Confidentiality agreement

30

Also known, to those for whom the glass is half-empty, as a non-disclosure agreement. An agreement whereby you promise not to tell. If Robert Plant were writing one, he would write it like the box on the right.

Anyhoo. Here are the main of a normal financial markets confidentiality.

What’s in a confi?

Confis can be “one way”, where one party discloses and the other receives, or “two way”, where both parties disclose sensitive information. A broker’s template will tend to be far more generous when it is receiving only, than when it is giving information up.

Length

Firstly, let’s be blunt about this: there is a special place in hell for any advisor who serves up a confidentiality agreement more than 3 pages long. Even three pages is purgatorially tedious. GET TO THE POINT. It’s a goddamn confi, not the sale of your soul. Oh hang on.

Purpose

Why are the parties sharing the information in the first place? Typically, you’ll want to restrict use of the information to matters relevant to the project. Expect to see a definition of “purpose”, or something similar.

What information is in scope?

Parties give each other all kinds of information. Not all of it is sensitive. Seeing as a confi imposes onerous obligations, you should carefully define the “confidential information” that’s in scope.

  • Personal information: If the information is personal information about individuals, there may be additional provisions concerning storage, processing and rights to access and correct that information. Especially once the General Data Protection Regulation (GDPR) comes into force. Hoo boy.
  • What information that otherwise would be in scope, is out of scope?: Even within the definition of confidential information, you’ll need to make exceptions:
    • Information the receiver already held at the time of disclosure
    • Information the receiver receives separately from someone else other than in breach of a confidentiality undertaking
    • Information the receiver develops independently of the disclosure and without reference to information disclosed
  • Trick for young players: Don't make the schoolboy error of including in this exclusion from the definition of confidential information “information required to be disclosed to regulators or government authorities”. This is a legitimate exception to the prohibition on disclosing information — see below — but it shouldn’t disqualify the information from being Confidential Information altogether. If it did, once you were required to give any information to the regulator, it would suddenly be open season and you could tell everyone about it.

====What is the confidentiality restriction?==== Now you know what counts as confidential information, what can you do with it and what’s not allowed? You’ll often see:

  • Keep the information confidential. Don’t disclose it except to a limited group of people — and you may be required to ensure that these people only receive the information subject to an equivalent duty of confidentiality:
    • Inside the organisation: In a large organisation this may be to a small group of people in the organisation (for example, credit, legal or the onboarding team). There may be specific restrictions to prevent it getting to trading desks or front office personnel who may use the information to profit from it (this will usually be illegal: it’s likely to constitute insider trading or market abuse, but no harm is specifying in the contract).
    • Outside the organisation: you may be allowed to share it with your professional advisers, and to regulators and quasi regulatory authorities (stock exchanges etc) where required by law (or you reasonably consider it expedient). There may be some tiresome details about only giving in formation that is reasonably necessary, and taking what steps are necessary to take legal action to prevent disclosures to regulators.
  • Only use it to carry out the “purpose” or “project”.

This is somewhat hard to enforce — it’s nebulous, right? — and in practice you’ll bever know what goes on bhind closed doors, but in the English law-speaking world this is pretty uncontroversial precisely because it isn't practically actionable. But the yanks can get very worked up over it. At least that's what I recall, but it may have been a fever dream.

Return of information

The disclosing party will want rights to get the information back at the end of the project. In this modern era of distributed network computing, the old entreaties to “return all copies of information” are faintly absurd: as if they’ve been kept in a manila folder in a filing cabinet somewhere, only inspected by chaperoned employees wearing white cotton gloves. Of course everything will have been transmitted electronically, will exist on servers all around the world, and the very action of attempting to return it will oblige it to be copied onto other servers. Some of these copies will be stored for years under document retention policies. So the real ask ought to be “to put beyond practical use” and have an exception for regulatory retention. There’s also a conceptual issue with information the receiving party has derived from the confidential information — this may include information which is confidential to the receiver, and should not have to be offered up to the discloser.

Possibility of injunctions

Some people like to acknowledge that the potential consequences of breach of confidence are so severe that ordinary contractual damages might not be adequate and equitable relief might be the only means of protecting your position. Injunctions, dawn raids and so on. Whatever floats your boat. Really an acknowledgment so that the poor wronged person who goes to the courts of chancery seeking injunctive relief can point to M'lud and say, “You see, your honour? That rascal knew perfectly well I might need an injunction here.”

Like I say, whatever floats your boat.

Term

Some folks will insist on a hard stop, say two years, after which supplied information ceases to be confidential. Inhouse lawyers may profess themselves to be immutably bound to have such a term by internal policy]]. While the commercial value of much information does go stale over time (blueprints fo a BetaMax, anyone?), this isn’t universally true — a client list is valuable however long you hold it — and the usual justification for the hard stop (“we don't have the systems to indefinitely hold infoirmation subject to confidence and don't want indeterminate liability for breach”) is a canard. Whatever information security systems you do have don’t suddenly stop working after three years. And as for indeterminate liability — well, no harm no foul: if the information really is stale then no loss follows from a breach, right? No loss, no damages.

What a confi shouldn't have

The following often make their way into a confi agreement, though none really have any business being there.


Special AKA

The same as a:

See also