Confidentiality for business information is rarely implied at law, so if a business is going to share sensitive information with someone, it needs to protect that by a non-disclosure agreement (NDA). NDAs (also called confidentiality agreements) can be either standalone or as part of a larger agreement.
NDAs are routine and are often considered standard agreements – but here are 8 things to think about.
- Should it be mutual to protect both parties’ information, or does it need to only protect one party?
- Does it need to protect just the discloser’s information, or is third party information involved?
- Does the confidential information include personal information as defined under privacy laws? If so, it may need some additional or different wording to comply with privacy obligations.
- NDAs have 2 basic elements – what the recipient can do with the information, and who the recipient can share the information with both inside and outside of the organization.
- Should the definition of confidential information describe what is confidential, or is it only confidential if it is marked confidential? Requiring marking makes it clear for the recipient, but the owner has to remember to do that, and it can be a nuisance to deal with oral or unwritten material.
- Does the information cease to be confidential after a fixed number of years, or does it last until the information gets in the public domain?
- If it is a standalone NDA that is a precursor to a substantive agreement, it needs to be addressed again in the substantive agreement – either by replacing it with new NDA language, or by explicitly confirming that the original NDA continues.
- Be on the lookout for other things buried within an NDA. They usually stick to NDA concepts, but occasionally contain unexpected provisions.