7 Ingredients in a Confidentiality Agreement

A Confidentiality Agreement (a/k/a “NDA”) is a promise to keep someone’s information secret. Like all contracts, there is no one way to create them. But, there are 7 things that you have to define: (1) Discloser; (2) Recipient; (3) Confidential Information; (4) Duration; (5) OK Use; (6) Recipient Obligations; and (7) Penalties.

1.  DISCLOSER
The “Discloser” is the person who is giving and owning the information. The Discloser is the person who is entitled to secrecy. NDAs may enable one discloser, but they can also enable disclosure by more than one party or disclosure by both parties to each other.

2.  RECIPIENT
The “Recipient” is the person who gets the information and must keep it confidential. Once again, NDAs may enable one recipient or multiple recipients.

3.  CONFIDENTIAL INFORMATION
“Confidential Information” is the bucket of facts or information that will get disclosed by the Discloser and must be kept secret by the Recipient. Defining “Confidential Information” is critical, because you want to cover as much as needs to be confidential without being so broad that it would not be respected.

4.  DURATION
How long the Recipient must keep the secret should be defined. More specifically, when does the obligation start and when does it end?

5.  USE OF CONFIDENTIAL INFORMATION THAT IS OK
There must be a point to disclosing the Confidential Information – specifically, how, when and for what purpose the Recipient can use the Confidential Information must be carefully defined. For instance, many NDAs get signed to enable one potential client to disclose secret information to a potential consultant. So, the consultant is usually allowed to review the Confidential Information for the purpose of putting together a proposal for the potential client. But, there are also often activities or conditions that get pulled out of the you-must-keep-this-secret bucket. For instance, most NDAs say that the Recipient can disclose Confidential Information if it is widely known in the public through no fault of the Recipient. Some NDAs will also allow disclosure of any information that the Recipient can prove he created all on his own. And, there is a frightening exclusion that’s been floating through the NDAs of big tech companies for over a decade that says that a Recipient can use Confidential Information if he retains it in his memory.

6.  RECIPIENT OBLIGATIONS
All contracts have obligations – the Recipient’s obligations have to be defined. For instance, many NDAs say the Recipient can’t use Confidential Information other than as listed in the NDA; that he can’t disclose it to anyone, including employees, unless the employee has a reason to know (and often a signed NDA of his own); that he must keep it under lock and key; that he has to return it either when he’s done with it or when the Discloser demands it back.

7.  PENALTIES
Finally, some NDAs define what happens if the Recipient breaches. Nearly all NDAs, at a minimum, prescribe injunctive relief – the ability get a court to stop the loudmouth from continuing to expose Confidential Information. But, in addition to injunctive relief, Discloses often want to estimate the amount of injury caused by a breach and stick that in the contract. There may also be a “fee shifting” paragraph, that entitles the wronged party to reimbursement of his legal fees by the guy who screwed him.