The Often-Signed, Rarely Read ‘Confidentiality Agreement’

A confidentiality agreement is seldom a strategically important agreement. But you can make a strategically important mistake in signing one. The risk of this is exacerbated if you are among the droves of managers who sign confidentiality agreements (sometimes called non-disclosure agreements, or NDAs) without really reading them.

Here’s the key risk:  some confidentiality agreements, especially those offered up by potential business partners, will contain restrictions on your engaging in a competitive business (a ‘non-compete’) or on your soliciting or hiring employees, customers, suppliers, etc. (a ‘non-raid’). If you do nothing else before signing a confidentiality agreement, check to see if it contains one of these extraordinary restrictions.

Such restrictions are rarely appropriate at the early stage of discussions when the confidentiality agreement is signed. One exception may be where a seller is nervous about introducing a potential buyer to the seller’s key employees unless a non-raid is put in place. In that case or other unusual cases, it is important to carefully tailor the language to the specific circumstances so as not to be overly broad and restrictive. And, the document should be renamed — in my opinion, it is never appropriate to include a ‘non-compete’ or ‘non-raid’ in a document that only has ‘confidentiality’ in the title.

What else should you look for in a confidentiality agreement? While I’ll answer that question, first let me say that these agreements are both (1) usually impractical to enforce and (2) often used for information that isn’t truly confidential. The net result is that, in most cases, I think of these documents as good faith expressions of intent rather than legally enforceable agreements. (If you’re holding the Coca-Cola formula or some other highly valuable trade secret, this doesn’t apply to you.) Nevertheless, as a lawyer I have to focus on the details too (the devil often being in them):

  • Check the survival period. Many confidentiality agreements say they expire after some number of years (e.g., 1, 2 or 3 years). Frankly, if you’re the recipient of information, that works to your advantage. However, I believe that most confidentiality agreements should not have an express time limit, because there is already the natural time limit of ‘as long as the information is confidential’. If you believe your business plan is confidential, I’m sure you wouldn’t be happy to see it published in the Wall Street Journal a year or even two years later. But that is exactly what an expiration date would permit. Note that there should never be an expiration date if you are disclosing true trade secrets.
  • Consider whether you have to explicitly mark information as confidential (and explicitly summarize in writing any confidential information disclosed orally) in order for it to be treated as confidential. I usually try to avoid that requirement (especially when representing the discloser of information), instead relying on the broader, though admittedly tautological and vague, designation of all confidential information as confidential. Legally, information that is explicitly marked will be more protectable, but I am more concerned about (1) the practical reality that people will forget to mark all relevant information as confidential and (2) the implication that unmarked information is somehow ‘fair game’.
  • Make sure the usual carve-outs to the definition of confidential information appear. Essentially, these say that information in the public domain, information you already possessed, information you receive later from someone else, and information you create on your own, are not considered confidential information under the agreement.
  • Make sure you are expressly permitted to disclose information if required by law (e.g., government or court order). While many agreements contain this exception, they often add that you first have to notify the other party. Try to modify that language by adding ‘if permitted by law’, since you may be prohibited from telling the other party they are under investigation.
  • Consider your future obligation to give back the confidential information. I try to avoid an automatic obligation to return the information at some later date (e.g., if a deal doesn’t take place), and instead give the other party the right to request it back. The main reason is that, in practice, information is rarely actually returned, and I prefer that my agreements not say things that I know will not occur. Also, you should ask for the right to destroy the information rather than give it back, particularly with respect to your own work product (e.g., notes, memos, etc.) that contain confidential information (as opposed to the original information that the other party delivered to you). Furthermore, you may want to carve out exceptions for archival copies (e.g., electronic backups that are difficult to purge) or copies held in your lawyer’s or accountant’s office.

One final, practical suggestion:  if you are going to sign the other party’s form of confidentiality agreement, it is better to sign their ‘mutual’ form rather than their ‘one-directional’ form — even if you will not be disclosing any significant confidential information to them. Besides the fact that you may end up disclosing some confidential information to them, it is also likely that their mutual form will be more balanced and reasonable in its specifics.

9 thoughts on “The Often-Signed, Rarely Read ‘Confidentiality Agreement’”

  1. I joined a small sales company two years ago and signed a reciprocal NDA and Non Circumvent agreement. At the send of the agreement, it says it shall remain in effect for a period of 2 years from the effective date at the top. I am looking to leave this company because for more than one reasons, and wanted to know if I was legally able to now that my 2 years is up/fast approaching. I wanted to work for a competing company that I actually had a hand in introducing to my company. Am I ok here?

  2. My current employer is being sold to a new set of investors. The new owners have requested the “confidentiality, inventions and works” agreements be signed by all employees. The definition used for what is to be considered “Confidential Information” appears very broad, and does not include any execeptions. By “broad”, I mean it would apear that even a publically available product manual would be considered confidential.

    It also adresses inventions, and uses language stating if anything relates to “actual or contemplated research or development of Employer.” I am concerned about the “contemplated” word. How would I know if someone, in some management meeting ever “contemplated” R&D in a area we are not currently in? Is there a level of demonstration of “contemplation” that would be required, such as meeting notes, business evaluation or plans, etc?

    Is there a “right” / good way of going about requesting a change to the company’s document?

  3. What exactly is a client list? Is it a written list of customers? If I wanted to approach a customer based off of prior work I had done, would that be considered using the other company’s “client list”? I have no knowlege that such a list even exists.

    1. A client list is a written or electronic list of clients, typically with more information such as contact info, business info, sales info, multiple contact points, etc. The rule I’m flagging is that, for publicly available information, the information itself is not proprietary, while the specific aggregation of that information can be. You should generally be okay using the knowledge in your head, so long as your competition is not based on your use of confidential information. Without knowing much more, it’s hard to draw a clear line in the sand, but often the smoking gun is the fact that individual retained print or electronic files about the customers, pricing or business of the former employer.

  4. Steve submitted the following comment:

    I read your blog about Confidentiality Agreements.

    I signed one about a year ago with a former employer. There were no time limits involved. I have since then, left the company and started a competing business. By approaching certain clients that I have personally dealt with while employed there, would I be breaking the agreement?

    1. If a confidentiality agreement does not contain a non-raid provision, then approaching a customer should not, by itself, give rise to a violation. The mere identity of a client generally is not viewed as confidential, except in special circumstances (note, however, that client lists and other client information generally is viewed as confidential). Of course, if you use your former employer’s confidential information such as sales history, pricing, etc., that could well lead to a problem. The first line of protection for yourself is to make sure that you don’t possess that information (other than what’s in your head, which of course can’t be ‘erased’ except by the passage of time). All company files, including company emails and electronic documents, should have been returned or destroyed/deleted upon termination of your employment. If that didn’t happen, it should happen ASAP (possibly with notification to the company, but that requires a specific facts analysis).

      Fine print: this reply is general information only and not based on an attorney-client relationship or specific facts. You should retain an attorney to review the specific facts if concerned.

  5. Question: I am a consultant for a land developer. I have other consultants sharing development projects with me for joint venture opportunities. They have projects to send to me by email. Then I share them with the investor group that wants to joint venture. These project consultants send to me a non disclosure non circumvent to sign. I sign it and return. It is a basic out of the book NDA. I then submit this info to the investor group with the consultants permission. The investor group however has no NDA with this consultant. Question is am I liable if the investment group shares this confidential information with others? Other question is how strong is an NDA? Is it really enforceable?

    1. First, I would always want to review the specific NDA to answer a question like this. And, you refer to the agreement as a “non disclosure non circumvent”, which is two different things. A simple NDA says that you can’t disclose or use the other party’s confidential information. A non-circumvention agreement probably says you can’t DO that project, which is much stronger than an NDA (of course, if the project itself is highly confidential, that might mean the same thing in practice). On your investor group question, your liability for their actions should be governed by the precise terms of your NDA with the project consultant, but absent different provisions you could be held responsible for the acts of people to whom you disclose confidential information. The proper protection would come from having a corresponding NDA from the investor, or a specific provision in the NDA with the project consultant, or both.

Leave a Reply