Confidentiality Agreements

Confidentiality agreements are among the most common type of agreement I write as a lawyer. The parties inevitably want one regardless of the type of deal.  From a Fortune 500 company’s cloud computing, software as a service, licensing, telecom, or outsourcing deals to a startup’s website development deal, they all think that they need confidentiality agreement in place for even preliminary discussion. After doing this stuff for nearly thirty years, here are some tips from the deal negotiation trenches.

Let’s start with the common misconception that there is a “standard” confidentiality agreement sitting on my hard drive waiting to be printed. (When I started practicing law, people thought that the “standard” form was in my drawer and I filled in the blanks with a typewriter. Times and technology have certainly changed, but the myth of the “standard” form has not.)

In fact, to the contrary, the confidentiality agreement may be the first “little deal” you negotiate on your way to the Promised Land of whatever it is you’re negotiating in the big picture.

However, before we discuss the how-to on these agreements, let me say that I think confidentiality agreements are widely overused. Clients ask me to prepare one before they have even an initial discussion with the other side.

My recommendation is usually that preliminary discussions proceed without any agreement in place. After all, why would you want to share secrets with people until you have reason to believe that there’s a real possibility that both sides are serious about the deal. Until then, the verbal understanding should be that the parties won’t share confidential information.

If and when the deal gets serious, that’s the time to impose a confidentiality obligation on the parties. Remember that most confidentiality agreements have reciprocal obligations. Therefore, in trying to tie their hands with your information, you may unintentionally find yourself restrained from pursuing a direction you want to go because you may be accused of breaching the confidentiality agreement that you wanted to protect you.  That which you thought was your shield could turn out to be the other side’s sword.

Degree of Care

If you’re going to be the one mostly receiving confidential information, you want to have the lowest standard of care possible with the other side’s information. So here, you want language like, “You will use commercially reasonable efforts to protect the information.”

A good fallback position is that you will use “the same degree of care” to protect the other side’s information as you use to protect your own information of similar sensitivity. Of course, the beauty of this language is that it is so mushy that it’s hard to ascertain what it means. It’s not exactly an objective standard.

If you’re the one concerned about your own information in the other side’s hands, you want to use stronger language. You’ll want things like a requirement that the other side not disclose the information except to people with a “need-to-know.” You might even limit disclosure to certain named people within the company and certainly no consultants or other third parties.

Have Ready-to-Go Documents

I advise my clients to let me prepare two documents for them. One is for when they have sensitive information and they want as much protection as I can get them. The other is for when confidentiality is more of an issue for the other side.

The reason to have the agreements ready to go is that when a deal is at the stage that it’s now appropriate to sign a confidentiality agreement, you want to quickly volunteer your agreement before they volunteer theirs.

There is usually an advantage to being the one who provides the document. I’ve often said, “He who drafts sets the agenda,” which is to say that no matter how much you and I negotiate their form, you’ll never do as well as when their negotiating my form. It’s just the way it is in the world of sophisticated business negotiations.

Limiting the Subject Matter

If you’re not as concerned with your information as the other side is with theirs, you’ll want to be as specific as possible about what exactly the confidential information is. You’ll want to avoid catchall language and their ability to designate previously disclosed information as confidential after the fact.

Of course, you should flip the advice if you’re providing them important company secrets. You’ll still want the specifics, but be sure to get yourself some broader language.

How Long?

There are two issues under the heading of “How long.” One is that you may want to limit the period of disclosure so that you can have an intense period with lots of information exchange, but that’s it. Anything disclosed outside this defined period, let’s say the next 30 days, isn’t covered by the agreement. Of course, if you’re mostly providing the secrets, you’ll want as long a period as you can get.

The second issue is how long the confidentiality obligation should last. If the information will be public anyway in six months, you don’t need a three-year agreement. You get the idea.

Whatever confidentiality deal you strike, just be aware there is no standard agreement or terms. You’re free to strike the deal that best balances your risks with the benefits of the confidentiality agreement. Just don’t sign whatever it is they put in front of you because it’s their “standard form.”