So must your NDA have a term? Some insist on a hard stop, say two years, after which confidential information ceases to be confidential.

Many inhouse lawyers profess themselves immutably bound to such a term, by internal policy. They would sooner be broken upon a wheel than let this one go. This policy, they will intuit, dates from the days of the First Men, possibly was the result of a misunderstanding, but in any case subsequently has hardened, encrusted, calcified, petrified, and finally fossilised itself into a layer so deep in the firm’s organisational substrate that there is no known means of questioning it. In the very act of questioning it invites some kind of opprobrium. If anyone ever did really understand what the issue was, they have long since moved on, or been moved on, and no-one remains who can recall, much less articulate the original reason for this policy, or why it is still needed now.

Furthermore, in the ensuing thirty odd years, generations of employees have left that firm (some voluntarily, many not), taking this deep personal conviction with them, and have circulated the market, wherever they go inculcating a strong sense that some ineffable calamity would befall them, their firm, the market or, indeed, the entire industry should this sacred covenant ever be breached.

Thus the “mandatory confidentiality term” has now become part of the folklore of the financial services markets. You have to have a term, and it can’t be longer than two years at the most.

Now perhaps the JC is that long-prophesied seal of the forthcoming apocalypse (actually that might explain a few things, come to think of it) but, personally, he has never been able to understand what this “term” covenant could possibly achieve? Why, after a couple of years, should I suddenly be entitled to blare all your darkest secrets out from the minarets around town, without so much as a by-your-leave?

While the commercial value of much information does go stale over time (blueprints for a BetaMax, anyone?), this isn’t universally true — a client list is valuable however long you hold it — and the usual justification for the hard stop (“we just don’t have the systems to indefinitely hold information subject to confidence and don’t want indeterminate liability for breach”) is a canard — a palpably false one at that, for a regulated financial institution. Whatever information security systems you do have don’t suddenly stop working after three years. And as for indeterminate liability — well, no harm no foul: if the information really is stale then no loss follows from a breach, right? No loss, no damages.

In any case, it seems to the JC that a term creates more questions than it answers. When does it run from? The date of the NDA itself, or the date of disclosure of the information in question? If the former, and the point is to exclude stale information, why is the NDA date a relevant point? If the latter, who is monitoring what is disclosed when? What is meant to happen when the term expires? Why are we even having this conversation?