Confidentiality Agreements: One Size Does Not Fit All | Practical Law

Confidentiality Agreements: One Size Does Not Fit All | Practical Law

Confidentiality agreements, also known as nondisclosure agreements (NDAs) or confidential information disclosure agreements (CIDAs), are one of the most common types of contracts, with many shared standard provisions. As with all standard language, there can be a tendency to gloss over these provisions, exposing the disclosing party to undue risk.

Confidentiality Agreements: One Size Does Not Fit All

Practical Law Legal Update 4-566-8985 (Approx. 6 pages)

Confidentiality Agreements: One Size Does Not Fit All

by Practical Law Commercial
Published on 13 May 2014USA (National/Federal)
Confidentiality agreements, also known as nondisclosure agreements (NDAs) or confidential information disclosure agreements (CIDAs), are one of the most common types of contracts, with many shared standard provisions. As with all standard language, there can be a tendency to gloss over these provisions, exposing the disclosing party to undue risk.
Confidentiality agreements, also commonly referred to as non-disclosure agreements (NDAs) or confidential information disclosure agreements (CIDAs), are fundamental in facilitating all types of business transactions. They represent one of the most common types of contracts, and are often the first step in a potential business transaction.
Because they are so commonplace, many companies strive to automate the process of entering into a confidentiality agreement to achieve greater efficiencies. For example, many companies:
  • Extend signing authority to a greater number of employees than for other types of contracts.
  • Require legal review only if changes are made to the company's standard form.
Even when involved in drafting and negotiating an NDA, attorneys, whether at a firm or in-house, are under pressure from their clients to complete the process quickly so that the business discussions can proceed. They often focus on any controversial aspects of the agreement, neglecting to consider the standard language and its implications and exposing their clients to undue risk.
This update provides a brief review of the standard definition of confidential information (see Definition of Confidential Information) and standard exclusions from this definition (see Exclusions from the Definition of Confidential Information). Then, to illustrate the risk of a one-size-fits-all approach to confidentiality agreements, it examines the exclusion from the definition of confidential information of any information developed independently by the recipient. This update is not intended as a comprehensive analysis of the risks and limitations of confidentiality agreements. Rather, it serves to highlight one of the many practical challenges of protecting confidential information and is a companion piece to our comprehensive suite of confidentiality resources found in our Confidentiality and Nondisclosure Agreements Toolkit.
While confidentiality agreements vary in form depending on the particular business, industry or transaction, many share key standard provisions (see Practice Note, Confidentiality and Nondisclosure Agreements: Key Provisions and Issues). Two such key provisions that appear in almost all confidentiality agreements are:
  • The definition of confidential information.
  • Exclusions from the definition of confidential information.

Definition of Confidential Information

The definition of confidential information is a key part of any confidentiality agreement. Typically, the disclosing party should:
  • Define confidential information broadly enough to cover all of the information they may disclose in the future or have disclosed prior to signing the agreement.
  • Consider specifying the types of information that are defined as confidential information, to avoid the agreement being later deemed unenforceable because of an overly broad definition.
The types of information that are commonly defined as confidential include:
  • Business and marketing plans, strategies and programs.
  • Financial budgets, projections and results.
  • Employee and contractor lists and records.
  • Business methods and operating and production procedures.
  • Technical, engineering and scientific research, development, methodology, devices and processes.
  • Formulas and chemical compositions.
  • Blueprints, designs and drawings.
  • Trade secrets and unpublished patent applications.
  • Software development tools and documentation.
  • Pricing, sales data, prospects and customer lists and information.
  • Supplier and vendor lists and information.
  • Terms of commercial contracts.
For sample definitions of confidential information, see: Standard Documents, Confidentiality Agreement: General (Unilateral, Pro-Discloser): Section 1 and Confidentiality Agreement: General (Unilateral, Pro-Recipient): Section 1.

Exclusions from the Definition of Confidential Information

Exclusions from the definition of confidential information are as common as the definition itself. The recipient of confidential information should ensure there are appropriate exclusions from the definition (which can be broader or narrower, depending on the party). Typical exclusions include information that:
  • Is or becomes public other than through a breach of the agreement by the recipient.
  • Was already in the recipient's possession or was available to the recipient on a non-confidential basis before disclosure.
  • Is received from a third party that is not bound by separate confidentiality obligations to the other party.
  • Is independently developed by the recipient without using the confidential information (see The Independently Developed Information Exclusion).
For sample language regarding exclusions to the definition of confidential information, see Standard Documents, Confidentiality Agreement: General (Mutual): Section 2 and Confidentiality Agreement: General (Short Form, Unilateral, Pro-Discloser): Section 2.
These exclusions are not typically controversial and generally accepted by both parties as standard language. The receiving party is usually successful in including them in the agreement as logical and reasonable exceptions to what is typically considered confidential information. Still, the disclosing party should be wary of automatically including these exceptions without thinking through whether they are appropriate for the needs of the particular transaction.

The Independently Developed Information Exclusion

The basis for the independently developed information exclusion is that the recipient of confidential information should not be precluded from using any information it develops on its own. In theory, this is a fair and reasonable limitation. In practice, however, it can prove quite difficult to administer.
The disclosing party should be wary of automatically agreeing to this exclusion without considering:
  • The practical limitations of independent development. Once a crucial bit of information is learned, it is extremely difficult if not impossible to "unlearn." Even if the receiving party does not rely on or use the particular confidential information, simply learning the contents of the proverbial black box can be sufficient to gain critical insights that allow independent development.
  • The recipient's ability to independently develop the information. For example, disclosure of technical information to a potential investor or a lender carries less risk than disclosure to a third party with the technical ability develop the information, like an independent engineer hired to validate the technology or a technical consultant engaged to collaborate on an a new application of the technology.
  • The recipient's incentive to independently develop the information. For example, neither the investor nor the bank is in the business of developing technical information and therefore has little incentive to develop the information on its own. The independent engineer or technical consultant, on the other hand, potentially has the ability and the incentive to do so.
  • The type of confidential information and its importance to the business. The more important the information to the business, the less willing the disclosing party should be to agree to the independently developed information exclusion. For example, for a start-up technology company founded to monetize a technical invention, maintaining the confidentiality of the information is critical to the survival of the business.

Negotiating Tips for the Disclosing Party

Negotiating against the inclusion of standard language is difficult. By its nature, the exclusion is standard, meaning that it is generally not controversial and accepted by both sides without any negotiation. While it may be hard-pressed to make legal or logical arguments for the exclusion of standard language, the disclosing party can:
  • Admit that the exclusion is standard and state up-front that it is not making a legal or logical argument.
  • Characterize its argument as a business decision, reflecting a risk-benefit analysis on its part.
  • Reassure the receiving party that the reason for insisting on omitting the standard language is not a reflection of the receiving party's perceived intentions or reputation, but rather and attempt to address the inherent difficulties with developing the information independently.
  • If appropriate, state that it is not comfortable doing business with a party who is seeking to develop the information independently. Often, the receiving party has no intention of doing so, but is only insisting on the language because it is standard. In this case, the disclosing party can argue that if the recipient does not intend to independently develop the confidential information, then it should not have a problem with omitting the exclusion.