Resources: Confidentiality agreement | Confi — Led Zeppelin style | GDPR | Copyright vs. confidence | |
Also known, to those for whom the glass is half-empty, as a non-disclosure agreement. An agreement whereby you promise not to tell. If Robert Plant were writing one, he would write it like the box on the right.
Anyhoo. Here are the main parts of a normal financial markets confidentiality agreement.
What’s in a confi?
Confis can be “one way”, where one party discloses and the other receives, or “two way”, where both parties disclose sensitive information. A broker’s template will tend to be far more generous when it is receiving only, than when it is giving information up. I know this may come as a shock to some of you.
Firstly, let’s be blunt about this: there is a special place in hell for any advisor who serves up a confidentiality agreement more than 3 pages long. Even three pages is purgatorially tedious. GET TO THE POINT. It’s a goddamn confi, not the sale of your soul. Oh hang on.
On the distinction between copyright and confidence
The key thing is to distinguish between breach of copyright and breach of confidence. The former is an intellectual property right over the form of information; the latter a contractual right over the substance of information.
- Breach of copyright: Copyright subsists in the particular articulation of the information, rather than in the information per se. To breach of copyright is to deny a copyright owner the commercial benefit of its creation: e.g., by accessing for free something the copyright owner wants you to pay for. In other words I can’t copy Harry Potter and the Philosopher’s Stone without J.K. Rowling’s permission, but I can tell you the plot.
- Breach of confidence: Breach of confidence is less about the form of the information and more about its substance: If I have signed a confidentiality agreement I can copy confidential information to my heart’s content, as long as I only use it within the bounds of my licence to use it. In other words, I can do what I like as long as I don’t disclose the content of that information to anyone else. Here the forbidden action is “telling you the plot”: I could do that either by giving you a full copy of the material, or telling you the plot without copying anything at all. Breach of confidence thus creates heightened compliance issues, implying as it does that the confidential information is not public, presenting risks of market abuse and insider dealing.
- It is the substantive content and not the particular form of the information that is valuable.
Big difference here.
- Copyright — account for profits: If I breach your copyright must account to you for the profits I have made out of the misuse of your information.
- Confidence — damages: If I beach your confidence, I must compensate you for the damages you have suffered as a result. My profit from the use of the information is not part of the calculation (unless, by profiting from it, I have deprived you of the opportunity to profit, and even then you have to persuade a court that such a consequential loss was a reasonably foreseeable consequence of my breach, which courts have traditionally been reluctant to do.
Assiduous attorneys will drivel in some of the usual boilerplate reps, to no obvious point, but for the most part confidentiality agreements are characterised by the representations the parties are not making to each other. Thus, this is another one for the “I never said it was” file, a clear disclaimer that when giving you this information, I never said it was accurate or good for anything. So you can’t sue me if you rely on it and lose money. So must your confi have a term? Some insist on a hard stop, say two years, after which confidential information ceases to be confidential. Inhouse lawyers may profess themselves to be immutably bound to have such a term by internal policy. While the commercial value of much information does go stale over time (blueprints for a BetaMax, anyone?), this isn’t universally true — a client list is valuable however long you hold it — and the usual justification for the hard stop (“we just don’t have the systems to indefinitely hold information subject to confidence and don’t want indeterminate liability for breach”) is a canard — a palpably false one at that, for a regulated financial institution. Whatever information security systems you do have don’t suddenly stop working after three years. And as for indeterminate liability — well, no harm no foul: if the information really is stale then no loss follows from a breach, right? No loss, no damages.
What a confi shouldn’t have
The following often make their way into a confi agreement, though none really have any business being there.
The same as a: