Protecting Trade Secrets: Confidentiality Agreements for Remote Philippine Developers
Introduction: Why trade secret protection matters in offshore software work
Foreign software companies hiring remote Philippine-based developers often rely on trust and speed—fast onboarding, shared repositories, and distributed access to sensitive systems. Those same work patterns increase the risk of code leaks, unauthorized reuse, and disclosure to competitors. Philippine law recognizes trade secrets and confidential business information as legally protectable interests, but enforceability in real disputes depends heavily on how confidentiality duties are written, communicated, and implemented.
This article explains how Philippine statutes and Supreme Court rulings support confidentiality agreements for remote developers, and how to draft and operate those agreements so they remain defensible if a leak, theft, or employment dispute arises.
Governing Philippine legal sources that protect software trade secrets
1) Intellectual Property Code: protection of “undisclosed information” and technology transfer arrangements
The Intellectual Property Code treats “protection of undisclosed information” as part of Philippine intellectual property rights. It also defines “technology transfer arrangements” broadly to cover contracts involving transfer, assignment, or licensing of intellectual property rights, including licensing of computer software (with stated exceptions). This matters because confidentiality undertakings are commonly embedded in software development, licensing, services, and IP assignment arrangements, including cross-border outsourcing and remote engagement models.
Citation: Intellectual Property Code of the Philippines (Republic Act No. 8293, 1997), Section 4 (definitions of intellectual property rights and technology transfer arrangements), dated 1997.
2) Rules of Evidence: privilege relating to trade secrets in litigation
Even with a signed confidentiality agreement, enforcement may require litigation. Philippine evidence rules recognize a privilege covering trade secrets: a person generally cannot be compelled to testify about a trade secret, unless nondisclosure would conceal fraud or otherwise work injustice. If disclosure is ordered, courts must adopt protective measures to balance interests.
This is helpful for foreign principals who must prove wrongdoing but still want to limit courtroom exposure of source code, architecture, security methods, customer lists, and internal pricing or deployment processes.
Citation: 2019 Amendments to the 1989 Revised Rules on Evidence (A.M. No. 19-08-15-SC, 2019), Rule 130, Section 26 (Privilege relating to trade secrets), dated 2019.
3) Supreme Court guidance: what counts as a trade secret and how courts treat compelled disclosure
Philippine jurisprudence recognizes trade secrets as generally private, protected from compulsory disclosure, and a valid ground for employer protection measures. The Supreme Court has described a set of factors for identifying trade secrets, including: how widely the information is known outside the business, internal access, measures taken to protect secrecy, value to the business and competitors, development cost, and ease of independent acquisition. This is useful in software disputes where the developer argues that the code or process is “generic.”
Citation: Air Philippines Corporation v. Pennswell, Inc. (G.R. No. 172835, 2007), discussion of trade secret factors and protection from compelled disclosure, dated 2007.
What foreign software companies should protect as “trade secrets” in remote development
In the offshore software context, protectable confidential information can include:
Typical trade secret categories in software engagements
- Source code and proprietary libraries (including unreleased branches and internal tools).
- System architecture and security design (threat models, access controls, encryption workflows).
- Deployment and DevOps processes (CI/CD pipelines, configuration management, runbooks).
- Product roadmaps and feature backlogs (market positioning, unreleased features).
- Customer and pricing data (enterprise terms, discounts, account plans).
- Datasets and labeling rules (especially where data preparation is a competitive advantage).
However, courts will not accept a company’s label alone. Philippine Supreme Court rulings warn against overly broad claims that “almost anything” is a trade secret without a factual foundation. The protection is strongest where the company shows concrete secrecy controls and a real competitive value to the information.
Citation: Air Philippines Corporation v. Pennswell, Inc. (G.R. No. 172835, 2007), caution that confidential/trade secret designations must have a substantial factual basis, dated 2007.
Confidentiality agreements: contract points that matter under Philippine law
1) Define “Confidential Information” with specificity, not just broad labels
Overly vague definitions can backfire in disciplinary action or litigation because they invite arguments that the rule is unclear or unjustly applied. The Supreme Court has ruled in an employment setting that company rules that are vague or overly broad in defining confidential information may not support dismissal for loss of trust and confidence, especially where disclosure is made in good faith for a legitimate purpose (for example, pursuing a legal claim).
Citation: Yonzon v. Coca-Cola Bottlers Philippines, Inc. (G.R. No. 226244, 2021), on vagueness/overbreadth of confidential information rules in dismissal cases, dated 2021.
2) Set clear confidentiality duties that match remote work realities
A strong agreement should impose duties that fit distributed development, such as:
- Need-to-know access and limits on copying repositories, datasets, and documentation.
- Prohibited disclosures (posting snippets publicly, sharing to other clients, using personal Git accounts without approval).
- Secure handling rules (device security, MFA, password managers, screen-lock and workspace privacy).
- Return/retention obligations upon termination (repo access removal, deletion of local copies, handover obligations).
3) Include a balanced “exceptions” clause to keep the agreement enforceable
Reasonable exceptions reduce enforceability risk and align with how courts examine fairness and legitimacy. Typical exceptions include:
- Information already public without breach.
- Information independently developed without use of confidential materials.
- Disclosure required by law, court order, or regulator, subject to notice and protective steps.
- Disclosure to counsel for legal claims, under confidentiality and limited scope.
This is consistent with the evidence rule that courts may order disclosure where nondisclosure would conceal fraud or otherwise work injustice, while still requiring protective measures.
Citation: 2019 Amendments to the 1989 Revised Rules on Evidence (A.M. No. 19-08-15-SC, 2019), Rule 130, Section 26, dated 2019.
4) Tie confidentiality to ownership and assignment of work product
Confidentiality prevents disclosure, but ownership and assignment provisions help prevent a developer from claiming rights over the code. In technology services agreements, clauses on ownership of future rights and assignment are common and have been judicially discussed in a Philippine case involving IP ownership clauses and confidentiality-proprietary rights sections in a development relationship.
Citation: BiTMICRO Networks, Inc., et al. v. Cunanan, et al. (G.R. No. 224189, 2021), excerpts referencing ownership of developed technology, future rights, and confidentiality-proprietary rights sections, dated 2021.
Non-compete and non-involvement clauses: when they may help (and when they may not)
Some foreign principals add non-compete or non-involvement clauses to reduce the chance of trade secret leakage to competitors. Philippine jurisprudence holds that a non-compete clause in an employment contract is not automatically void if it is reasonable as to time, trade, and place and not greater than necessary to protect the employer.
For remote developers serving global clients, the restraint must be carefully limited. Overly broad bans (for example, “cannot work for any software company anywhere”) are more vulnerable to challenge than clauses limited to direct competitors, defined markets, and short durations.
Citation: Tiu v. Platinum Plans Phil., Inc. (G.R. No. 163512, 2007), on validity of reasonable non-involvement clauses, dated 2007.
How enforcement usually arises: common dispute scenarios
Scenario 1: Repository cloning before resignation. A developer clones private repos to a personal device shortly before leaving. The company later sees similar code in a competitor’s product. A confidentiality agreement helps establish duty; logs and access policies support the “measures taken to guard secrecy” factor recognized by the Supreme Court.
Scenario 2: Posting code snippets online. A developer asks for help on a public forum and posts a snippet that reveals proprietary methods. If the confidentiality definition is too broad, discipline may be attacked as unclear; if it is specific, it is easier to justify corrective action.
Scenario 3: Disclosure to pursue a legal claim. A developer uses internal documents to support a labor complaint or another legal claim. Courts may treat good-faith disclosures for legitimate purposes differently from malicious leaks, so confidentiality rules should include a lawful-disclosure procedure and protective steps.
Citation: Yonzon v. Coca-Cola Bottlers Philippines, Inc. (G.R. No. 226244, 2021), treatment of vague confidentiality rules and good-faith disclosure for legitimate purposes, dated 2021.
Evidence and court protection: limiting exposure of source code during disputes
If litigation becomes unavoidable, trade secret privilege supports requests to restrict disclosure in court. The rule allows the court to direct protective measures if disclosure is required. In disputes involving software, parties commonly seek:
- In camera review of code or sensitive documents.
- Limited access to counsel and designated experts under undertaking.
- Redaction of nonessential details.
- Sealing of records where appropriate.
Citation: 2019 Amendments to the 1989 Revised Rules on Evidence (A.M. No. 19-08-15-SC, 2019), Rule 130, Section 26, dated 2019.
Drafting and operations checklist for foreign companies hiring remote Philippine developers
| Area | What to put in the contract | What to implement operationally |
|---|---|---|
| Definition of Confidential Information | Enumerated categories; include code, architecture, security methods, datasets; exclude public/independent info | Label repositories; classify docs; document what is restricted |
| Handling and access | Limits on copying, personal accounts, external sharing; device and account security duties | MFA, least-privilege access, logging, DLP where appropriate |
| Disclosure exceptions | Lawful disclosure process; notice and cooperation; protective steps | Escalation process to legal; template notice and preservation rules |
| Ownership and assignment | Work product ownership; assignment of rights; obligation to sign further documents | IP assignment onboarding; repo contribution records; offboarding certificate |
| Post-engagement restrictions | If used, keep non-compete limited in time/trade/place and to direct competitors | Role-based access to the most sensitive materials to reduce exposure |
Final observations and recommendations
Philippine law supports trade secret protection through contract, evidentiary privilege, and Supreme Court doctrine recognizing the private character of trade secrets and the need for genuine secrecy measures. For foreign software companies working with remote Philippine developers, enforceability is strongest where confidentiality obligations are clear, specific, and aligned with real security controls rather than broad labels alone.
Recommended next steps include: (1) update confidentiality clauses to enumerate software-specific confidential materials; (2) connect confidentiality with IP ownership and assignment obligations; (3) implement access controls and logging that demonstrate secrecy measures; and (4) design a lawful-disclosure process that addresses court orders and legitimate claims while preserving confidentiality to the maximum extent allowed by Philippine rules.
About Nicolas and De Vega Law Offices
Nicolas and de Vega Law Offices is a full-service law firm in the Philippines. You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines. You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com.
