💬 Frequently Asked Questions

Confidential information is whatever the NDA's definition says it is. There is no universal legal definition. Typically, NDAs protect information that:

  • Has commercial value because it is secret
  • Is not publicly known or easily discoverable
  • The owner takes reasonable steps to protect

Common categories include: trade secrets, customer lists, pricing strategies, business plans, financial data, technical specifications, source code, product roadmaps, and proprietary processes.

Real-World Example
A software company's algorithm for fraud detection would qualify. But their office address would not, since that is public information.

Key takeaway: Read the definition carefully. If it says "all information disclosed," that is much broader than "information marked as confidential."

Generally, no. Marking requirements can backfire on disclosing parties because:

  • Your team may forget to mark sensitive documents in the heat of negotiations
  • Oral disclosures in meetings are difficult to "mark" in real-time
  • Emails and informal communications often slip through without labels
  • Information shared via screen share or demos cannot be marked

A better approach for disclosing parties is to define confidential information broadly (e.g., "all information relating to Company's business") and then rely on the exclusions clause to carve out public information.

What Can Go Wrong
A startup shared its proprietary manufacturing process during a factory tour. Because the NDA required written confirmation of oral disclosures within 10 days, and the startup forgot to send the confirmation letter, the information was arguably not protected.
Related Clauses
Marking Requirements

Marking requirements protect receiving parties by providing clarity about what is and is not confidential. Without them, you might face claims that casual business conversations contained "confidential information."

Benefits of marking requirements:

  • Clear notice of what must be protected
  • Easier compliance for your team
  • Defense against vague claims of breach
  • Documented record of what was shared

Negotiation tip: If the disclosing party resists marking requirements, offer a compromise: information that is "clearly confidential by its nature" (like source code or customer lists) does not need marking, but general business information does.

Oral disclosures are one of the most contentious issues in NDA drafting. There are three common approaches:

  1. No special treatment: Oral information is protected just like written information (favors disclosing party)
  2. Identify at time of disclosure: Speaker must state "this is confidential" during the conversation
  3. Written confirmation required: Oral disclosure must be summarized in writing within a set period (10-30 days) to receive protection

For disclosing parties: Push for automatic protection without confirmation requirements.

For receiving parties: Require both verbal identification AND written confirmation within a reasonable period.

Practical Reality
In most business contexts, nobody actually sends confirmation letters after every meeting. If you are a disclosing party, be realistic about whether your team will follow through. If you are a receiving party, confirmation requirements provide a useful shield.

Yes, if the NDA is drafted correctly. You can make the NDA retroactive by including language such as:

"Confidential Information includes information disclosed prior to the Effective Date in connection with discussions between the parties regarding [the Purpose]."

Important considerations:

  • Specify a clear start date for retroactive coverage (e.g., "on or after January 1, 2024")
  • Make sure the receiving party agrees to this. They may argue they already shared the information with others
  • The longer the gap between disclosure and the NDA, the weaker your position

Best practice: Sign the NDA BEFORE sharing confidential information. Retroactive coverage is a fallback, not a strategy.

Overly broad definitions are a red flag. Language like "all information of any kind whatsoever" or "any information disclosed directly or indirectly" creates significant risks:

  • Routine business communications might trigger confidentiality obligations
  • Your team cannot realistically comply
  • The NDA may be unenforceable due to vagueness or overreach

How to negotiate:

  1. Request specific categories of protected information
  2. Add a "reasonable person" standard: information that a "reasonable person would understand to be confidential"
  3. Insist on robust exclusions for public domain, independently developed, and previously known information
  4. Add a materiality threshold for any breach claims
Related Clauses
Exclusions from Confidential Information

This is often called "derivative information" or "derivatives" and is a crucial but frequently overlooked issue.

Common approaches:

  • Explicitly included: "Confidential Information includes any notes, analyses, compilations, studies, or other documents prepared by the Receiving Party that contain or reflect Confidential Information"
  • Silent: The NDA does not address derivatives at all (creates ambiguity)
  • Explicitly excluded: Derivatives belong to the receiving party (rare, but sometimes negotiated)

For disclosing parties: Ensure derivatives are explicitly covered. Otherwise, a receiving party might argue their analysis of your data is their own property.

For receiving parties: Consider whether you need the ability to retain and use general insights. See the Residuals Clause for related protections.

Related Clauses
Residuals Clause Return or Destruction

Yes, trade secrets deserve special treatment because they receive additional legal protection under state and federal law (the Defend Trade Secrets Act and Uniform Trade Secrets Act).

Consider creating a two-tier definition:

  • Trade Secrets: Perpetual protection, highest standard of care, additional security measures
  • Other Confidential Information: Time-limited protection (e.g., 3-5 years), standard reasonable care

Benefits of two-tier approach:

  • Makes perpetual protection more defensible (courts are skeptical of indefinite protection for routine business info)
  • Aligns contractual protection with statutory protection
  • Easier for receiving parties to accept
What Qualifies as a Trade Secret
To qualify as a trade secret under law, information must: (1) derive economic value from being secret, (2) not be generally known or readily ascertainable, and (3) be subject to reasonable efforts to maintain secrecy.

If information becomes publicly available through no fault of yours, it should no longer be treated as confidential. This is typically covered in the Exclusions clause.

Standard language protects you if information:

  • Was already public before disclosure
  • Becomes public after disclosure through no fault of yours
  • Is disclosed to you by a third party who had the right to disclose it

Important nuance: If information becomes public because YOU disclosed it, you are still liable. The exclusion only applies if the information became public independently.

Documentation tip: If you believe information has become public, document how and when. Keep copies of public sources (press releases, patents, publications) to support your position if challenged.

Related Clauses
Exclusions from Confidential Information

The ideal level of specificity depends on your role and the nature of the relationship:

More specific definitions work well when:

  • You are receiving information and want clarity
  • The purpose of the NDA is narrow and well-defined
  • You want to limit the scope of protection

Broader definitions work well when:

  • You are disclosing information and want maximum protection
  • The relationship may expand in unpredictable ways
  • Multiple types of information will be shared over time
Comparison

Specific: "Confidential Information means the source code, technical specifications, and customer lists provided by Company related to the Product."

Broad: "Confidential Information means any and all information relating to Company's business, technology, customers, finances, or operations."

Yes, and this is often critical for M&A deals, partnership discussions, and investment negotiations. Include language such as:

"The existence and terms of this Agreement, and the fact that discussions or negotiations are taking place between the parties, shall constitute Confidential Information of both parties."

Why this matters:

  • Prevents speculation about your company's strategic direction
  • Avoids stock price volatility (for public companies)
  • Protects against competitive intelligence gathering
  • Maintains negotiating leverage

Important: If you need to disclose discussions to your board, investors, or advisors, make sure the Permitted Disclosures section allows this.

Related Clauses
Permitted Disclosures

Information you already possess should be excluded from confidentiality obligations. This is critical because without this exclusion, you could be prevented from using your own pre-existing knowledge.

The standard exclusion covers information that:

  • Was in your possession before disclosure (with documentation to prove it)
  • You developed independently without using confidential information

How to protect yourself:

  • Before receiving confidential information, document what you already know
  • Timestamp files and records that prove prior possession
  • Keep development logs for independently created work
  • Ensure the exclusions clause uses "without reference to" rather than "without use of" confidential information
Related Clauses
Exclusions from Confidential Information

Modern NDAs should explicitly cover all disclosure methods, including:

  • Screen shares and demos
  • Cloud-based collaboration tools
  • Virtual data rooms
  • Video conferences
  • Physical facility tours
  • Product samples and prototypes

Recommended language: "Confidential Information may be disclosed in any form or medium, including written, oral, visual, electronic, or tangible form, including through demonstrations, samples, or access to systems or facilities."

Practical considerations:

  • Screen recordings during demos may capture confidential information
  • Chat logs in video conferences may contain sensitive details
  • Cloud documents may be downloaded or copied

If you use representatives, affiliates, or agents to share information, the definition should cover disclosures made "by or on behalf of" the disclosing party.

Recommended language:

"Confidential Information means any information disclosed by the Disclosing Party, its affiliates, or their respective directors, officers, employees, agents, advisors, or representatives."

Common situations this covers:

  • Investment bankers sharing financial data in an M&A deal
  • Outside counsel sharing documents in due diligence
  • Consultants presenting on your behalf
  • Parent company employees sharing subsidiary information

Note: Make sure your third parties know they are bound by confidentiality when sharing information. The NDA protects information they disclose, but you may need separate agreements with those third parties.

This affects who can be a "Disclosing Party" and who can be a "Receiving Party."

Unilateral (One-Way) NDA:

  • Only one party discloses confidential information
  • Definition focuses on that party's information only
  • Common in employment, vendor, and some investor contexts

Mutual (Two-Way) NDA:

  • Both parties may share confidential information
  • Definition applies equally to information from either party
  • Common in partnership, joint venture, and M&A discussions

Practical tip: Even in "mutual" NDAs, information flows may be asymmetric. A startup sharing everything with a large corporation that shares little should consider whether mutual protection is really fair. You might negotiate different standards for different types of information.