Introduction
This checklist provides guidance to in-house counsel and private practitioners to assist in reviewing confidentiality agreements—also known as non-disclosure agreements (NDAs)—where their organization is the party receiving the confidential information.
The checklist addresses the following:
- Purpose of the agreement
- Review the agreement
- Important points to consider during the review
- Evaluation of the risk of breach of the agreement and related potential liability for a breach
The law applicable to confidentiality agreements is, with a few limited exceptions, state law and is typically the common law of each state. The checklist reflects the most common rules in the United States. However, there are unique requirements in some states, which are usually tailored to specific circumstances, so the practitioner should review any applicable state law when reviewing an agreement.
The checklist is presented as a list of issues to be considered when reviewing a confidentiality agreement. Explanatory notes corresponding to each requirement in the checklist appear at the end of the document.
This checklist can be read in conjunction with How-to guide: How to draft a confidentiality agreement and confidentiality clauses.
Step 1 – Identify the purpose of the agreement
| No. | Consideration |
| 1.1 | What are the reasons for the proposed agreement? |
| 1.2 | What is the relationship between the parties? |
| 1.3 | What are the interests to be protected by the agreement? |
| 1.4 | Is the agreement enforceable? |
Step 2 – Review the agreement
| No. | Consideration |
| 2.1 | How is confidential information defined? |
| 2.2 | Who owns the confidential information? |
| 2.3 | When does the confidentiality agreement become binding? |
| 2.4 | What is the duration of the agreement? |
| 2.5 | What are the permissible uses of confidential information? |
| 2.6 | Who is bound by the agreement? |
| 2.7 | What measures must be taken to protect the confidential information? |
| 2.8 | Are there assignment rights? |
Step 3 – Review additional provisions
| No. | Consideration |
| 3.1 | Is there a choice of law/choice of forum clause? |
| 3.2 | Is there an integration clause? |
| 3.3 | Will waiver of one breach constitute a waiver of all breaches? |
| 3.4 | Is there a right to audit performance? |
| 3.5 | Is the agreement a non-compete agreement? |
| 3.6 | What are the likely consequences of a breach? |
Explanatory notes
Legal framework and uses of a confidentiality agreement
It is important to appreciate the variety of contexts in which confidentiality obligations may arise. For example, organizations may incorporate confidentiality provisions into their general goods and services agreements. They may utilize standalone agreements containing confidential material as preludes to the exchange of information relating to the sale of a business and the conduct of due diligence. Additionally, various entities may include confidentiality clauses in employment agreements for executives.
Generally speaking, ‘courts … recognize the legitimate interest an employer has in safeguarding that which has made his business successful and to protect himself against deliberate surreptitious commercial piracy. Thus, restrictive covenants will be enforceable to the extent necessary to prevent the disclosure or use of trade secrets or confidential customer information.’ However, some jurisdictions will decline to enforce confidentiality provisions that are deemed overbroad. Williams v Northern Technical Services, 568 N.W.2d 784 (Wis. App. 1997) (refusing to enforce a confidentiality provision due to lack of duration and lack of evidence substantiating the business need for the restriction).
Relationship to trade secrets law
Most US jurisdictions have adopted a variation of the Uniform Trade Secrets Act. This statute codifies confidentiality protection for specified types of information that derives value from confidentiality and that the organization makes reasonable efforts to keep confidential. The federal Defend Trade Secrets Act of 2016 supplements the state laws, and allows the owner of a trade secret to bring an action in federal court when trade secrets have been misappropriated.
These statutes create a separate and distinct method of protecting proprietary information. However, the existence of trade secrets legislation does not remove the need for confidentiality agreements and clauses. To the contrary, the use of such agreements can help demonstrate to a court that the organization is making ‘reasonable efforts to maintain the confidential nature of the data.’ Bdt Products v Lexmark International, 274 F Supp 2d 880 (E.D. Ky. 2003) ‘(A failure to require a third party to enter a confidentiality agreement to protect alleged trade secrets is one clear way to waive any trade secret protection that might exist. Entering into an agreement but placing few or no restrictions on the uses a third party can make of a trade secret, is another sure path to waiver’).
Distinction between confidentiality and non-compete agreements
In the employment context, it is essential to distinguish between a non-compete agreement and a confidentiality clause. The former prevents a former employee from engaging in competing business within a specified industry or area, and/or during a specified timeframe. The latter prevents an individual from utilizing proprietary information obtained in the course of employment. While both restrain trade, confidentiality clauses have been viewed as less offensive to public policy and, therefore, generally more enforceable. In addition, recent legislation aimed at restricting or prohibiting non-compete clauses often states explicitly that confidentiality agreements are not prohibited. See, eg, Minn Stat 181.988 (prohibiting covenants not to compete and stating that ‘[a] covenant not to compete does not include a nondisclosure agreement, or agreement designed to protect trade secrets or confidential information.’)
An executive or other employee may be asked to sign a confidentiality agreement before gaining access to proprietary information. Given the power differential between employer and employee, it can be difficult for the employee to negotiate changes to such provisions. However, careful scrutiny of terms is important, as overbroad provisions may be found unenforceable.
An organization may require an employee to sign a confidentiality agreement and a non-compete agreement. The validity and enforceability of each individual contract are considered separately.
When reviewing a confidentiality agreement, especially in the employment context, take care to ensure that the confidentiality clause is not so broad as to constitute a de facto non-compete agreement preventing the employee from working in the identified industry. As such an agreement will often be found unenforceable, it is best to ensure that the agreement is solely for confidentiality, and not a limitation on future employment. AMN Healthcare v Aya Healthcare Services, 28 Cal App 5th 923, 940 (2018).
Step 1 – Identify the purpose of the agreement
1.1 What are the reasons for the proposed agreement?
When reviewing a confidentiality clause, ensure that the information to be protected, the reason for protecting the information, and the permitted ground(s) for disclosure are clearly identified. For example, the confidentiality clause may relate to commercially sensitive information, such as business plans, financial or technical information, marketing plans or intellectual property, including inventions or copyright works, or plans for a new brand or product.
An example of the potential wording of the clause is as follows:
In the course of your preparation of a proposal for an advertising campaign, you will receive confidential information regarding new and unreleased products, customer surveys regarding the potential market(s) for these products, and pricing strategies. The premature or unauthorized release of any of this information will weaken our competitive position in the marketplace. You may not release any confidential information you obtain from us, except to your employees, unless we give you prior written consent. You may not release the confidential information to anyone, including employees, without first requiring that they agree to keep that information confidential as provided herein.
1.1.1 Business relationship
As stated in the general notes above, entities may seek to enter into a confidentiality agreement before exchanging any type of business information or providing confidential information for transactional due diligence. As the parties are acting at arm’s length in this context, it is essential that they scrutinize and negotiate the provisions of the contract relating to confidential information.
1.1.2 Scope of the agreement
It is vital to contemplate the scope of the agreement to ensure the provision is enforceable. The more closely you can keep the scope of the agreement tied to a specific business need, the more likely it is that a reviewing court will enforce the confidentiality provision.
For example, a confidentiality provision which is focused and prevents a specific individual from disclosing information for a defined period is more likely to be enforceable than one that broadly implicates the rights of those outside the contract. United States ex rel Grandeau v Cancer Treatment Centers of America, 350 F Supp 2d 765, 773 (N.D.Ill.2004) (refusing to enforce a confidentiality agreement in a whistleblower case where confidentiality would run contrary to the public interest).
1.2 What is the relationship between the parties?
1.2.1 Vendor-customer
Customers will rarely receive confidential information from a vendor or be required to agree to confidentiality.
Vendor-customer confidentiality provisions can generate scrutiny from reviewing courts, which will examine whether the provisions are contrary to state laws and public policy relating to consumer protection. The unenforceable confidentiality clause in Zuver v Airtouch Communications, 103 P.3d 753 (Wash. 2004) related to an arbitration clause in the contract and requires that the parties keep information obtained confidential during an arbitration.
1.2.2 Business to business
It is common for businesses to exchange confidential information utilizing a clause or agreement that protects proprietary materials. Scrutinize such provisions so you understand them and can ensure compliance. It is especially important to be aware of the parties to whom the information may be disclosed and whether these parties include or are limited to certain named employees or contractors. For example: A research firm has developed an algorithm to help political organizations identify likely supporters based on the results of opinion polls. The algorithm is kept secret so that competitors cannot use it. A political party has conducted extensive polling of the electorate on several issues, and wants to use the research firm’s algorithm to analyze the resulting data. The research firm should request an agreement from the party prohibiting the release of any information regarding the performance or workings of its algorithm; and the political party should request an agreement to ensure the research firm does not leak its polling data.
1.2.3 Employer-employee
Employers can utilize employee handbooks, employment agreements or both to protect proprietary information. Though there is little bargaining power in this context, the employee should review and understand such provisions. It is possible for these provisions to be overly broad and, therefore, held to be unenforceable. See Cintas Corp v NLRB, 482 F 3d 463, 375 US App DC 371, 181 LRRM 2615 (D.C. Cir. 2007) (A more narrowly tailored rule that does not interfere with protected employee activity would be sufficient to accomplish the company's presumed interest in protecting confidential information.)
The employee should also watch out for a post-employment confidentiality clause that is so broad as to amount to a non-compete agreement that limits their ability to work in their profession or industry.
For example:
In the course of your employment, you are likely to come into the possession of confidential information, including but not limited to customer lists, marketing strategies, and corporate financial information. You are not to disclose this information to anyone, either in writing or verbally, without the prior written consent of the Employer. This obligation to keep information confidential will continue in full force after you leave the Employer.
Another example, effective August 1, 2024, is a new Louisiana law that invalidates employer-mandated non-disclosure agreements (NDAs) that are signed prior to a workplace dispute involving a hostile work environment or sexual harassment. This legislation, enacted as House Bill 161, aligns Louisiana with federal and state efforts responding to the #MeToo movement, which highlighted the use of NDAs to shield serial harassers. The law amends Louisiana Revised Statute section 9:2717.3, ‘Nondisclosure agreement; hostile work environment; sexual harassment,’ by making such pre-dispute NDAs unenforceable. It defines a ‘hostile work environment’ broadly, encompassing any situation where harassment significantly hinders an employee's ability to perform their job. ‘Sexual harassment’ is defined as unwelcome sexual advances, requests for sexual favors, and other sexually inappropriate conduct that negatively impacts employment or creates an offensive work environment. Notably, the law's definition of ‘hostile work environment’ is not explicitly limited to harassment based on sex, suggesting a potentially wider application. While this law focuses on NDAs, other jurisdictions have enacted broader protections, including prohibitions on non-disparagement clauses and extending coverage to discrimination, harassment, and retaliation based on various protected characteristics like race, national origin, age, and religion.
1.2.4 Contractor-subcontractor
If the confidential information is to be shared with a subcontractor, it is important to ensure that the subcontractor is made aware of, and can adhere to, the terms and conditions of the agreement. A confidentiality agreement may require pre-approval of subcontractors with whom information will be shared.
1.3 What are the interests to be protected by the agreement?
1.3.1 Intellectual property
Intellectual property—especially trade secrets and business processes—is commonly protected by confidential information clauses. This information, which a person may learn in the course of performing their contractual obligations, is protected in virtually any type of agreement.
It is important to ensure that your agreement explicitly protects the confidentiality of the information, even if it is being disclosed to a professional service provider—whether that service provider is an individual or firm. Not every communication is privileged solely because it is with a ‘professional.’ For instance, only a few states recognize a privilege for communications with an accountant. While professional ethics may restrict an accountant’s ability to release confidential information, the confidentiality of the information should be part of an explicit agreement. Information shared with other professionals, such as engineers, should also be protected by confidentiality agreements. See Intl Techs Consultants, Inc v Stewart, Case No 07-13391, 2010 BL 221275, 2010 WL 3789831 (E.D. Mich. Sept. 22, 2010).
1.3.2 Trade secrets
It is prudent to include trade secrets in your confidentiality clause. Under most definitions of the term, a ‘trade secret’ is information that ‘derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by a person able to obtain economic value from its disclosure or use,’ and is ‘the subject of efforts that are reasonable under the circumstances to maintain its secrecy’ Iowa Code 550.2(4).
1.3.3 Business processes
Business processes fall under the broad definition of ‘trade secrets’ if the process derives value from not being generally known and is the subject of reasonable efforts to maintain secrecy. For instance, a restaurant chain may keep its recipes for popular menu items secret and refuse to disclose them to the public. Employees who use these recipes in the course of their employment are usually bound by confidentiality agreements not to disclose them during their employment or after they no longer work for the chain.
1.3.4 Customer lists
Similarly, customer lists fall under the broad definition of ‘trade secrets,’ provided that the list derives value from not being generally known and is the subject of reasonable efforts to maintain secrecy.
As customer lists are the lifeblood of businesses, they are carefully guarded and will be disclosed to outside parties only under confidentiality clauses.
1.3.5 Marketing strategies
Marketing strategies are a type of business process which falls under the broad definition of ‘trade secrets,’ provided that the strategy derives value from not being generally known and is the subject of reasonable efforts to maintain secrecy. Information about the general workings of a business can also be protected under confidentiality clauses.
1.4 Is the agreement enforceable?
Each state has its own laws relating to specific types of confidentiality clauses and agreements. Therefore, practitioners are encouraged to review the laws of the state(s) implicated by the transaction to ensure enforceability.
1.4.1 Practical enforcement considerations
In determining whether to enforce a confidentiality provision, a reviewing court will seek to ascertain the validity of the business need, the impact of the confidentiality restrictions on the contracting party and the public, and the public interest. Contracts involving consumers are more likely to be scrutinized closely, while arm’s-length agreements between businesses are more likely to be enforceable. If an agreement has a well-prescribed definition of the confidential information, specific limits on where and how such information can be used, and a reasonable scope and limit on the prohibition, it is more likely to be upheld by a reviewing court.
Step 2 – Review the agreement
2.1 How is confidential information defined?
2.1.1 Information protected
The starting point of any confidential information agreement or clause is the ‘definitions’ section. This section should describe in detail the identity and nature of the information to be protected. The drafting method can essentially be defined as either an ‘opt-in’ or an ‘opt-out’ method, as follows.
Opt-in – information listed is protected
With an opt-in method, the organization will specifically articulate the precise types of information that will be maintained as confidential under the agreement. Anything that is omitted from an ‘opt-in’ definition is not protected. When reviewing an ‘opt-in’ definition, be clear on exactly what information is protected. Clearly defining the protected information will avoid misunderstandings later. If there is information that you might expect to be included, but that is not listed, clarify that it is in fact excluded from the definition of protected information.
Opt-out
The opt-out approach, in contrast, provides an inclusive definition of confidential and proprietary information, omitting only the types of information expressly excluded by the agreement.
2.1.2 Exclusions
Regardless of the approach taken, most confidentiality clauses or agreements contain common exclusions. These include:
- information already located in the public domain. When details can be found in the public domain, it is more difficult to argue that public policy supports maintaining the confidentiality of that information;
- information that is independently developed or identified without misappropriation or wrongful action by the party in question;
- information already known by the parties—sometimes referred to as ‘residual information';
- required disclosures by law or court order;
- disclosure with prior written consent;
- disclosure to professional advisors;
- information related to illegal activity; and
- general skills, knowledge, and experience gained during the course of a relationship.
2.1.3 ‘Residual’ information recalled from memory
Some residual information recalled from memory, may be beyond the reach of a confidentiality clause. An ‘employee is entitled to use the fund of general knowledge he or she has accumulated in the course of employment,’ even when the employee has signed a confidentiality clause. Interbake Foods, LLC v Tomasiello, 461 F Supp 2d 943, 975 (N.D. Iowa 2006).
2.2 Who owns the confidential information?
It is important for an organization to clearly articulate who owns the confidential information and any works derived therefrom. For example, an agreement could provide that ‘It is understood that any information disclosed during the operation of this agreement, with the exception of information already in the public domain, will remain the property of the XYZ Corporation.’
2.2.1 Transfer of ownership
Confidentiality provisions do not transfer ownership over the materials provided pursuant to the agreement. The ability to use information under strictly prescribed circumstances does not mean that the recipient ‘owns’ the information; instead, a standard ‘Ownership of Confidential Information’ clause will state that the confidential information remains the exclusive property of the disclosing party.
However, while less common, some entities may choose to include a transfer of ownership provision in their confidentiality agreement. These provisions typically state that information that you own and share with their organization will remain the sole property of that organization upon executing the agreement. Agreeing to such a transfer of ownership clause may significantly affect your ability to independently use or profit from that information in the future, so it is important to carefully review these provisions to ensure your present and future rights are protected.
2.2.2 Limited license to use
The confidentiality clause or agreement generally provides that any transfer of information among the parties constitutes only a limited license to utilize pursuant to the strict terms of the agreement. This limited license does not transfer any ownership rights, including but not limited to rights to derivative works. It is important to understand the full scope of this license and to negotiate the provisions accordingly. For example, if a crisis manager is hired to oversee an organization’s response to publicity of bad behavior by employees, they may be given a license to use internal memoranda and records of the incidents solely for the purpose of making their recommendations. The license states that the consultant has no rights to any of the information received, including the right to make derivative works based on the information. If the crisis manager wanted to fictionalize the bad behavior described in the organization’s record and sell it as a script for a TV comedy, the confidentiality agreement would prevent them from doing so.
2.3 When does the confidential agreement become binding?
2.3.1 Specific date
An agreement that begins on a specific date provides certainty to the parties with respect to the overall applicability and duration of the confidentiality requirements. It is important to determine if aspects of the confidential information have been exchanged between interested parties before the confidentiality agreement is put in place. Absent a specific provision covering those pre-contract exchanges, confidential information exchanged before the explicit ‘start date’ may not be protected.
2.3.2 When information is accessed
Some confidentiality clauses apply when confidential information is accessed. This avoids the problem of having an inadvertent exchange of confidential information before the understanding covering the exchange is executed. However, having an uncertain ‘start date’ can make it difficult for a reviewing party to understand whether certain information is to be kept confidential. For that reason, it can be beneficial to have all parties who will have access to the information sign a confidentiality agreement as early as possible in the parties’ dealings together. Generally, it is helpful to contemplate who already has, or may later gain, access to the confidential information, and to consider including ‘Limited Access’ provisions in the agreement.
2.3.3 Clicking on a link/opening a package
This type of provision seeks to avoid the problems set out in 2.3.1 and 2.3.2. The opening of a package or link can generally be arranged to occur at a known date and time. This provides certainty as to duration while maintaining the integrity of the confidential nature of the information as it is exchanged.
2.4 What is the duration of the agreement?
2.4.1 Indefinite
It is important to include provisions that state when the agreement ends. While some provisions for an indefinite term have been upheld, it is worth noting that such clauses are closely scrutinized and may be challenged in court. Cox v Altus Healthcare and Hospice, 706 S E 2d 660 (Ga. App. 2011) (finding a perpetual confidentiality agreement unenforceable on its face).
2.4.2 Until the happening of a certain event
Release of information to the public
Certain agreements seek to control the timing of the release of confidential information to the public. These agreements may require that certain elements of the confidential information be kept secret until the scheduled date of public release, such as a confidentiality agreement which keeps a design company’s new logo for a product confidential until the product is launched. Once the product has been revealed to the public at large, there is no reason to keep the new logo confidential.
Consummation of a transaction
The maintenance of the confidentiality of the information may end upon the occurrence of an event. For example, in an acquisition, one company may be expected to maintain the confidential information of the other while the deal is being finalized. However, after finalization, the two corporations will become one and the proprietary information will now be held within the same corporate structure, removing the need for the confidentiality agreement.
Release by the protected party
The provisions of a confidentiality agreement serve to protect the interests of the disclosing party. If the disclosing party releases the receiving party from its obligations, then the materials in question can be disseminated without breaching the contract. Typically, the termination clause in a confidentiality agreement will specify the means by which the disclosing party may release the receiving party from their nondisclosure obligations (for instance, by written communication).
2.4.3 Date certain
The provision of a date certain provides clarity to all parties as to exactly when the confidentiality obligations expire. The receiving party should review its own business needs to ascertain whether this date is reasonable.
2.4.4 Expiration of an agreement
An agreement which ends upon a certain date is void after that date. Unless otherwise agreed by the parties, the obligations of each party end on the specified date. In the context of a confidential information provision, this makes it especially important to determine whether the clause in question extends the confidential information obligations beyond the natural expiration of the agreement. Where confidentiality is paramount, it may be helpful to execute a confidentiality agreement that clearly articulates the continued obligation, separate and apart from any other agreement(s) between the parties.
2.4.5 Purpose accomplished
The duration of an agreement can at times be tied to its purpose. For example, an agreement for the construction of a building necessarily ends when the building is complete and operational. Likewise, a services agreement for moving ends when the move is complete. In those circumstances, the satisfaction of the aim of the agreement may itself be sufficient grounds for ending the contract. In this case, the agreement itself may not be ‘terminated;’ rather, the duties under the agreement have been discharged.
2.4.6 Agreement of the parties
The agreement can be terminated upon the mutual agreement of the parties. However, in some instances, the parties’ agreement may be set to terminate on a certain date while the confidentiality requirements of the receiving party extend beyond that date. If the contract termination date and the term of non-disclosure are different, this may result in an additional burden on the receiving party, as they will be bound to maintain confidentiality for a period beyond the life of the contract.
2.4.7 Post-termination obligations
Continued non-disclosure
Confidentiality agreements often provide for a duty of non-disclosure that continues beyond termination of the agreement. A reviewing party should consider the language of such a duty and limit its duration to what is absolutely necessary to protect the reasonable business needs of the disclosing organization.
Prohibition against derivative use
Agreements generally clarify the disposition necessary for any derivative materials made with or utilizing any part of the confidential information. Accordingly, a reviewing party that agrees to such a provision must put in place a mechanism to track all materials created with the confidential information, so that those items can be returned or disposed of when the contract requires such actions.
Return or destruction of materials
As the confidential information will already be in the possession of the receiving party, the agreement will generally specify whether the materials should be returned or destroyed. The latter is often easier for the receiving party to accomplish.
2.5 What are the permissible uses of confidential information?
It is a good idea for the confidential information clause or agreement to define the permissible uses of the proprietary information, both to facilitate the purpose of the underlying agreement and to distinguish these from inappropriate uses of the information. Permissible uses of confidential information may include the following:
- Evaluation of a transaction: A confidentiality provision or agreement may permit details to be utilized to evaluate a transaction or conduct due diligence.
- Employment requirements: Certain types of confidential information may be necessary to perform the functions of certain jobs. Companies may decide to disclose such information on an as-needed basis, to maintain a level of control over the access and dissemination of the confidential information
2.5.1 Derivative uses
Derivative use can be made of confidential information—for example, when the proprietary material is reduced to notes, charts, or summaries. The underlying confidentiality clause or agreement may specify whether derivative use can be made and, if so, how the confidential information contained in the derivative materials must be protected. For example, it may be desirable to have the agreement specify that all derivative materials be turned over or destroyed.
2.5.2 Disclosure pursuant to order
Confidentiality clauses and agreements often contain explicit exceptions allowing for disclosures in limited circumstances. While these may be considered ‘permissible uses,’ it is more accurate to describe them as a tolerated or mandated exception to the confidentiality requirements.
Court order
Any party that receives a subpoena from a court of competent jurisdiction to turn over responsive materials may have to disclose confidential information. While a confidentiality agreement or clause cannot frustrate a party’s ability to disclose pursuant to legal process, you can ensure that your agreement requires the party, where permitted by law, to give prompt notice of receipt of the subpoena. In this way, you can intervene in the court process to seek to block disclosure of the confidential information.
Investigation by government authority
Any party that receives a valid investigative request from a government entity with authority over the party may be obliged to turn over confidential information. When negotiating a confidentiality provision for the disclosing party, it is good practice to broaden the language to require the other party, where permitted by law, to release information under not only those requests mandated by subpoenas, but also more informal investigative requests. As the receiving party, anticipate such requests and be prepared to identify any information that should be disclosed pursuant to the investigative request from a government entity.
Whistleblower protection
It is usual to include an exception for a disclosure protected under state or federal whistleblower provisions in a confidentiality agreement. Without such an exclusion, an agreement may be viewed as contrary to public policy. United States ex rel. Grandeau v Cancer Treatment Centers of America, 350 F Supp 2d 765, 773 (N.D. Ill.2004).
Note that the federal Defend Trade Secrets Act provides that a whistleblower who discloses trade secrets to a government official or attorney ‘solely for the purpose of reporting or investigating a suspected violation of law’ is immune from civil or criminal liability for disclosing that secret.
2.5.4 Excluded or prohibited uses
By implication, confidentiality agreements that authorize only explicit uses of proprietary information prohibit all other uses. However, certain types of agreements may explicitly stipulate prohibited uses as well.
2.6 Who is bound by the agreement?
2.6.1 Parties to the agreement
The agreement must define the person(s) covered by the agreement. The parties can apply confidential information provisions and agreements to each other.
2.6.2 Third-party disclosure—employees, professionals, affiliates and subcontractors
Depending on the nature of the arrangement, the parties may have a business need to transfer confidential information to other parties. As a result, confidential information agreements and clauses are often extended to employees, affiliates or subcontractors of the parties. This allows employees and contractors to have the information necessary to perform their roles while still ensuring the confidentiality of the proprietary information. In addition, employees, affiliates and subcontractors may be asked to sign verifications of their receipt and understanding of the confidentiality clause or agreement.
Similarly, professionals employed by a party—such as accountants or attorneys—may also have a business need to obtain and use confidential information. Thus, the clause should ideally be drafted to extend to those professionals as well.
An organization reviewing confidentiality agreements must carefully consider any extensions of the confidentiality obligations. If the organization cannot enforce the restrictions on third parties, it must either modify its practices or negotiate the scope of the provision.
2.7 What measures must be taken to protect the confidential information?
Compliance with a confidentiality agreement will usually require the party that receives information to take some affirmative steps to protect its confidentiality. While it is sometimes possible to comply with a confidentiality agreement by remaining passive and not doing anything to release the information, it is more often the case that something must be done to ensure its confidentiality.
2.7.1 Affirmative measures
Limit disclosure to named or defined parties
One method of maintaining the confidentiality of materials is to strictly define the parties who can receive the information. Often, a narrow list can be insufficient for the business needs of the receiving party. Therefore, a party reviewing such an agreement must take particular care when reviewing the scope of such provisions.
Other security measures
Parties seeking to maintain confidentiality may impose explicit security measures surrounding the data—for example, requiring it to be locked up at all times. A party reviewing the agreement must consider such restrictions in light of the business needs of the recipient. Data that must be ‘locked up’ at all times is effectively unusable, so a restriction of this type will likely require revision. Often, confidential information will come in the form of electronic files. Where possible, these files should be password protected with the dissemination of the password strictly monitored, and a requirement that the password is changed periodically.
2.7.2 Data security standards
Contracting parties can be required to protect confidential information using passwords and other data security techniques. However, a reviewing party must consider any such requirements in light of its own data security operations and capabilities.
2.7.3 Agreement from third parties
Additionally, the agreement may require third parties to acknowledge compliance with the confidential information requirements. Since this adds an administrative burden on the receiving party, such provisions should be considered for edit.
2.8 Are there assignment rights?
2.8.1 To third parties or affiliates
A confidentiality clause or agreement generally restricts the recipient’s ability to transfer the confidential information to third parties or affiliates. Therefore, a reviewing party that relies on the input of third parties or affiliates must seek modifications to such a provision.
2.8.2 Consent prior to assignment
Absent express advance permission from the disclosing party, the agreement often prohibits the further transfer of information. A reviewing party may want to consider adding language on the timing of a response to such a request for transmission or assignment. Alternatively, a reviewing party may want to suggest that consent to assignment ‘may not be unreasonably withheld.’
Step 3 – Review additional provisions
3.1 Is there a choice of law/choice of forum clause?
3.1.1 Impact on the scope or validity of the agreement
Other standard contract provisions may have an impact on confidentiality clauses and agreements. For example, the parties can decide on the appropriate legal forum for a dispute to avoid litigation.
Where a transaction may implicate the laws of a variety of jurisdictions, the parties should select the desired applicable law in the terms of the agreement. In this way, even if litigation occurs elsewhere, the reviewing court will be required to apply the law selected by the parties.
Generally, courts have held that ‘a forum-selection clause be ‘given controlling weight in all but the most exceptional cases.’ See Atl Marine Constr Co v US Dist Court for W Dist of Tex, 571 US 49, 134 S Ct 568, 187 L Ed 2d 487, 82 USLW 4021 (2013).
3.1.2 Difficulty in defending an action for breach
Choice of law and venue provisions are often selected for the convenience of the drafting party, so they should be closely scrutinized by the reviewing party. If enforced, such provisions could make it very difficult, inconvenient, and/or expensive for the receiving party to defend a claim of breach of the confidentiality agreement.
3.2 Is there an integration clause?
3.2.1 Entire agreement
An integration or entire agreement clause is often found in an agreement that addresses confidential information. Assent to a contract can be demonstrated in various ways, including through words, actions and a variety of documents. Using an integration clause provides assurance to the parties that the written, signed agreement is the complete understanding between the parties. This is particularly important to help avoid any ambiguity or confusion over the scope of the confidentiality obligations or the materials covered by the agreement.
3.2.2 Agreement that includes information disclosed before an NDA is executed
As stated above, there may be circumstances where the parties exchange proprietary information before the confidentiality agreement is finalized. As a result, some confidentiality agreements will incorporate provisions including such exchanges into the scope of the covered transactions. A reviewing party should scrutinize such language to ensure that it does not create an undue burden or an overly broad definition of confidential information.
3.3 Will waiver of one breach constitute a waiver of all breaches?
3.3.1 Waiver of one breach affecting claims for other breaches
If a party knowingly refrains from taking action in a circumstance that would have warranted termination or enforcement action, the breaching party may subsequently be able to claim that the right to terminate due to the breach has been waived. Waiver is a defense to a breach of contract claim, which must be proved by the party relying upon the defense. Safety Signs, LLC v Niles-Wiese Constr Co, 840 N W 2d 34, 42 (Minn. 2013).
3.3.2 Non-waiver allows party to choose what breaches are pursued
Including a provision that prevents waiver of breach allows a party to decide which circumstances are serious enough to warrant litigation. To an extent, this can benefit all parties, as it may help limit the circumstances where a dispute must necessarily proceed to litigation.
3.4 Is there a right to audit performance?
3.4.1 Right of party releasing information to audit use of information
A confidentiality provision or agreement may be enforced in a variety of ways. One common enforcement mechanism is for the disclosing party to seek a right to audit the receiving party’s books and records to ensure the appropriate use of the confidential information. If such a provision is proposed, be certain that the scope of any permitted audit is as limited and as unobtrusive as possible.
3.4.2 What may be inspected during an audit?
A reviewing party will likely want to scrutinize and limit the scope of any audit clause. Reducing the audit capability to records relating to the specific transaction and increasing the amount of notice required in advance of an audit can help minimize the detrimental effects of an audit process on ongoing business.
3.5 Is the agreement a non-compete agreement?
3.5.1 Separate or complementary agreement
It is important to distinguish between non-compete agreements and confidentiality clauses. The former prevent a former employee from engaging in competing business within a specified industry, area, and/or timeframe. The latter prevent individuals from utilizing proprietary information obtained in the course of employment. While both restrain trade, confidentiality clauses are viewed as less offensive to public policy and are therefore, generally, more enforceable.
3.5.2 Validity reviewed apart from the validity of confidentiality agreement
In an employment context, an organization may require an employee to sign both a confidentiality agreement and a non-compete agreement. The validity and enforceability of each contract are considered separately. Therefore, it is important to be cautious to ensure that an employment-based confidentiality clause is not drafted so broadly as to create a de facto non-compete requirement preventing the party receiving confidential information from working in the identified industry. AMN Healthcare v Aya Healthcare Services, 28 Cal App 5th 923, 940 (2018).
3.6. What are the likely consequences of a breach?
3.6.1 Injunction
Following litigation, a plaintiff can file an action seeking injunctive relief and damages. A party seeking injunctive relief must establish irreparable harm. Where appropriate, injunctive relief can be granted to prohibit the additional dissemination of confidential information. Central Valley General Hospital v Smith, 162 Cal App 4th 501, 75 Cal Rptr 3d 771 (Cal. App. 2008).
3.6.2 Liquidated damages
In addition to, or in lieu of, injunctive relief, the agreement may provide for a specific amount of liquidated damages to be paid in the event of a breach. Such provisions are enforceable only to the extent they are not deemed to be so displaced from the actual harm imposed that they are found to be a penalty. Coleman v BR Chamberlain & Sons, 766 So 2d 427, 430 (Fla. App. 2000). This generally occurs when it would be difficult for a party to calculate the extent of actual damages. However, where a party can show actual damages from a breach, it could alternatively pursue those damages.
3.6.3 Attorneys’ fees
Many agreements will provide for the collection of attorneys’ fees in the event of specified occurrences, or in the case of litigation relating in any way to the contract. The disclosing party often tries to craft those provisions as one-way clauses. A reviewing party will generally want to try to make the provisions mutual, giving the remedy to any prevailing party.
Additional resources
Related Lexology Pro content
How-to guides:
How to draft and negotiate limitation of liability clauses
How to effectively incorporate standard terms and conditions in a commercial agreement or transaction
How to manage the risk of contracting with a company in financial difficulty
Maximizing the use of boilerplate clauses to limit the risk of unforeseen events
How to draft a confidentiality agreement and confidentiality clauses
Checklists:
International supply of goods contracts
What to consider when terminating a contract
What to consider to ensure a contract is valid
Reliance on information posted:
While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.