This article highlights the top 5 critical aspects of confidentiality agreements and provides practical tips for maintaining the confidentiality of confidential information.
What is an NDA?
A non-disclosure agreement, or confidentiality agreement, is a legal contract that protects confidential information from unauthorised disclosure and misuse. Breaching a non-disclosure agreement can have severe consequences, mainly if it causes the disclosing party loss or damage.
An NDA may be one-way, which means only the recipient of the Confidential Information is obligated not to disclose the information. A mutual NDA protects the confidential information of both parties when both parties exchange confidential information with each other.
Although confidential information can be protected under many other agreements, including employment agreements and sale and purchase agreements, a non-disclosure agreement is executed as a deed if money (consideration) does not change hands under the agreement.
SaaS Company Example:
Tony is a director of a new SaaS company, SaaS-Supply, which will revolutionise how businesses order business suppliers. Tony has done market research and wants to have his software developed as soon as possible. Therefore, he needs a quote, although he also wants to keep the SaaS supply a secret. Until Tony reviews the developer’s quote, there is no need to consider a software development agreement at that stage.
Tony’s intellectual property lawyer recommends that Tony require the software development company to sign an NDA to prevent them from disclosing Tony’s new business idea to unauthorised third parties.
Tony’s lawyer also informs Tony that, although it is challenging to protect software ideas in Australia, it is possible to protect the unauthorised disclosure of Tony’s business idea. However, that protection will only last until SaaS-Supply goes live because the ‘business idea’ will be in the public domain.
In these circumstances, a deed is a correct instrument to protect the SaaS company’s confidential information because no money is changing hands.
1. What is Confidential Information?
The first critical aspect of a non-disclosure agreement is understanding the meaning of confidential information.
Although there is no specific definition of confidential information, assessing a variety of criteria will help to determine whether information has the necessary quality of confidence (Coco v A N Clark (Engineers) Ltd [1969]).
Generally speaking, business information that is not in the public domain will likely impart a duty of confidence on employees and contractors, for example. More specifically, confidential information may include trade secrets, financial information, know-how, business processes, methods of manufacture, technical drawings, customer and supplier lists, data, ingredients, computer code, formulas, calculations, and more.
Further, information that is obvious, trivial, or would become reasonably apparent to someone skilled in a field will likely not be subject to a duty of confidence.
2. Specifying Confidential Information
Courts often refuse to classify information as confidential if a party refers to it globally, for example, if an NDA asserts that all information a party discloses to a recipient is confidential. (Smith Kline & French Laboratories (Australia) Limited v Secretary, Department of Community Services & Health (1990) 22 FCR 73).
It’s also worth mentioning that just because you say that, agree to, or mark information as confidential does not necessarily mean that it automatically has the necessary quality of confidence.
A non-disclosure agreement must accurately identify and describe the confidential information the disclosing party will disclose without disclosing the secret information itself.
While the NDA should specify some confidential information, it should also be sufficiently broad to protect other confidential information that the disclosing party may disclose in conversations, emails, documents, or the information in the results or outcome.
3. The Purpose of Disclosure and Misuse
While there are no prizes for guessing why many people consider the ‘non-disclosure’ aspect of a non-disclosure agreement to be the most critical aspect of an NDA, disclosing parties must also protect against the misuse of their confidential information.
Misuse occurs due to a breach of an NDA by a party using the information for a purpose that was not permitted, despite no unauthorised disclosure of confidential information.
Take our earlier SaaS Company example, where a party discloses confidential information to a software development company to get a quote to create Tony’s new software, SaaS-Supply.
If the software developers use SaaS-Supply’s programming methodology, which SaaS-Supply discloses in discussions, the database design disclosed in documents, or the information in design notes to develop a SaaS application for themselves, the software development company will likely breach the NDA.
Although the software development company may not have disclosed the information to unauthorised third parties, they used confidential outside of the permitted purpose.
Therefore, an NDA must always define the purpose for which the recipient may use confidential information that the disclosing party discloses.
4. Term & Termination
The term of a non-disclosure agreement should be limited to a period necessary to protect its legitimate rights and interests. The risk of not doing so is that a court may consider the duty not to disclose as a restraint of trade, which may be difficult to enforce.
That said, certain confidential information may gain protection indefinitely under a duty of confidence, including the recipe for Coca-Cola, which has enjoyed trade secret protection for over 130 years.
So, what’s the difference between Coca-Cola and SaaS-Supply?
Coca-Cola has taken significant steps to protect its confidential information by locking the recipe safely and decompartmentalising the manufacturing process, staff, and ingredients. These steps make it very unlikely that anyone will ever uncover the taste of the world’s favourite drink.
On the other hand, the confidentiality of SaaS-Supply only relates to the business idea itself. Once SaaS-Supply goes live, the business idea will become public information, which will be apparent within a few minutes, effectively losing the quality of confidence.
An additional note: SaaS-Supply’s documents and conversations may be subject to confidentiality for longer. If the software developers breach the NDA, SaaS-Supply may seek an injunction to prevent unauthorised disclosure of the discussions and documents. However, if the confidential information in those documents has little value, SaaS-Supply will have a limited chance of claiming significant damages in legal proceedings, even if they win.
5. Information Protection
As the following steps are process-driven, I recommend creating a policy to ensure that personnel take these protective steps to maintain information confidentiality.
Marking Confidential Information
It is best practice for businesses to identify confidential information by clearly marking documents, emails, and presentations as “Confidential”.
Such notice will help enforce your rights and provide the required notice to recipients. However, marking confidential information does not guarantee that the information will automatically be subject to a duty of confidentiality if it does not have the necessary quality of confidence.
Need-to-Know
Confidential information recipients should only disclose it to those within their organisation, including employees, contractors, and advisors, if they genuinely need to know and are also subject to a duty of confidentiality.
Information Separation
Wherever possible, IT systems should restrict access to documents and folders. For example, document folders on servers must be password-protected. Also, consider converting documents containing confidential information to PDF format and password-protecting them.
