Draft Your Own Confidentiality Agreements | A Lawyers' Guide

What will this guide cover?

This guide aims to equip you with: 

1. A baseline understanding of confidentiality agreements also known as non-disclosure agreements or NDAs  (maybe start at the FAQ at the bottom if you want a primer);
2. Boilerplate or specialist legal templates (free of charge);
3. Guidance on how to tailor these templates to your needs (UK-only), your industry, type of relationship requiring the confidentiality agreement);
4. Specialized clauses via our legal clause library (free of charge);
5. The confidence to create and negotiate confidentiality agreements yourself; and
6. Some outlets for free legal guidance should you find that you get stuck along the way (please tell us, so we can improve this guide for the next person!)

In essence, this guide will help you to understand the basics of creating a confidentiality agreement, including the types of information that should be included, how to draft the agreement, and how to enforce it. With our guide, you can be sure that your confidential information is safe and secure. We have written this guide in partnership with Andrea Rinaldi, Senior Legal Counsel at Trainline. Over to you Andrea:

So, What do I know about Drafting Confidentiality Agreements?

My experience in drafting, creating, and negotiating confidentiality agreements covers a full range of commercial matters and projects, including:

1. IT & Digital
2. E-commerce
3. Marketing & Advertising
4. Data Protection & Privacy
5. Supply Chain
6. Labour & Employee Relations
7. Intellectual Property
8. Corporate Governance
9. Compliance
10. Competition Law
11. Food & Nutrition.

I am currently Senior Legal Counsel at Trainline and an Advisor to Genie AI. I also held roles as Sole Global Legal Counsel at WhereIsMyTransport and Legal Counsel at McDonald’s previously. 

Why should you care about Confidentiality Agreements?

Properly drafting a confidentiality agreement (also often referred to as an NDA) will reduce the risk that your clients or partners:

- Disclose confidential information to non-authorised parties or publicly.

- Use confidential information in ways that are not permitted & outside of the agreement (e.g. selling it).

- Use confidential information to compete with you .

- Use confidential information to gain an unfair advantage over you .

- Use confidential information to create a similar product or services.

- Use confidential information to solicit your customers.

- Use confidential information to create a competing business.

- Use confidential information to unfairly benefit from your ideas or inventions.

This is because doing so would give you the opportunity for legal recourse against them.

So, let’s get stuck in. Once I’ve shown you how to draft a confidentiality agreement, I’ll walk you through the process of negotiating them.

Drafting a Confidentiality Agreement

Let’s start with a template. If you already have one, that’s great. 

For a general purpose template 

We have 1 great starter option on our app:

1. One-way NDA with Data Protection Clauses

‍Note: If you’re in the US and still want to follow along - you can use this: Standard Confidentiality Agreement.

Also note that if you're US-based, there's a specific section on US-legal research on this subject below.

If you would prefer to use a pre-customised template then there are a few specialist ones below. All of these are free-to-access for everyone through the Genie AI app.

For the UK:

• ‍In Depth Confidentiality Agreement For Buying Shares NDA (Individual Sellers)‍
• Simple Confidentiality Agreement For Buying Shares NDA‍
• Company Acquisition Confidentiality And NDA‍
• Loan Finance Confidentiality Agreement NDA

For the USA:

• ‍Confidentiality Contract Early Stage Company Unilateral Discloser Friendly
• Employee Confidentiality And Proprietary Rights Contract‍
• Employment And Confidentiality Agreement‍
• HIPAA Confidentiality Agreement‍
• Intern Confidentiality Agreement‍
• Mutual Confidentiality Agreement‍
• Non Disclosure And Confidentiality Agreement‍
• Vendor Confidentiality Agreement

Confidentiality agreements are essential for any business that needs to protect its valuable confidential information and proprietary rights.

Here is the step-by-step guide on drafting / tailoring one yourself:

STEP 1. Understand the purpose of the agreement and the context in which it will be used.

• Think about why you need a confidentiality agreement, what is the background to it, what are the business’ objectives and how can these be achieved. The context in which the information is shared, helps define the purpose and in turn, better protect the confidential information. Often the purpose of a confidentiality agreement is to investigate potential business opportunities and to understand if the other parties’ goods or services can be useful for your business and/or vice versa. 
• You should carefully consider the purpose as this is a crucial concept to define in the agreement, driving the effectiveness of the protections set out and thus of the agreement itself.
• Defining the purpose for which the parties are sharing confidential information should be a carefully thought exercise. Note - Whilst a broad and all encompassing definition (e.g. “discussions regarding potential data services”) may seem the best solution, you should avoid it as this may reduce the effectiveness of the agreement and unintentionally cover information which does not require to be confidential, hence putting excessively wide and onerous confidentiality obligations on the parties. Aim for a clear, succinct and precise definition of the purpose.        

STEP 2. Identify the parties to the agreement and the information they are seeking to protect.

• Consider if other entities within your or the counterparty’s organisation (e.g. affiliates such as a parent or subsidiaries to the signatories) may need access to the information shared. If so, the agreement should explicitly set out this right and include a clear definition of these other entities in your (or the counterparty’s) organisation. It is standard practice to allow access to “parent and subsidiary undertakings'' of the signatories, and to clarify who these are by referencing the definition of these provided in section 1162 of the Companies Act or more simply to entities that directly or indirectly control the signatories. Note: if you decide that your counterparty’s affiliates need access to the confidential information, make sure that in addition to permitting this and clearly defining the affiliates, you include an obligation on the counterparty to ensure that its affiliates are aware of the confidentiality obligations in the NDA and that they maintain such confidentiality. You should also ensure the counterparty is responsible for any breaches of the NDA by its affiliates, as otherwise your rights to recover damages from these will be limited as affiliates are not signatories (i.e. you may be left without an appropriate recourse).
• Taking into account the context and purpose of the agreement, consider what information you are seeking to protect, the subject matter, the format this may be in and how it may be disclosed (oral, written, electronic, graphic, visual etc…), whether it is clear to the other party that the information is confidential or if this should be unequivocally highlighted in the material/information shared by marking it as “private and confidential”. Note- you may want to restrict what is considered confidential only to information that is clearly marked as confidential, however, whilst this may provide an easy and convenient way to identify confidential information, it is important to remember to make all stakeholders involved aware about such requirements, in order to avoid mistakes.  

STEP 3. Consider the scope of the agreement: what information will be protected, who will have access to it, and how long the agreement will be in effect.

• Think about the nature of the information you are seeking to protect, is it financial, is it operational, corporate or of a different nature. Does the information contain personal data?  What is the subject matter? Is the information part of a specific project or required for a particular objective that can be easily identified? Note- Linking the confidential information to a specific project is a useful and convenient way to ensure the parties are clear about which information must be treated as confidential. 
• Besides the parties signatories and any other entity related to them (as mentioned in Step 2 above), consider what individuals, within your and the counterparties’ organisation may need access to the information (is it only employees? Anyone acting on your behalf such as agents, professional advisors, contractors/consultants etc…). Note- It is standard practice to allow access to confidential information to anyone acting on your behalf (usually found under the definition “Representatives”). However, please remember that (as for company’s affiliates - see Step 2 above) you will remain responsible for any breaches they commit and as such, you should ensure these individuals are aware of their confidentiality obligations and that you have remedies against them in case of misuse (these obligations and remedies are usually included in employment or consultancy/contractor agreements). Make sure the above applies to the counterparty and its Representatives too. 
• Consider the duration of the agreement. This is the length of time you will have to comply with your obligations under the agreement. In essence, this is how long you and the counterparty will have to keep the information confidential. To do this, ask yourself when will it be ok (i.e. when I won’t suffer damages) if the information becomes public or if the counterparty uses it in an unauthorised way. Note- the length of the NDA is shorter than the length for which the contract’s parties need to maintain the information confidential, which may be longer. For instance, the Term of the NDA may be 3 years but the parties may be obliged to maintain the information confidential for another X amount of years after termination. This is to ensure that all confidential information shared during the Term is protected and that after termination, information is maintained confidential for an agreed amount of time. 

STEP 4. Specify the obligations of each party, including how the information will be used, stored, and disclosed.

• The principal and most important obligations of each party will be to maintain the information confidential, to use it only in compliance with the permitted purpose and to guarantee the standard of protection required. As such, it is crucial to clearly set out each of these obligations in turn. 
• The permitted use of the information should be strictly connected and limited to the purpose (which should be a defined term or at least clearly spelled out) in the confidentiality agreement, hence the importance of having a clear purpose as per point 1 above.
• To whom can the information be disclosed i.e. what are the permitted disclosures? Think “Associated Companies”, “Representatives”. 
• On termination, consider how you would like the confidential information to be handled and what proof you require. Should information be destroyed or returned? Do you require a written certification that this has occurred?

STEP 5. Include provisions for dispute resolution and remedies in the event of breach.

• A dispute resolution clause sets out what should happen in the event of a disagreement between the parties and what are the steps and avenues for resolving it. For this, you should consider the most appropriate avenue(s) for resolving disputes which may be one of different options of alternative dispute resolution (e.g. mediation, arbitration, conciliation) or litigation. An analysis of each methods’ advantages and disadvantages is outside of the scope of this guidance but pursuing a less formal stage of dispute resolution may protect the parties’ relationship, save time and costs.

Note: We do have a boilerplate clause for ad-hoc arbitration here if you’d like to use that.

• A governing law clause is used to specify the system of law applicable to the interpretation of an agreement and its effect should a dispute arise between the parties. It clarifies the law that will be applied when determining and interpreting the parties’ rights and obligations and any disputes that may arise. 
• A jurisdiction clause identifies how disputes are to be resolved and in particular which court(s) are to hear a dispute e.g. the English courts.  
• A middle ground (and arguably fair) solution where either party is not a company incorporated in England, is to maintain the governing law to be England & Wales but allow for disputes to be resolved by arbitration as opposed to the English courts. The choice of the arbitration seat should be carefully considered and should be a seat that is where none of the contracting parties is incorporated.
• It is often difficult or inadequate to put a monetary figure to the damages that may be caused in case of breach of a confidentiality agreement. In fact, in most cases the disclosing parties’ first concern will be to put an immediate stop to the breach. For this it is important to explicitly set out that a party can seek an injunction from the court in addition to monetary damages.

STEP 6. Discuss terms: 

• Once both parties have agreed to enter into an NDA, it’s time to start discussing specific terms of the agreement. Make sure the NDA is tailored to the specific needs of the business and its parties. Imagine how the other side will feel about receiving your language, and pre-empting some of that could save you some time and energy.
• Go through steps 1-5 thinking about the parties’ requirements and consult with all relevant internal stakeholders to ensure these are fully addressed in the NDA. 

STEP 7. Draft and negotiate the agreement: 

• Once all terms have been agreed upon, it’s time to draft a preliminary agreement outlining all details and expectations of both parties involved in the negotiations..
• Areas of negotiation may include what entities and individuals will have access to the confidential information, how the parties can use it, the  length of confidentiality, types of information to be kept confidential, penalties or remedies if either party breaches the agreement, and how a dispute is to be resolved (as discussed in Steps 1-5 above).
• Consider having the agreement reviewed by a lawyer to ensure it meets all your requirements. Whilst you can comfortably use one of our templates to draft your NDA, make sure you carefully consider the preceding steps 1-6. Having a lawyer scan through your draft and confirm that you have correctly taken all the steps is important, particularly with regard to fundamental elements of the NDA such as the definition of permitted use. This is even more true, if the NDA is not accepted by the counterparty who instead proposes amendments which triggers a negotiation.. 

8. Discuss potential risks: 

• Before signing off on the final draft of a confidentiality agreement, it’s important to discuss potential risks associated with breach of contract by either party involved in order to avoid future disputes or legal action down the road. 
• Consider the relevant stakeholders within your organisation that should be involved and/or take the decision to enter into an NDA. 

9. Finalise the language: 

• Once both parties are fully satisfied with all aspects of their respective agreements, it’s time to finalise language within the contract before signing off on it officially. 

10. Signing ceremony: 

• After finalising all language within the contract, both parties can sign off on their agreements in a formal signing ceremony where each individual receives a copy for their personal records.

• Ensure the agreement is correctly signed and dated. Ensure the signatory has the authority to sign.
• Ensure the agreement is correctly named and stored to ensure an easy retrieval in future.

Further information on confidentiality agreements:

Why are Confidentiality Agreements Important?

Confidentiality agreements also help protect businesses from potential legal liability if the information is misused or disclosed. If a business discloses confidential information without a confidentiality agreement in place, they could be held legally responsible for any damages caused by the disclosure. This could include monetary damages, or even criminal liability. By signing a confidentiality agreement, businesses can protect themselves from potential legal liabilities.

Confidentiality agreements also help protect businesses from potential theft of intellectual property. Intellectual property is a term used to refer to any creative work, such as inventions, designs, or artwork. 

By signing a confidentiality agreement, businesses are protecting their intellectual property from being stolen or used without their permission. This is especially important for businesses that have a large amount of intellectual property, as theft of this type of property could have a huge financial impact on the business.

A confidentiality agreement also helps to garner trust between parties therefore helping to ensure that the parties can work together in ‘good faith’.

Legal Research Tips When Drafting a Confidentiality Agreement in the USA

1. Check the applicable state law: Confidentiality agreements are typically governed by the laws of the state in which the agreement is to be executed. Therefore, it is important to research the applicable state law to ensure that the agreement is compliant with that state’s laws. Failure to do so could result in an agreement that is not enforceable.
2. Research similar agreements: It is also important to research similar agreements in the same industry (e.g. healthcare, technology or construction) as this can provide valuable insight into what industry-specific language should be included in the agreement.
3. Review relevant state and federal circuit case law: Case law can provide additional guidance and can be valuable when determining legal issues associated with confidentiality agreements.
4. Consult a lawyer: Consulting with a lawyer before sending or signing an agreement is often a prudent course of action. All users of Genie AI (on free or paid accounts) can ask questions on template or clause pages. Once you comment, you’ll usually receive a response within a day or two from lawyers using the Genie AI platform.

Failure to take these steps may result in a confidentiality agreement that doesn’t protect your business as intended.

UK-Specific Considerations

Yes. It is important to research UK-specific legislation regarding confidentiality agreements in order to ensure compliance with the applicable laws. UK cases that involve confidentiality agreements can be found on https://caselaw.nationalarchives.gov.uk/. 

The UK Government website provides comprehensive information on UK-specific legislation regarding confidentiality agreements, including a crack-down on their mis-use.

Of course, consulting with a lawyer who is familiar with UK-specific jurisdictions is highly recommended. England and Wales have a different governing law to Scotland or Northern Ireland for example.

If you find that you’re dealing with cross-border confidentiality agreements then the situation becomes a little more complex.

International Law Firms With Expertise In Cross-Border Confidentiality Agreements

A few international law firms who may be able to help are: Morrison & Foerster, Jones Day, Shearman & Sterling, Squire Patton Boggs, White & Case, and Gibson Dunn.

Further to my views written above, these law firms tend to agree on the following areas of importance: All parties must be aware of the implications of entering into such agreements in each jurisdiction they pertain to, and ensure that they are adequately protected. This includes understanding the scope and duration of the agreement, how the agreement will be enforced, and the legal remedies available to the parties in the event of breach, in each country.

FAQs on Confidentiality Agreements

Q: What type of information should I include in my confidentiality agreement?

A: The information that should be included in your confidentiality agreement will depend on what type of confidential information you wish to protect. Generally speaking, it should include details about the purpose for which the confidential information will be used and instructions for how it should be handled, stored and destroyed by both parties. 

Q: What are trade secrets? 

A: Trade secrets are confidential business information that provide economic benefit to companies by giving them an advantage over competitors who do not possess such knowledge. Examples of trade secrets may include customer lists, manufacturing processes and recipes for food products. 

Q: What are reasonable measures for protecting confidential information? 

A: Reasonable measures for protecting confidential information include physical measures such as locked cabinets, restricted access (e.g., ID badges) and encrypted data; administrative measures such as policies and procedures; and technological measures such as firewalls and antivirus software. All these measures must be tailored to meet specific organizational needs in order to provide an adequate level of security. 

Q: How long does a confidentiality agreement last? 

A: The duration of a confidentiality agreement typically depends on its terms and conditions as well as applicable laws in your jurisdiction but can range anywhere from six months up to five years or more depending on the situation at hand. Generally speaking, most agreements will specify a period after which the obligation no longer applies but this may vary depending on the type and scope of confidential information involved in the contract. 

Q: Can I limit my liability under a confidentiality agreement?

 A: Yes – liability under a confidentiality agreement can be limited by including provisions that define what happens when either party breaches their obligations under the contract (e.g., damages limited up to a certain amount). It is also possible to limit liability further by including an indemnification clause which stipulates that one party agrees not to hold another responsible for any losses suffered due to breach of contract or negligence related matters relating to performance under said contract.  

Q: Can I make changes or amendments after signing a Confidentiality Agreement?

 A: Yes – changes and amendments can be made after signing the Confidentiality Agreement provided they are made in writing with both parties consenting thereto before they come into effect (e.g., via addenda). Both parties must agree upon all changes before they come into effect so it is important that any changes proposed by one party are discussed with all relevant stakeholders before being finalized.  

Q: When do I need separate non-disclosure agreements for each party involved?

 A : It is generally recommended that each party involved in sharing sensitive data obtain their own separate non-disclosure agreements since this will ensure that all relevant obligations are properly documented between each individual party involved instead of just one overall document covering multiple individuals (which could potentially create problems further down line).  

Q : Are there any specific laws regarding Non-Disclosure Agreements/Confidentiality Agreements?

 A :Yes - Depending on your jurisdiction there may be specific laws regulating Non-Disclosure Agreements/Confidentiality Agreements which must be taken into account during drafting stage e..g., IP rights protection laws applicable in some countries; Unfair Competition Acts; Data Protection Laws etc.). It is always advisable to seek legal advice regarding any queries you may have regarding these subjects prior drawing up any agreements between parties involved