid evidence. Here’s how to document information theft and prepare an effective legal attack strategy.

How to prove the theft of ideas, data, and confidential documents

At the first signs of a potential violation—sudden communication gaps, unclear technical requests, or being left out of operations— it is essential not to waste time. The priority is not confronting the client, but building strong evidentiary support.

Start by saving every relevant communication: emails, messages, shared notes. Even seemingly minor details—like the time a file was sent or the version history of a document—can become central in court. It’s also useful to retrieve subsequent versions of shared materials to spot suspicious modifications or unauthorized reuse.

Simultaneously, check access logs on collaborative platforms: who downloaded what and when. In digital environments, monitoring information isn’t just possible—it’s necessary. Companies dealing with confidential content must be set up to trace, archive, and preserve every interaction to accurately reconstruct events in case of abuse.

Sometimes, information theft is facilitated internally, for example, by disloyal collaborators or employees who improperly pass sensitive documents to the client or third parties (see: The case of the disloyal employee who steals confidential company information – Canella Camaiora). In these cases, evidence collection must also be timely and focused on traceability.

Another key step is proving ownership of the content: who created it? When? With what tools? Many companies underestimate the importance of documented authorship, opening the door to avoidable disputes.

Finally, consult a specialized attorney immediately—not just to prepare a formal warning, but to evaluate protective legal strategies, even urgent and surprise measures. Because once the breach is evident, it might already be too late to respond effectively.

Immediate legal protection

Legal strategies: surprise actions, evidence, and protective measures

When you discover that a client—or commercial partner—has improperly used confidential information, your legal response must be carefully planned. Many assume the first step is a cease and desist letter, but this approach can be overrated: if the evidentiary groundwork hasn’t been secured, you may compromise your case.

In cases of information theft, it’s essential to map the situation, gather all useful elements, and act swiftly, often with the help of a technical expert or bailiff, to secure evidence. Only after this phase can you proceed effectively.

A well-structured cease and desist letter remains a useful tool: it holds legal value, formalizes the complaint, and—if crafted properly—can lead to an out-of-court resolution or set the stage for litigation.

If the damage is ongoing or likely to worsen, you can request urgent judicial measures (precautionary relief), allowing rapid legal protection. The judge may order:

  • a technical description of the product at the opposing party’s premises;
  • the seizure of confidential files or documents;
  • an injunction against producing or selling goods derived from the violation.

These are powerful and rapid tools but must be requested based on solid evidence. Weak or contradictory evidence can turn the action into a dangerous backfire, with legal costs and reputational harm.

After the precautionary phase, you can proceed with a merits case to seek compensation. Main criteria for quantifying damages include:

  • loss of profit (missed earnings);
  • emerging damage (incurred costs);
  • unjust enrichment gained by the client.

Often, NDA violations are accompanied by additional offenses—such as unfair competition or intellectual property infringement—which can strengthen your case.

Preventing theft: NDAs, technological monitoring, and internal policies

Confidentiality protection doesn’t begin after a violation—it starts with drafting the agreement. Much of your legal defense strength is determined at this stage. That’s why companies, startups, and development teams should work with expert professionals from the very first interactions to create customized, practical, and enforceable NDAs.

A confidentiality agreement shouldn’t be a generic template copied from the internet. It must be adapted to the type of shared information, technologies used, operational dynamics of the project, and actual misuse risks.

An effective NDA clearly defines:

  • what constitutes confidential information;
  • for what purposes it may be used;
  • who is authorized to access it;
  • how long the confidentiality obligation lasts;
  • consequences of a breach.

In some cases, including a penalty clause is helpful: a contractual provision that pre-defines the amount payable in the event of a breach, avoiding the need to prove the extent of the damage. For example, the agreement might state that unauthorized disclosure incurs a €50,000 penalty. This clause has a strong deterrent effect and simplifies legal action.

But a document alone isn’t enough—you need a structured culture of confidentiality. Companies should implement internal systems to:

  • track access to sensitive information;
  • manage versions of shared files;
  • control permissions on collaborative platforms;
  • train staff in confidential data management;
  • and, above all, define clear corporate policies to detect and counter abnormal behavior—even by internal employees and collaborators.
Tailored NDA agreements

Many companies already use professional tools for document management, legal archiving, and activity monitoring (e.g., Google Vault, Microsoft Purview, Mimecast Archive, Proofpoint), proving that this is not science fiction but best practice.

In a world where knowledge has economic value and sharing is part of strategy, protecting what you create isn’t a luxury—it’s a mark of entrepreneurial responsibility.

A well-drafted NDA is not mere formality—it’s the first legal safeguard for the value a company generates every day.

© Canella Camaiora Sta. All rights reserved.
Publication date: 20 May 2025

Textual reproduction of the article is permitted, even for commercial purposes, within the limit of 15% of its entirety, provided that the source is clearly indicated. In the case of online reproduction, a link to the original article must be included. Unauthorised reproduction or paraphrasing without indication of source will be prosecuted.

Margherita Manca

Lawyer at The Canella Camaiora Law Firm, member of the Milan Bar, she specialises in industrial law.
Read the bio
Return to the blog

Go to the page

error: Content is protected !!