BY: Blair R. Vandivier, RBE Attorney 

Every business has special information that provides an important advantage in its marketplace.  The information may include pricing methods, customer lists, business methods, marketing plans or product formulations. If this information became public, the advantage of this information would be lost to the business.  


In its simplest form, “Confidential Information” is information considered “secret” and it is perceived that keeping it “secret” provides some advantage.  The value of the secret is not relevant.  In order to maintain the confidentiality and therefore the value of the information, disclosure of the confidential information should only be made to persons who are subject to obligations of confidentiality.  Once “secret” information is shared with someone who does not have any obligation to protect its confidentiality, it is no longer secret.  It is axiomatic that once released, the genie cannot be put back into the bottle. Accordingly, there are times when it is necessary to share confidential information with outsiders and protect the confidentiality of the information.  The rules for sharing this information should be contained in a document that is usually referred to as a Confidentiality or Non-Disclosure Agreement (the “NDA”).

Sooner or later every business owner or senior manager will be presented with an NDA.  It may be presented by a customer, a supplier or someone interested in purchasing the owner or manager’s company.  In a typical conversation the party requesting the NDA will couch the request as “our company’s standard NDA.”  The request will be “downplayed” as something to comply with “corporate policies” or similar third party standards.  A “fill in the blank” NDA will then follow.  In many cases, the recipient will be anxious to begin negotiations or seek a new business opportunity.  The temptation to complete the form, execute and return it to the requesting party without review by an outside professional is difficult to resist.  Yet the consequences and burdens imposed on the recipient of Confidential Information may be substantial.  

While many of the form NDA documents are reasonable, a significant number are one sided or simply do not apply to the contemplated transaction.  As a result, it is beneficial to stop, take a breath, and review the NDA to ensure that it is not one sided and is in fact reasonable to protect the legitimate interests of the party requesting the NDA.  No matter how “standard” or “boilerplate” the document appears, once executed, it does create enforceable obligations.  It is important to understand these obligations and the basics of the structure of the NDA.


Prior to considering the terms of NDA, it is first important to determine whether the parties contemplate the exchange of any information either of the parties considers confidential. Many times the corporate policy or the nature of the transaction causes the NDA to be presented.  However, if neither party deems the information to be exchanged as confidential, or if the parties can agree not to disclose any confidential information, the burdens of the NDA may be avoided.  To emphasize that neither party intends to exchange any confidential information, the parties should consider executing a Non-Confidentiality Agreement.  This is the opposite of an NDA.  In a Non-Confidentiality Agreement the parties agree that none of the information to be exchanged is confidential. As a result, there are no obligations imposed on either party as a result of the disclosure of any information.  Further, the parties agree that prior to the disclosure of any confidential information the parties will execute the appropriate NDA.  The Non-Confidentiality Agreement makes it very clear that neither of the parties can later claim the information disclosed was confidential.


Once it is determined that one or both of the parties intend to share information considered confidential that should be protected, the document review should begin.  The NDA will typically begin with an introductory paragraph including a recitation of the identity of the parties and their physical location.  A brief description of the contemplated transaction should follow.  It is important to make sure the information is accurate and the reason for the contemplated disclosure is clearly stated.  This ensures that the parties clearly understand why the NDA is being executed and the value the disclosing party places on the information to be received.  The document should also provide whether it is a “mutual” or a “one way” agreement.  If it is “mutual” both parties have similar obligations regarding the disclosure of information each believes is confidential.  If it is “one-way” there is only one disclosing party and the other party is not protected if, during the course of the transaction, it discloses confidential information to the other party.

Next, there generally follows a definition of confidential information.  This definition usually includes a broad definition of confidential information by the creation of a rebuttable presumption.  A typical definition would be:

“Confidential Information is information disclosed by the Discloser and which the Discloser considers to be proprietary or confidential whether such information is tangible or intangible and which is disclosed to the Recipient.”

This creates an all-encompassing definition that everything the disclosing party says is confidential information unless the presumption of confidentiality is rebutted.

Typically, the following will define what rebuts the definition by establishing the converse of confidential information:

Confidential Information does not include information that the Recipient can demonstrate:

              (i)          Is or becomes available in the public domain other than as a result of the breach of this Agreement by the Recipient;

             (ii)          Was received by the Recipient from a source not bound by obligations of confidentiality;

             (iii)         Is developed by Recipient independently without the use of any Confidential Information previously disclosed. 

The information is confidential and the duties of confidentiality are presumed unless the Recipient can show the information was available from some other source that obtained or developed the information without misappropriating it from the Discloser. Under the above definition, all communications with the Discloser are presumed to be confidential and the recipient shares that information at its peril. 

This above definition of “Confidential Information” should be modified, so that instead of everything being confidential, the Discloser must tell the Recipient if the information is confidential.  This is established in the above definition by the use of the modifying words “which the Discloser considers to be proprietary or confidential.”  It is only fair to require the Discloser to identify the information it believes is confidential when it is disclosed.  This is easily achieved by marking the information with some notation such as “Confidential” if the information is disclosed in writing.  If the information is disclosed verbally or visually, the Discloser should be required to notify the Recipient that the information is confidential at the time of the disclosure and further require this notification be confirmed within a reasonable period of time after the non-written disclosure.  By creating the requirement of notice, the duty of identifying the confidential disclosure is on the Discloser.  The Discloser is in the best position to make the claim.  Providing notice advises the Recipient of the importance of safeguarding the information disclosed.


The answer to this question depends on the agreement of the parties.  There are generally two possibilities: A time period (which is easy to determine); or, an indefinite period “so long as the Confidential Information remains confidential” (which is much more difficult to determine).  The type of information disclosed determines the time period of the obligation.  In technology areas, a term of years between three and five is typical.  Financial data generally is subject to a time period definition. The reason for a time period is that the information will become stale and of no value after the passage of a period of time.  The difficulty occurs in areas that may remain confidential for long time periods, and may be of greater value to the disclosing party.  On one extreme there are those disclosures that go to the very essence of the business, for example a formula or unique manufacturing method which clearly defines the business such as the formula for Coca-Cola.  Similarly, a customer list or training method or some similar item of proprietary information may remain valuable for a long time.   In those circumstances, the “so long as it remains confidential” standard is appropriate.  This is another reason “one size fits all”, “boilerplate” and “standard” forms may not be appropriate for all transactions.


The duty of care varies according to the agreement.  Some agreements provide for a standard of “reasonableness” while others require the recipient to use “not less than the same standard of care the Recipient uses to protect its own Confidential Information, but, in no event, not less than reasonable care.”  This is important because the Recipient does not want to accept responsibility for the tortious acts of its employees or agents.  In one situation, a form agreement required the Recipient to be responsible for the acts of its employees and their “friends and family members.”  Clearly this is over reaching.  Generally, if the Recipient takes the following actions, the duty of care is met:Control access to the Confidential Information.  Make sure the Confidential Information is kept in a protected location and that access is provided only to those who need to have access.  In some circumstances it is necessary to keep the information under lock and key while restricting access to the key.   It is absolutely essential that anyone who has access to Confidential Information within the business should be bound by a Confidentiality Agreement that is at least as restrictive against disclosure as that to which the Recipient agreed.  Again, since the “genie cannot be put back in the bottle” it is essential the bottle remains sealed.  Employee confidentiality is beyond the scope of this article, but, it is critical to protect the information that is disclosed.

  1. Maintain a disclosure log.  In this manner, there is evidence of who had access.  This provides support for the proposition that the Recipient took steps to restrict access to the Confidential Information.
  2. Restrict duplication of the Confidential Information.  Only duplicate the information to the extent absolutely necessary.  The documentary form of the Confidential Information should be clearly marked as Confidential.  The marking should contain an additional legend indicating that copying the document is prohibited. If copies are made, a legend should indicate that the copy is “number ____ of ____”.   Each copy should be treated as its own unique item of confidential information and the comments contained in this section should apply to each copy. 
  3. Maintain a chain of custody for all of the Confidential Information.  Each documentary copy of the information should have a chain of custody record to identify to whom and when disclosure occurred.
  4. Use the information only for the purpose the disclosure was intended.  This is another reason to take the time to identify the purpose of the intended disclosure in the early stages of the discussions.  Reverse engineering of a tangible item may be specifically prohibited.  The Confidential Information may be tangible, such as a product or even a computer code.  Many agreements contain a specific prohibition upon reverse engineering or decompiling the item.  One of the downsides of receiving Confidential Information is that until the information becomes public information, it cannot be used by the Recipient.  This is another reason for making clear at the outset that the Recipient does not want to receive any confidential information.


If there is a breach, it is important that the breaching party take all reasonable steps to minimize the damage that may flow from the breach.  Many agreements contain an affirmative obligation to notify the Discloser that the Recipient has breached the agreement. Damages are only minimized if the breaching party takes steps to allow the aggrieved party to mitigate those damages.  Failure to allow mitigation will make the award of damages greater.

Almost every agreement will include the phrase “because in the event of a breach of this agreement, money damages are difficult to assess, the parties agree that the disclosing party is entitled to all relief available at law or at equity including injunctive relief.”  In its simplest form, this means that the disclosure of the Confidential Information is so damaging to the Disclosing party that if disclosure is even threatened, the Recipient agrees that a court may enjoin it and others from using the information, until such time as a trial on the merits may be conducted.  Ordering conduct is referred to as injunctive relief.  Injunctive relief is an extraordinary remedy, the consequences of which could be devastating to the breaching company.  In addition to stopping the company from selling a product or using the information to make a product, the customers of that company can likewise be prohibited from using those products.  The potential for injunctive relief emphasizes the importance of protecting the disclosure of confidential information.  Finally, if injunctive relief were not available, and money damages were the only remedy, the willingness to share confidential information would be restricted and the benefits of sharing confidential information would likewise be reduced.  


Typically these agreements do contain some boilerplate provisions, most of which are reasonable and appropriate.  However, because of the significance of a breach, the provisions relating to notice, choice of law, and choice of forum are as important in Confidentiality Agreements as in other transactions.    


This possibility should be addressed in the Agreement.  The document should provide a clear “road map” governing the parties’ conduct.  Once the parties terminate a relationship, there should be a clear understanding of the obligations with respect to the information.  A carefully drafted document will require the Recipient to return the information to the Disclosing party and ensure that no copies of the information have been maintained.  This is usually accomplished by a requirement that either the Recipient return all confidential information and destroy any copies however maintained.  This should be certified to the Disclosing party.  It is in the best interest of the Recipient to ensure all of the obligations with respect to the confidential information have terminated.  Similarly, by this requirement, the Disclosing party demonstrates that it has taken appropriate steps to protect the confidential information.


Typically, the only time disclosure without the consent of the Disclosing party is permissible is pursuant to a court or government order.  The carefully drafted NDA will contemplate this possibility.  It is normal to require the Recipient, if it receives an order for disclosure, to notify the Disclosing party and provide the Disclosing party the opportunity to intervene in the request for the confidential information.  Properly addressed, the Recipient may be able to avoid great cost as well as avoid any inadvertent liability to the governmental entity, the court, or the Disclosing party.

Confidential information is present in every business.  Many business transactions depend on the disclosure of confidential information in order for a supplier to provide a valuable service or for the value of a potential transaction to be determined.  Protection of that information is critical.  A properly drafted NDA ensures that each party understands the rights and obligations associated with the disclosure of confidential information. 


© Riley Bennett Egloff LLP
Disclaimer: Article is made available for educational purposes only and is not intended as legal advice. If you have questions about any matters in this article, please contact the author directly.
Permissions: You are permitted to reproduce this material in any format, provided that you do not alter the content in any way and do not charge a fee beyond the cost of reproduction. Please include the following statement on any distributed copy:  “By Blair R. Vandivier © Riley Bennett Egloff LLP - Indianapolis, Indiana.