Template:Confi term
So must your confi have a term? Some insist on a hard stop, say two years, after which confidential information ceases to be confidential.
Many inhouse lawyers profess themselves immutably bound to such a term, by internal policy. They would sooner be broken upon a wheel than let this one go. This policy, they will intuit, dates from the days of the First Men, possibly was the result of a misunderstanding, but in any case has subsequently hardened, encrusted, calcified, petrified, and finally fossilised itself into a layer so deep in the firm’s organisational substrate that there are now no means to remove it. If anyone ever did really understand what the issue was that prompted it, they have long since moved on, or been moved on, and no-one remains who can recall, much less articulate the original reason for this policy, or why it is still needed now. Furthermore, in the thirty odd years since, generations of employees have left that firm (some voluntarily, many not) but have taking this deep personal conviction with them, and have circulated the market, inculcated with strong sense that some ineffable calamity would befall them, their firm, the market or, indeed, the entire industry should this sacred covenant ever be breached. Thus the “mandatory confidentiality term” has now become part of the folklore of the financial services markets. You have to have a term, and it can’t be longer than two years at the most.
Now perhaps the JC is that long-prophesied seal of the forthcoming apocalypse (actually that might explain a few things, come to think of it) but personally he has never been able to understand what this term covenant could possible achieve? What, after a couple of years I can suddenly start blaring all your secrets from the minarets around town, without so much as a by-your-leave?
While the commercial value of much information does go stale over time (blueprints for a BetaMax, anyone?), this isn’t universally true — a client list is valuable however long you hold it — and the usual justification for the hard stop (“we just don't have the systems to indefinitely hold information subject to confidence and don't want indeterminate liability for breach”) is a canard — a palpably false one at that, for a regulated financial institution. Whatever information security systems you do have don’t suddenly stop working after three years. And as for indeterminate liability — well, no harm no foul: if the information really is stale then no loss follows from a breach, right? No loss, no damages.