Confidentiality agreements usually cover the following topics:

• term and identification of the parties;
• scope and identification of the confidential information;
• approved use and permitted disclosures of the information;
• a liability regime and remedies for breach; and
• obligations to return or destroy confidential documents.

Confidentiality agreements may, in some cases, also include non-solicitation clauses, no talk clauses, disclaimers and process protocols.

The term of a confidentiality agreement will usually be between 1 and 3 years, or linked to the life of a contract, for example an employment contract. This can be longer if required, but unlimited terms can be struck down as an unreasonable restraint.

The agreement should be between the entity disclosing the confidential information, that is, the owner of that information, and the recipient of the confidential information.

The scope of the confidential information should be formulated in the broadest possible terms, to include all information and documents disclosed before or after the date of the agreement that a business seeks to keep private. However, in cases where there is particular information that is sought to be protected, this should be specified in the agreement for the avoidance of doubt.

Confidentiality agreements will generally include the following exceptions:

• information in the public domain;
• information already in the possession of the recipient;
• information received from a third party that was entitled to disclose it; and
• disclosures required by law.

Confidentiality agreements will generally hold the recipient of the confidential information responsible for any breach by its representatives. It is common for a recipient entity to be asked to provide an indemnity for any unauthorised disclosure. However, exceptions to liability can be negotiated by a recipient entity if its representatives have provided confidentiality undertakings directly to the discloser.

An information provider should consider whether an indemnity is necessary (and the form of it). For example, common law damages may provide an adequate remedy anyway, because the likely ‘usual’ loss from the wrongful disclosure would be compensated providing causation can be proved. For example, if a recipient used confidential information in breach of a confidentiality agreement which caused the information provider to lose the benefit of a third party contract, then that loss may be recovered by way of damages for breach. Indemnities are preferable if the loss that may be suffered would be too remote as a matter of contract damages (e.g. the likely loss is too particular to the information provider to be assumed by the recipient) and therefore not recoverable as a matter of ordinary damages for breach of contract. Attention should be paid to the category of loss that is covered, the causative language and the type of conduct that will be captured by the breach.

The usual remedy for breach is the grant of an injunction to prevent unauthorised disclosure by the recipient or to prevent the recipient from unfairly taking advantage of the information, together with damages for any loss arising from the disclosure. These remedies may be available even where no indemnity has been agreed.

Consideration should be given to whether the confidentiality agreement should be executed as a deed. This is usually not necessary where a confidentiality agreement is entered into as part of an employment contract, as the provision of employment constitutes sufficient consideration. However, where the agreement is entered into after a term of employment has commenced, or where the employees or representatives of a recipient entity are providing confidentiality agreements separate to that of the recipient entity, a deed may be necessary.

A recipient of confidential information will breach the duty of confidence where they use the confidential information in an unauthorised way, to the detriment of the owner of that information. Unauthorised use may include both unauthorised disclosure and intellectual use, such as the use of a trade secret to build a competing product.

The duty of confidence will not be breached if information that was disclosed in circumstances of confidence has entered the public domain. There is also a risk that the court will not uphold the duty if the discloser does not act quickly to restrain the breach.