Protecting Confidential Information — Biotech & Pharma Scenario

A Senior Researcher Answered Questions About Our Pipeline Compound at a Conference Dinner. No Documents Were Shared. Was That a Problem?

A real biotech and pharma compliance scenario — with three decision options and the right answer.

The Situation

Dr. Reyes is a senior research scientist at a mid-size biotech company. The company’s lead pipeline compound is in Phase 2 trials — early results are encouraging but have not been published or publicly announced. The compound addresses a significant unmet need and the company considers its mechanism of action, dosing data, and development timeline to be highly proprietary.

At a major industry conference, Dr. Reyes attends a dinner with colleagues from other organizations — some of whom work at competing companies and some at academic institutions. The conversation turns to the therapeutic area. A colleague asks about the company’s program. Dr. Reyes, feeling collegial and proud of the work, shares some details — the mechanism of action, the Phase 2 interim results, and a rough timeline for the Phase 3 decision. Nothing written was exchanged. Dr. Reyes didn’t think of it as a disclosure — it was just a dinner conversation among scientists.

The following week Dr. Reyes mentions the conversation to a colleague. The colleague immediately flags it to the Chief Compliance Officer. Dr. Reyes is surprised — nothing was published, no documents changed hands. “We were just talking.”

Choice ANo violation occurred. No documents were shared, nothing was published, and the conversation happened in a social setting among scientific peers. Scientists routinely discuss their work at conferences — that’s what conferences are for. The information will eventually be public anyway.

Choice BThis was a serious confidential information violation. Dr. Reyes verbally disclosed unpublished proprietary pipeline data — including mechanism of action, interim results, and development timeline — to people outside the organization including employees of competing companies. The setting and format of the disclosure don’t change what was shared.

Choice CIt depends on who was at the table. Disclosing to academic researchers is acceptable — they’re not competitors. Disclosing to employees of competing companies was a problem. The violation is partial, not complete.

The Right Call

Choice B — This was a serious confidential information violation. Choice C significantly understates the problem. Choice A is wrong.

The confidential information policy applies to the information, not the setting or the format. The mechanism of action, Phase 2 interim results, and development timeline are proprietary regardless of whether they were written on a napkin or spoken over dinner. Disclosure to anyone outside the organization without authorization — competitors and academic researchers alike — is an unauthorized disclosure.

Choice C is a common rationalization, but it doesn’t hold. Academic researchers publish. They collaborate with industry. They have consulting relationships with competing companies. Information shared “just with academics” has a well-documented path back to competitors — and the disclosure obligation doesn’t depend on the recipient’s employer. It depends on whether they were authorized to receive the information.

Conference culture creates a false sense of permission.

Scientific conferences exist for the exchange of knowledge — that’s their entire purpose. For researchers who have spent careers presenting at conferences, discussing work in progress with peers feels like exactly what they’re supposed to do. The informal dinner setting amplifies this — it feels social rather than professional, collegial rather than consequential. That culture is exactly why conference settings are among the most common environments for inadvertent disclosure of confidential information in biotech and pharma.

“It will be public eventually” is not a timing defense.

The value of pipeline information is almost entirely in its timing. Mechanism of action and interim Phase 2 data that will be published in 18 months are enormously valuable to a competitor today — they allow them to adjust their own program, accelerate competing development, or make investment decisions based on information the market doesn’t have. The fact that the information will eventually be public doesn’t reduce the harm of premature disclosure. In some cases it creates additional legal exposure if the information is material and non-public under securities law.

Verbal disclosure is still disclosure.

Most employees think of confidential information violations in terms of documents—e-mailed files, printed reports, shared drives. Verbal disclosure rarely registers as the same category of risk. But the information Dr. Reyes shared — mechanism of action, dosing data, interim results, timeline — is exactly what a competitor’s business development team would pay for. The absence of a document doesn’t change what was transferred.

Pride in the work is the most human — and most common — trigger.

Dr. Reyes wasn’t trying to harm the company. The disclosure happened because the work is genuinely exciting, and talking about it with peers who understand it is one of the rewards of the job. That motivation — pride, collegiality, the desire to be recognized by peers — is not unique to Dr. Reyes. It’s the most common reason confidential information leaves biotech and pharma organizations informally. Training that addresses this scenario helps researchers recognize the risk in the most natural and frequent context in which it occurs.

Know what’s authorized before the conference. Most companies have a pre-approved list of what can be disclosed about pipeline programs — typically limited to what has already been publicly announced. Dr. Reyes should have known exactly where that line sat before attending an industry event where the pipeline would naturally come up in conversation.

Redirect to public information. When the conversation turned to the pipeline, Dr. Reyes could have engaged with what’s already public — “We have a program in this space, and we’re excited about it — you’ll be hearing more from us soon” — without disclosing any proprietary information. Scientists can meaningfully participate in conference discussions without disclosing unpublished data.

Report the conversation after the fact. Because the disclosure occurred, the right step after recognizing it was to report it to the compliance or legal team immediately—not a week later in a casual conversation with a colleague. Early disclosure allows the company to assess the exposure and take any necessary action before the information travels further.

What types of information are considered confidential in a biotech or pharma organization?

Confidential information in life sciences organizations typically includes: unpublished clinical trial data and interim results, mechanism of action and formulation details for pipeline compounds, regulatory strategy and submission timelines, manufacturing processes and trade secrets, financial projections and partnership terms, and any material non-public information under securities law. The category is broad and applies regardless of whether the information is in written, electronic, or verbal form.

Does confidential information policy apply to conversations at industry conferences and events?

Yes — and this is one of the most important points for scientific and commercial staff to internalize. Confidential information obligations apply in every setting: conference presentations, poster sessions, dinner conversations, hallway discussions, and social events associated with industry meetings. The informal nature of a social setting does not change the classification of the information being discussed or the obligation to protect it.

Is it safe to share pipeline information with academic researchers who are not industry competitors?

No. Academic researchers publish their work, present at conferences, maintain consulting relationships with industry, and collaborate across institutions. Information shared informally with an academic researcher has no meaningful barrier to reaching competing organizations. Additionally, if the information is material non-public information under securities law, sharing it with an academic researcher carries the same legal exposure as sharing it with a competitor’s employee.

What are the consequences of unauthorized verbal disclosure of pipeline information?

Consequences depend on what was disclosed and to whom. At the organizational level, unauthorized disclosure of pipeline data can compromise competitive advantage, affect partnership negotiations, trigger securities law obligations if the information is material and non-public, and create liability under confidentiality agreements with partners or collaborators. At the individual level, consequences range from formal disciplinary action to termination depending on the severity of the disclosure and the organization’s policy.

What should an employee do if they realize they have inadvertently disclosed confidential information?

Report it to the compliance or legal team immediately — do not wait. Early disclosure allows the organization to assess what was shared, with whom, and what exposure may have been created. It also documents that the employee acted in good faith once they recognized the issue, which is a significant factor in any subsequent review. Delayed reporting or hoping the disclosure goes unnoticed is almost always the worse outcome for both the organization and the individual.

How to Use This Scenario in Training

The policy establishes the obligation to protect confidential information. This scenario makes clear where the line is in the most common situation where it gets crossed.

Xcelus recommends this scenario for research scientists, clinical operations staff, medical affairs, business development, and any employee who attends industry conferences, advisory board meetings, or scientific events. The recognition skill is understanding that informal verbal conversations at industry events are among the highest-risk settings for confidential information disclosure — and that “we were just talking” is not a meaningful distinction from any other unauthorized disclosure. Works as a standalone reinforcement scenario or embedded in a broader course on protecting confidential information or the Code of Conduct.

This scenario is built on the Decision Readiness Engine™ — the Xcelus methodology that trains employees to recognize a compliance moment, pause under pressure, and take the right action before the rationalization wins. Learn how it works →

More Compliance Scenarios

Compliance Training Built for Biotech and Pharma

Xcelus develops scenario-based compliance training for pharmaceutical and biotech organizations — including protecting confidential information, research integrity, FDA compliance, and insider trading scenarios built specifically for clinical, commercial, and regulatory teams.

Scenarios can be embedded in a full course, deployed as targeted reinforcement, or added as a layer on top of any existing pharma compliance program.

View Pharma & Biotech Training →
Contact Xcelus