Confidentiality clauses are commonly inserted in any kind of contract. They are quasi-miscellaneous provisions.

Still, a contract drafter should establish whether a confidentiality clause is indeed desirable. In contracts for the sale of bulk products, a confidentiality provision may well be excessive. In product development arrangements (sometimes as part of a sales contract), the developer may prefer to remain free to operate making use of information about the products or product applications of its customer. A confidentiality clause in a patent licence may obstruct registration of the licence in national patent registers (making the licence potentially invalid if the patent is sold and transferred to another party or if the patent owner goes bankrupt).

Define the scope of information. The scope of a confidentiality clause requires some care. It is essential to capture the right information. Some parties prefer to be rigorous and require that information is only considered Confidential Information if it is marked as such (and furthermore, in case of oral information, the confidential information must be put in writing and communicated within 30 days of the oral presentation to be covered by the confidentiality provision). A court should be suspicious of whether such a strict approach was indeed intended by the parties. Many companies are less formal; for them:

Confidential Information means any information of a non-public, confidential or proprietary nature; whether of a commercial, financial or technical nature; customer, supplier, product or production-related; and otherwise all information exchanged between the parties in the context of [the Purpose][this Agreement][the Project] shall be deemed to be ‘confidential’.

Of course, the definition can be extended by adding appropriate examples of confidential information, which may include samples, information relating to raw materials, formulae, recipes, specifications, software source code, patent applications, process designs, process models, catalysts and processed materials. Such additions should be product, sector or industry specific.

Note that the definition of Confidential Information is generic. It does not state that the information is owned by one party. This means that the body text should clarify which party may or must do what, and what rights apply upon disclosure.

Marking obligations. The ‘relaxed’ approach to defining confidential information is often complemented by an undertaking to mark information as confidential, for example:

Each Party shall use its best efforts to mark the Confidential Information which is disclosed in writing as being confidential. Failure to do so, however, shall leave the other Party’s obligations set forth in this Agreement unaffected.

The second sentence in this example is sometimes replaced by the more burdensome statement that orally disclosed information is only deemed to be confidential if it has been identified as such or summarised in a written document (with typically the requirement that it be sent to the Receiving Party within 30 days after the disclosure).

Scope of use (the “Purpose”). The scope of use of confidential information needs to be properly restricted. The two main provisions of a confidentiality agreement or clause address the disclosing party’s right to select or deny a disclosure to the receiving party, and the receiving party’s obligation to use disclosed information for a limited purpose only and furthermore to keep it confidential, as follows:

No obligation to disclose. Each Party may furnish Confidential Information to the other Party as it deems necessary or helpful for the Purpose. [to be used in mutual NDA’s]

No obligation to disclose. Each Party may furnish Confidential Information to the other Party as it deems necessary or helpful for [the completion of the Project] [the performance of the Services] [that Party’s performance]. [to be used in contracts]

Restrictions on use. A Receiving Party shall not use Confidential Information of the Disclosing Party for purposes other than in direct relation with the Purpose. The Receiving Party shall treat the Disclosing Party’s Confidential Information with at least the same degree of care as it would use in respect of its own confidential information of like importance, but in any event a reasonable level of care.

If a higher level of care would be more appropriate, it may be necessary to provide specific guidelines for protecting know-how. A disclosing party should in any case be entitled to rely on a higher level of care professed by the receiving party.  Please note the non-capitalisation of confidential information in the penultimate line, above.

Expanded scope to affiliated companies and employees. Because confidentiality obligations are normally assumed by two or a limited number of formal entities, it is important to expand the scope of confidentiality to people related to those entities. Furthermore, the receiving party should limit such expressed expansion only to the extent necessary (albeit that in practice ‘everybody’ will be aware that the parties are exchanging confidential information).

Related Parties. The Receiving Party shall disclose Confidential Information to its group companies (including subsidiaries and affiliates), directors, officers, employees or other representatives only on a need-to-know basis. Prior to the disclosure of the Disclosing Party’s Confidential Information to such persons, the Receiving Party shall inform each such person of the confidential nature of the Confidential Information and shall expressly require that the person agrees to treat the Confidential Information as is provided in this Agreement. Notwithstanding due observance of these requirements, the Receiving Party shall be liable for any breach of the provisions of this Agreement by such person.

Note that subsidiaries and affiliates are not covered, unless they qualify as a group company (normally meaning entities that are fully consolidated in the financial accounts and hence under full control of the receiving party). Employees are, in most jurisdictions, subject to statutory duties of confidentiality, but even when they are subject to such obligations by virtue of their employment conditions; it would be unusual not to expressly refer to their obligations.

Directors and officers are mentioned separately from employees because in most jurisdictions they are not an ‘employee’ of the company they serve. It is appropriate to stipulate that employees will receive confidential information on a need-to-know basis only, which makes it easier for the disclosing party to question unnecessary internal disclosures (and require a higher level of care).

Finally, because all these individuals are not themselves contracting parties and probably not even capable of bearing the consequences of a breach, it is important to attribute any such breach to the receiving party (even if the receiving party has implemented proper measures to prevent disclosure).

Exceptions to confidentiality. A properly drafted confidentiality clause also addresses the exceptions, even though they may be presupposed or raised as a defence against a claim for breach.

Special exception: intellectual property rights. If disclosures are made in connection with research or development projects or service agreements, and intended to be protected under intellectual property rights, it is important to regulate the input or suggestions for improvement. Intellectual property laws protect the creator or inventor for his or her own ideas, if, whilst presenting inventions to an adviser or interested customer, that customer gives feedback on the ideas, the latter may claim co-ownership or co-inventor rights. Such effect, co-ownership or co-inventorship merely resulting from feedback is often undesirable (but it is the legal consequence of a failing contractual arrangement to the contrary).

If the receiving party (i.e. the adviser or potential customer) refuses to waive ownership rights on any feedback given, and the disclosing party nevertheless desires to make the disclosure, it may be important to agree on a protocol allocating time and opportunity to make a disclosure in full or to give feedback, respectively. Examples can be found in most software licences or online Q&A’s, where modifications and suggestions for improvement or additional functionalities are gratefully appropriated by the licensor.