Confidentiality clauses are commonly inserted in any contract. They are quasi-miscellaneous provisions. Still, a draftsperson should establish whether a confidentiality clause is indeed desirable. In contracts for the sale of bulk products a confidentiality provision may well be an overkill. Also, in product development arrangements (sometimes as part of a sales contract), the developer may prefer to remain free to operate making use of the information about the products or product applications of its customer. A confidentiality clause in a patent licence may well obstruct the registration of such licence in the national patent registers (which makes the licence potentially invalid in the event that the patent is sold and transferred to another party or if the patent owner goes bankrupt).
Define the scope of information. The scope of a confidentiality clause requires some care. On the one hand, it is essential to capture the right information. Some parties prefer to have a rather rigorous way of working and require that information is only Confidential Information if it is marked as such (and furthermore, in case of oral information, the confidential information must be put in writing and communicated within 30 days of the oral presentations being made in order to be covered by the confidentiality provision). I believe that a court should be suspicious of whether such a strict approach was indeed intended by the parties. Many companies are less formal. For them, Confidential Information means:
any information of a non‑public, confidential or proprietary nature; whether of a commercial, financial or technical nature; customer, supplier, product or production-related; or otherwise all information exchanged between the parties shall be deemed to be ‘confidential’.
Marking obligations. Of course, the definition can be extended by appropriate examples of confidential information, which would probably include samples, information relating to raw materials, formulae, recipes, specifications, software source code, patent applications, process designs, process models, catalysts and processed materials. The ‘relaxed’ approach is often complemented by an undertaking to mark information as confidential:
Each Party shall use its best efforts to mark the Confidential Information which is disclosed in writing as being confidential. Failure to do so, however, shall leave the other Party’s obligations set forth in this Agreement unaffected.
Scope of use (the “purpose”). On the other hand the scope of use of such confidential information needs to be restricted properly. The two main provisions of a confidentiality agreement or clause address the disclosing party’s right to select or deny a disclosure to the receiving party, and the receiving party’s obligation to use disclosed information for a limited purpose only and furthermore to keep it confidential.
No obligation to disclose. Each Party [in unilateral NDA’s: the Disclosing Party] may furnish Confidential Information to the other [respectively: Receiving] Party as it deems necessary or helpful for the Purpose.Restrictions on use. A Receiving Party shall not use Confidential Information of the Disclosing Party for purposes other than in direct relation with the Purpose. The Receiving Party shall treat the Disclosing Party’s Confidential Information with at least the same degree of care as it would use in respect of its own confidential information of like importance, but in any event a reasonable level of care.
If a higher level of care would be more appropriate, it may be necessary to provide specific guidelines for protecting know how. A disclosing party should anyhow be entitled to rely on the higher level of care professed by the receiving party. Please note the non-capitalisation of confidential information in the penultimate line.
Expanded scope to affiliated companies and employees. Because the confidentiality obligations are normally assumed by two or a limited number of formal entities, it is important to expand the scope of confidentiality to persons related to those entities. Furthermore, the receiving party should limit such expansion only to the extent necessary (albeit that in practice ‘everybody’ will be aware that the parties are exchanging confidential information). An example:
Related parties. The Receiving Party shall disclose Confidential Information to its group companies (including subsidiaries and affiliates), directors, officers, employees or other representatives only on a need-to-know basis. Prior to the disclosure of the Disclosing Party’s Confidential Information to such persons, the Receiving Party shall inform each such person of the confidential nature of the Confidential Information and shall expressly require that the person agrees to treat the Confidential Information as is provided in this Agreement. Notwithstanding due observance of these requirements, the Receiving Party shall be liable for any breach of the provisions of this Agreement by such person.
Please note that subsidiaries and affiliates are not covered, unless they qualify as a group company (i.e. which would normally be entities that are fully consolidated in the financial accounts and hence under full control of the receiving party). Employees would, in most jurisdictions, be subject to statutory duties of confidentiality; but even when they are subject to such obligations by virtue of their employment conditions, it would be odd not to expressly refer to such obligations. Directors and officers are mentioned separately from employees since in most jurisdictions they do not qualify as an employee of the company they serve. It is appropriate to stipulate that employees will receive confidential information on a need-to-know basis only, which makes it easier for the disclosing party to question unnecessary internal disclosures (and require a higher level of care). Finally, because all those individuals are not themselves contracting parties and probably not even capable of bearing the consequences of a breach, it is important to attribute such breach to the receiving party (even if the receiving party has implemented proper measures to prevent disclosure).
Exceptions to confidentiality. A properly drafted confidentiality clause also addresses the exceptions, even though they may well be presupposed or raised as a defence against a claim for breach:2.3 Exceptions. The restrictions and obligations in this [Agreement][Article] shall not apply to the Disclosing Party’s Confidential Information, which:
(a) is or becomes generally available to the public other than as a result of a disclosure by the Receiving Party (or its representatives);
(b) was received by the Receiving Party from a third party and not indirectly from the Disclosing Party in violation of any obligation of secrecy or non-use; or
(c) was in the possession of the Receiving Party prior to disclosure or was developed independently from such Confidential Information, as is shown by competent evidence.
2.4 Court orders. In case Confidential Information is required to be disclosed by the Receiving Party by virtue of a court order or statutory duty, the Receiving Party shall be allowed to do so, provided that it shall, without delay, inform the Disclosing Party in writing of receipt of such order or coming into existence of such duty and enable the Disclosing Party reasonably to seek protection against such order or duty.
2.5 Specific Confidential Information shall not be deemed to be within the exceptions merely because it is embraced by more general information in the public domain or by more general information in the possession of the Receiving Party. In addition, any combination of information shall not be deemed to be within the foregoing exceptions merely because all individual parts of such information are in the public domain or in the possession of the Receiving Party.
The exceptions under sections 2.3 and 2.4 are common and presumably self-explanatory. Under section 2.3, the information itself is exempted from the scope of the agreement, whereas under section 2.4 an additional obligation to disclose with a corresponding right to act is necessary.
Section 2.5 mitigates the scope of the exemption under 2.3(a). In several contexts, section 2.5 will be unnecessary. It protects inventions, analyses, ideas and know-how, which combine in a somewhat unorthodox manner two or more public (non-confidential) things, facts or events. The information to be covered by the confidentiality obligation is then limited to the mere combining of those things, facts or events.
IP rights. If disclosures are made in connection with research or development projects or otherwise and intended to be protected under intellectual property rights, it is important to regulate the input or suggestions for improvement. Intellectual property laws protect the creator or inventor for his or her ideas, if, whilst presenting inventions to an adviser or interested customer, that customer gives feedback on the ideas, the latter may claim co-ownership or co-inventor rights.
If the receiving party (i.e. the adviser or potential customer) refuses to waive ownership rights on any feedback and the disclosing party nevertheless desires to make the disclosure, it may be important to agree on a protocol allocating time and opportunity to make a disclosure in full or give feedback, respectively. A similar example can be found in most software licences or online Q&As, where modifications and suggestions for improvement or additional functionalities are gratefully appropriated by the licensor.