🎯 The Modern Data Challenge

Return and destruction clauses were written for a paper world. In the digital age, information exists in places you may not even know about:

  • Email servers: Every email containing confidential information creates copies on sender and recipient servers, plus potentially backup copies.
  • Backup systems: Enterprise backup systems capture snapshots daily, weekly, and monthly. These backups are often stored offsite and may be retained for years.
  • Cloud services: SaaS applications, cloud storage, and collaboration tools create their own copies and backups.
  • Disaster recovery: DR systems replicate data to secondary sites, often with their own retention schedules.
  • Device synchronization: Information may exist on laptops, phones, tablets, and other devices that sync with cloud services.
  • Archived communications: Many organizations archive all communications for compliance purposes.

The Uncomfortable Truth

For most organizations, guaranteeing complete destruction of all copies of information is technically impossible. Negotiating as if it were possible sets you up for automatic breach.

📦 Backup and Archive Issues

The most contentious negotiation point is typically what to do about backup and archive copies. Here are the key considerations:

Data Location Deletion Difficulty Typical Approach
Active files Easy Can be deleted upon request
Email (active) Moderate Can be deleted but may miss copies
Daily backups Difficult Allow to expire through normal rotation
Monthly/annual backups Very Difficult May require carveout until rotation
Disaster recovery Very Difficult Typically cannot be modified
Compliance archives Often Prohibited Legal retention may prevent deletion

Recommended Approach: Tiered Destruction

Negotiate for destruction from active systems within the requested timeframe, with backup copies deleted through normal rotation cycles.

"The Receiving Party shall delete Confidential Information from active files and systems within thirty (30) days. Confidential Information contained in backup or disaster recovery systems shall be deleted in accordance with the Receiving Party's standard backup rotation schedule, which the Receiving Party represents does not exceed [90/180/365] days."

📝 Certification Requirements

Most return/destruction clauses require certification that destruction is complete. This creates personal risk for the certifying officer. Here's how to handle it:

Never Sign This

"I certify that all copies of Confidential Information have been destroyed."

This absolute statement is almost certainly false given modern IT systems. Signing it could constitute fraud or expose the signer to personal liability.

Acceptable Alternative

"I certify that, to my knowledge after reasonable inquiry, the Receiving Party has used commercially reasonable efforts to destroy Confidential Information in accordance with Section [X] of the Agreement."

This qualified certification protects the signer while still providing meaningful assurance.

Key Qualifications to Include

Any certification should include these protective elements:

  • "To my knowledge after reasonable inquiry" - limits to actual knowledge
  • "Commercially reasonable efforts" - acknowledges practical limitations
  • "In accordance with [the Agreement]" - ties to negotiated exceptions
  • "Without independent investigation" - no obligation for forensic review

🛠 Retention Exceptions to Negotiate

The following retention exceptions are reasonable and commonly accepted:

1. Legal and Regulatory Requirements

You cannot be required to violate the law. Many industries have mandatory retention periods for certain types of records.

"The Receiving Party may retain Confidential Information to the extent required by applicable law, regulation, or professional standards, provided that such retained information remains subject to the confidentiality obligations herein."

2. Litigation Hold

If litigation is pending or reasonably anticipated, destroying evidence can result in sanctions. This exception is critical.

"Notwithstanding the foregoing, the Receiving Party shall not be required to destroy Confidential Information that is subject to a litigation hold or that the Receiving Party reasonably believes may be relevant to pending or anticipated litigation, investigation, or regulatory proceeding."

3. Archival Copy for Disputes

Both parties may need to reference the confidential information if a dispute arises. Allowing one archival copy protects both sides.

"The Receiving Party may retain one (1) archival copy of Confidential Information, maintained by the Receiving Party's legal department, solely for the purpose of resolving disputes arising under this Agreement or for legal compliance purposes."

4. Backup and DR Systems

As discussed above, complete deletion from backup systems is often technically impractical.

"Confidential Information contained in automated backup, archival, or disaster recovery systems need not be separately deleted, provided that (a) the Receiving Party does not access such copies except for disaster recovery purposes, and (b) such copies are deleted in accordance with the Receiving Party's standard backup rotation schedule."

5. Work Product and Analyses

Notes, analyses, and other work product based on confidential information may have independent value.

"The Receiving Party shall not be required to destroy notes, analyses, compilations, studies, or other documents prepared by or for the Receiving Party that contain or are based upon Confidential Information, provided that such materials shall remain subject to the confidentiality obligations of this Agreement."

6. Residual Knowledge

You cannot unlearn information. The residual knowledge exception protects general skills and knowledge retained by personnel.

"Nothing herein shall restrict the Receiving Party's use of residual knowledge, meaning information retained in the unaided memory of the Receiving Party's personnel who have had access to Confidential Information, where such personnel have not intentionally memorized such information for the purpose of retaining it."

🕑 Timeframe Negotiations

The time allowed for return or destruction can significantly impact your ability to comply. Here's what's reasonable:

Timeframe Assessment Appropriate For
5 business days Very Aggressive Only for minimal, easily identifiable materials
10 business days Aggressive Limited volume, well-organized materials
30 days Standard Most commercial situations
60 days Reasonable Large volumes, complex IT environments
90 days Conservative Enterprise relationships, extensive sharing

Negotiation Tip

If the other party insists on a short timeframe, negotiate for an extension mechanism: "Within 30 days, or such longer period as the Receiving Party reasonably requires given the volume and location of materials, provided that the Receiving Party notifies the Disclosing Party of such extension."

🚫 Common Scenarios and Solutions

Scenario: Legal Hold Conflict

Problem: You receive a destruction request, but the information is subject to a litigation hold for unrelated litigation.

Solution: Your NDA should include a legal hold exception. If it doesn't, notify the requesting party that you cannot comply due to legal obligations. Propose continuing confidentiality protection instead of destruction.

Scenario: Backup Tape Restoration Would Be Required

Problem: The only way to delete information from backup tapes would be to restore the entire tape, delete the files, and re-backup.

Solution: This is almost never required. Negotiate for backup copies to expire through normal rotation. If pressed, explain that the cost and disruption would be disproportionate and propose enhanced protections for retained copies instead.

Scenario: Information in Cloud SaaS Applications

Problem: Confidential information exists in Salesforce, Slack, or other SaaS tools where complete deletion is difficult or impossible.

Solution: Delete from active views and accessible records. Negotiate language acknowledging that information in "email systems, collaboration tools, and cloud services where targeted deletion is impractical" may be retained subject to continuing confidentiality obligations.

Scenario: Employee Personal Devices

Problem: Employees may have accessed confidential information on personal devices through BYOD policies.

Solution: Your certification should be qualified to "knowledge after reasonable inquiry." Implement a process to notify employees and request deletion, but recognize you cannot guarantee compliance. Consider whether your BYOD policy needs updating.

🔎 Verification and Inspection Rights

Some disclosing parties request the right to verify or audit destruction. These provisions should be carefully negotiated:

  • Resist forensic examination rights: Allowing forensic examination of your systems is extremely intrusive and may reveal your own confidential information.
  • Limit inspection scope: If inspection is required, limit it to a review of your certification process, not access to actual systems.
  • Require reasonable notice: At least 30 days' notice for any inspection.
  • Limit frequency: No more than once per year, and only following a good faith belief of non-compliance.
  • Allocate costs: The requesting party should bear the costs of any inspection.
  • Protect your confidential information: Any auditor must be bound by confidentiality and any findings must be kept confidential.

Alternative to Inspection

Instead of inspection rights, offer an enhanced certification with more detail about the destruction process.

"In lieu of any inspection right, the Receiving Party shall, upon request, provide a written certification detailing: (a) the categories of materials destroyed; (b) the methods of destruction used; (c) the date of destruction; and (d) the identity of the officer responsible for overseeing destruction."

Checklist for Receiving Party

  • Timeframe is 30 days or longer (not 5-10 days)
  • Backup and disaster recovery systems are carved out
  • Legal and regulatory retention requirements are excepted
  • Litigation hold exception is included
  • One archival copy for dispute resolution is permitted
  • Work product and analyses can be retained
  • Certification is qualified ("to my knowledge after reasonable inquiry")
  • No absolute guarantees of complete destruction
  • No forensic examination or audit rights (or heavily limited)
  • Email and cloud service retention is acknowledged
  • Residual knowledge is protected
  • Confidentiality obligations survive for retained materials

💬 Explaining to Non-Lawyers

Business people sometimes push back on retention exceptions, not understanding the technical reality. Here's how to explain it:

The Photo Album Analogy

"Imagine I give you a photo and ask you to destroy it. You can shred the photo easily. But if you've already put that photo in a family album, made copies for relatives, and your photographer kept the negatives, 'destroying all copies' becomes much harder. Modern IT systems are like that - they automatically create copies in places you don't always control."

The Compliance Paradox

"If we sign an agreement saying we'll destroy everything, but our compliance department has already archived the documents per regulatory requirements, we'd be in breach the moment we sign. The exceptions aren't about avoiding our obligations - they're about not making promises we legally cannot keep."