Confidentiality Agreements What You Must Know

Confidentiality Agreements Miami Business Lawyer

Confidentiality Agreements

Confidentiality Agreements Are Essential For Your Business

Protection of a company’s confidential information and the use of confidentiality agreements (also known as non-disclosure agreements or NDAs). Nearly all businesses have valuable confidential information and, for many, confidential information is a dominant asset. Protection of confidential information within an organization is usually a vital business priority.
Companies also share, receive, and exchange confidential information with and from customers, suppliers and other parties in the ordinary course of business and in a wide variety of commercial transactions and relationships. These transactions and relationships include when companies enter:
Contractual confidentiality obligations are fundamental and necessary to help protect the parties that disclose information in these situations. Depending on the circumstances, these obligations can be documented in either:
  • A free-standing confidentiality agreement (also known as a non-disclosure agreement or NDA).
  • Clauses within an agreement that covers a larger transaction.

Protecting Confidential Information as Valuable Business Assets

Most companies derive substantial value from their confidential information and data, both by having exclusive use of it in their own businesses and by sharing it selectively with customers, suppliers, and others. Confidential information can be used and shared more effectively and securely, to the greater benefit of the business, if the company routinely:
  • Takes stock and assesses the value of its information assets.
  • Maintains rigorous internal policies and practices to keep it confidential.
Confidential information takes various forms in different businesses and industries and often includes information entrusted to a company by its customers, suppliers, and other parties, subject to contractual use restrictions and nondisclosure obligations.

Company-Wide Information and Data Security Policies, Systems, and Procedures

Having effective confidentiality agreements in place with other parties is necessary but not sufficient to protect an organization’s confidential information and data. Comprehensive protection requires the participation and coordination of management and staff at all levels across all functions, from finance and administration to marketing and sales. It often falls to the legal department, working closely with the information technology (IT) function and with the support of senior executives, to lead the company-wide information management and protection program.
Effective information and data security depends on developing comprehensive policies and procedures, and applying them consistently. In this regard, it is especially important to have in place:
  • A uniform confidentiality and proprietary rights agreement that must be signed by all employees as a condition of employment.
  • An IT and communications systems policy that governs employees’ appropriate use of these company resources, in the interest of protecting confidential information.
Robust physical and electronic security measures must be implemented and regularly tested, audited, and updated as part of the larger effort to protect the company’s information assets. The company should have:
  • Systems and processes in place to monitor and detect unauthorized disclosures of confidential information.
  • Contingency plans and procedures to address any leaks that are detected.
Such procedures should include notification of other parties whose information may have been disclosed in violation of applicable confidentiality agreements and mandatory notification of individuals whose personal information is compromised.

Compliance with Contractual Obligations Governing Others’ Confidential Information

In addition to safeguarding their own confidential information, companies are responsible for protecting information that is disclosed to them by customers, suppliers, and others, as a matter of compliance with relevant confidentiality agreements or analogous provisions within larger commercial agreements.
The principal obligations (covenants) typically imposed on recipients of confidential information include:
  • Nondisclosure obligations, including restrictions against further disclosure of the information to third parties (for example, to subcontractors).
  • Restrictions on access to and use of the information within the recipient’s business and among its employees.
  • Physical and electronic security requirements, which may be more stringent than the recipient’s policies and procedures applicable to its own confidential information.
  • Obligations to return or destroy original materials containing confidential information, and any printed or electronic copies made by the recipient, on expiration or termination of the applicable confidentiality agreement or provisions.

Trade Secrets

Certain confidential business, financial, and technical information may be subject to protection as trade secrets under state law, in addition to and independent of any contractual protections afforded by confidentiality agreements or provisions. For example, any of the following types of information may be considered trade secrets if certain criteria are met:
  • Client lists.
  • Marketing plans.
  • Pricing and discount structures.
  • Business methods.
  • Production processes.
  • Recipes and chemical formulas.
  • Software algorithms and source code.
Additionally, every state offers some trade secret protection, with most having adopted the Uniform Trade Secrets Act (UTSA) in whole or part. The UTSA states three general conditions for protection of information as trade secrets:
  • The information is not generally known or ascertainable outside of the owner’s organization and control.
  • The owner derives economic value or business advantage by having exclusive use of the information.
  • The owner makes reasonable efforts to preserve its secrecy.

Privacy and Data Security Laws and Regulations

Certain kinds of personal information commonly held by businesses, such as employee records and customers’ financial accounts, may be subject to special protection requirements under various federal and state privacy and data security laws and regulations. These legal requirements are related to contractual nondisclosure obligations but they apply whether or not the personal information would otherwise be treated as confidential.

Relevant Transactions and Relationships

A range of commercial transactions and relationships involve either the disclosure of confidential information by one party to the other or a reciprocal exchange of information. Although many confidentiality agreements have similar structures and share key provisions, there is great variation in the form, structure, and substantive details that should be tailored to the specific circumstances of each agreement. For example, confidentiality agreements may be used when:
  • Evaluating or engaging a business or marketing consultant or agency, where the hiring company will necessarily disclose confidential information to enable the consultant to perform the assignment.
  • Soliciting proposals from vendors, software developers, or other service providers, which usually involves the exchange of pricing, strategies, personnel records, business methods, technical specifications, and other confidential information of both parties.
  • Entering into a co-marketing relationship, as an e-commerce business, with the operator of a complementary website or a similar type of strategic alliance.

Why is it Necessary to Have Written Confidentiality Agreements?

Your business clients may not appreciate the importance of entering into written confidentiality agreements, preferring to rely on informal understandings and arrangements with parties to or from which confidential information is disclosed or received. However, there are numerous reasons to enter into written confidentiality agreements, such as:
  • Avoiding confusion over what the parties consider to be confidential.
  • Allowing more flexibility in defining what is confidential.
  • Delineating expectations regarding treatment of confidential information between the parties, whether disclosing, receiving, or both disclosing and receiving confidential information.
  • Enforcing written contracts is typically easier than oral agreements.
  • Memorializing confidentiality agreements is often required under “upstream” agreements with third parties (for example, a service provider’s customer agreement may require written confidentiality agreements with subcontractors).
  • Maximizing protection of trade secrets, because under state law this protection can be weakened or lost (deemed waived) if disclosed without a written agreement.
  • Covering issues that are indirectly related to confidentiality, such as non-solicitation.
  • Maintaining standards that are expected of most commercial transactions and relationships.

Key Provisions and Issues

Confidentiality agreements, in their various forms, typically include the following key provisions:
  • The persons or entities that are parties to the agreement.
  • The business purpose of the agreement.
  • The definition of confidential information.
  • What is excluded from the definition of confidential information.
  • All nondisclosure obligations.
  • Any use and access restrictions.
  • Any safekeeping and security requirements.
  • The agreement’s term and the survival of nondisclosure obligations.
  • Any provisions relating to the return or destruction of confidential information.

Parties to the Agreement

The parties to the agreement are the business entities or individuals that will exchange confidential information and be subject to the security requirements, use restrictions, nondisclosure obligations, and the agreement’s other operative provisions. Although only the parties themselves are bound by the agreement, consider whether:
  • The parties’ affiliates (including any parent and subsidiary entities) will be the source of any of the confidential information to be shared under the agreement and whether any of them should be added as parties.
  • Each party that is to be a recipient of confidential information may share it with its affiliates.
A recipient party (and, if applicable, that party’s affiliates) will also often be permitted to share confidential information with its business, financial, and legal advisors and other representatives. Representatives typically include the recipient’s:
  • Officers, directors, employees, and other agents (such as shareholders or partners).
  • Legal counsel.
  • Accountants.
  • Financial and tax advisors.
In some cases, the recipient party may prefer to have certain of its representatives enter into separate confidentiality agreements with the other party, rather than be held responsible for the representatives’ compliance with the principal agreement.

Business Purpose

Many confidentiality agreements limit the disclosure or exchange of confidential information to a specified business purpose, such as “to evaluate a potential marketing arrangement between the parties.” A defined business purpose is especially useful as a basis for access and use restrictions in the agreement. For example, confidentiality agreements can restrict the disclosure of confidential information to the recipient, its affiliates, and representatives solely for use in connection with the stated purpose.

Definition of Confidential Information

Defining what information and data is confidential is central to any confidentiality agreement. Disclosing parties should:
  • Ensure that confidential information is defined broadly enough to cover all of the information they (or their affiliates) may disclose, as well as any that may have been previously disclosed.
  • Consider specifying the types of information that are defined as confidential information, to avoid the agreement being later deemed unenforceable because of an overly broad definition.
The types of information that are commonly defined as confidential include:
  • Business and marketing plans, strategies, and programs.
  • Financial budgets, projections, and results.
  • Employee and contractor lists and records.
  • Business methods and operating and production procedures.
  • Technical, engineering, and scientific research, development, methodology, devices, and processes.
  • Formulas and chemical compositions.
  • Blueprints, designs, and drawings.
  • Trade secrets and unpublished patent applications.
  • Software development tools and documentation.
  • Pricing, sales data, prospects and customer lists, and information.
  • Supplier and vendor lists and information.
  • Terms of commercial contracts.
In addition to business information that is actually disclosed or exchanged by the parties, confidential information may also include:
  • Any information that a recipient derives from the discloser’s confidential information. For example, a recipient may use confidential data in its financial projections.
  • The fact that the parties are discussing and potentially entering into a particular relationship. It can be very damaging if a company’s customers, competitors, or other interested parties find out about a deal before a formal announcement is made.
  • The existence and terms of the confidentiality agreement itself.
Confidential information should include information entrusted to a party by its affiliates and by third parties, such as customers, which may itself be subject to “upstream” confidentiality agreements with the third parties.
The definition of confidential information should state the possible forms in which it may be disclosed (written, electronic, and oral) and whether the disclosed material must be marked “confidential” or otherwise designated as such. Where especially sensitive or valuable confidential information is to be disclosed, numbered, printed copies may be distributed to specified individuals, so that all copies can be collected at the conclusion of the transaction.

Exclusions from the Definition

Recipients should ensure there are appropriate exclusions from the definition (which can be broader or narrower, depending on the party). Typical exclusions include information that:
  • Is or becomes public other than through a breach of the agreement by the recipient.
  • Was already in the recipient’s possession or was available to the recipient on a non-confidential basis before disclosure.
  • Is received from a third party that is not bound by separate confidentiality obligations to the other party.
  • Is independently developed by the recipient without using the confidential information.

Nondisclosure Obligations

In general, recipients of confidential information are subject to an affirmative duty to keep the information confidential, and not to disclose it to third parties except as expressly permitted by the agreement. The recipient’s duty is often tied to a specified standard of care. For example, the agreement may require the recipient to maintain the confidentiality of the information using the same degree of care used to protect its own confidential information, but not less than a “reasonable” degree of care.
Recipients should ensure there are appropriate exceptions to the general nondisclosure obligations, including for disclosures:
  • To its representatives. Most confidentiality agreements permit disclosure to specified representatives for the purpose of evaluating the information and participating in negotiations of the principal agreement.
  • Required by law. Confidentiality agreements usually allow the recipient to disclose confidential information if required to do so by court order or other legal process. The recipient usually has to notify the disclosing party of any such order (if legally permitted to do so) and cooperate with the disclosing party to obtain a protective order.
Disclosing parties commonly try to ensure that recipients are required to have “downstream” confidentiality agreements in place with any third parties, including affiliates, representatives, contractors, and subcontractors, to which subsequent disclosure of confidential information is permitted. In these cases, either the recipient or the discloser may prefer to have these third parties enter into separate confidentiality agreements directly with the discloser.

Use and Access Restrictions

Apart from a recipient’s nondisclosure obligations, confidentiality agreements typically limit access to and use of the information even within the recipient’s organization. For example, access and use may be restricted to the recipient’s employees who have a “need to know” the information solely for the defined business purpose.

Safekeeping and Security Requirements

Recipients may be required to adopt specific physical and network security methods and procedures to safeguard the discloser’s confidential information. Some agreements require that confidential information be segregated in a “data room,” with a log of all internal access and third-party disclosures. Recipients may also be obligated to notify the disclosing party of any security breaches or unauthorized disclosures.

Term of Agreement and Survival of Nondisclosure Obligations

Confidentiality agreements can run indefinitely, covering the parties’ disclosures of confidential information at any time, or can terminate on a certain date or event, such as the:
  • Conclusion of the defined business purpose.
  • Signing of a principal agreement.
Whether or not the overall agreement has a definite term, the parties’ non-disclosure obligations can be stated to survive for a set period, running for some number of years from the date on which information is actually disclosed. Survival periods of one to five years are typical.
Disclosing parties typically prefer an indefinite period while recipients generally favor a fixed term. The term often depends on the type of information involved and how quickly the information changes. Some information becomes obsolete fairly quickly, such as marketing strategies or pricing arrangements. Other information may need to remain confidential long into the future, such as:
  • Customer lists.
  • Certain technical information.
  • Business methods.

Return or Destruction of Confidential Information

Disclosing parties should ensure they have rights to the return of their confidential information on termination of the confidentiality agreement or at any time on their request.
Recipients often want the option to destroy the confidential information instead of returning it to the disclosing party. In the course of evaluating the other party’s confidential information, conducting due diligence, or negotiating a principal agreement, a recipient may combine its own confidential information with that of the discloser. In that situation, the recipient usually wants to destroy the information because returning it would mean disclosing its own confidential information. Disclosing parties usually allow this destruction option but often require the recipient to certify in writing that the information was in fact destroyed. Disclosing parties should be especially aware of this risk because there is no way for a disclosing party to be sure that a recipient has destroyed the information.
It is often not practical for a recipient to certify that all confidential information has been destroyed, due to the widespread use of automated network back-up programs and e-mail archive systems. For this reason, a recipient may try to include language that allows archival copies to be retained. This issue is usually fact specific and should be negotiated between the parties.
Recipients also try to include language that allows them to keep copies of confidential information for evidentiary purposes or if required to do so by law or professional standards. Disclosing parties agree to this but sometimes require that the recipients’ outside attorneys keep the copies to protect against abuses.

General Provisions

Confidentiality agreements may also include any of the following general provisions:
  • Intellectual property rights. Confidentiality agreements typically provide that the disclosing party retains any and all of its intellectual property rights in the confidential information that it discloses, and disclaim any grant of a license to the recipient.
  • Warranty disclaimers. It is common for the disclosing party to disclaim all warranties on the accuracy and completeness of its confidential information.
  • No further obligations. Each party may want to expressly state that it has no obligation to enter into any transaction beyond the confidentiality agreement itself.
  • Non-solicitation. In some situations, confidentiality agreements prohibit one or both parties from soliciting or offering employment to the other party’s employees. Some non-solicitation provisions also prohibit establishing relationships with customers and suppliers of the other party. Such provisions must be narrowly drafted to avoid potential restraints on trade, and may be unenforceable if drafted more broadly than reasonably necessary to protect a party’s interests.
  • Announcements and publicity. As an exception to parties’ nondisclosure obligations, there may be a provision permitting either or both parties to announce or publicize the fact or terms of their relationship, usually subject to prior approval by the other party.
  • Equitable relief. To mitigate the potential consequences of unauthorized disclosures, confidentiality agreements often include an acknowledgement that a disclosing party should be entitled to injunctive relief to stop further disclosure of the confidential information, in addition to monetary damages and other remedies.
  • Indemnification. In addition to the right to seek equitable relief, disclosing parties sometimes try to include an indemnification provision holding the recipient responsible for all costs relating to the enforcement of the agreement. Recipients typically resist this language. A typical compromise is to have the losing side in any dispute pay the winner’s fees and expenses, including legal fees.
  • Governing law, jurisdiction, and venue. State laws may vary on the validity and enforceability of certain provisions in confidentiality agreements, such as the allowable duration of nondisclosure obligations and the scope of non-solicitation provisions. Each party should consult with counsel qualified in the applicable state before entering into a confidentiality agreement governed by the laws of that state.

Have Questions? We Have Answers!

  • This field is for validation purposes and should be left unchanged.