Does your business have confidential or proprietary information which it considers valuable to its operations? This information may consist of any one or more of the following: know-how, trade secrets, processes, blueprints, drawings, specifications, reports, manuals, purchases, sales, customers, customer lists, customers' confidential information, price lists, financial and marketing data, business plans, business practices, processes, products, services, and active and prospective projects. And, of course, this is not an exhaustive list.

Confidentiality agreements are the mainstay of protection for the confidential information of a business in its interactions with other parties. Such agreements can be stand alone or included as provisions within a commercial agreement with a larger scope. They can also be one-sided (where the confidentiality obligations are imposed on only one of the parties for the benefit of the other party) or mutual (where both parties have such obligations), as the circumstances may dictate.

The first thing to look to is what purpose a confidentiality agreement is to serve. For example, is the confidential information being disclosed for evaluation purposes prior to a commercial relationship being formed, in respect of a transaction of purchase and sale, in an employment/engagement circumstance or for some other specific identified purpose? This provides the context for entry into any such agreement.

The second thing to look to is who the parties to the agreement should be, which requires a consideration of who will have access to the confidential information. For example, if the recipient of confidential information will be disclosing such information to its affiliates/subsidiaries, then it would be best to ensure that those entities are also signatories to the agreement and directly bound by the obligations of confidentiality. This makes the enforcement of the obligations against those entities easier and also ensures that they have full notice of the obligations. Furthermore, a disclosing party will want to ensure that the confidentiality agreement states that only employees and contractors of the receiving party, who have a ‘need to know’ such information and who have signed confidentiality and non-disclosure covenants, may be provided with the confidential information.

Next, it is important to identify the information to be disclosed. Depending on the circumstances, this may mean a specific statement of information or a general statement such as “all information concerning the business and affairs of the company”. It will be this information that the receiving party is obligated to keep confidential, so the receiving party will always want to narrow the focus, whereas the disclosing party will always want to be fairly broad (so as not to miss anything). In addition, the receiving party may wish the agreement to indicate that only information marked or identified as being confidential must be treated as such, and the disclosing party will want the agreement to state that all information “obtained, made available or disclosed in circumstances where the recipient ought reasonably to know that such information is confidential” shall be kept confidential.

Certain information may be carved out from the obligations of confidentiality, namely: (i) publicly available information, (ii) information disclosed to the public by the disclosing party without restriction, (iii) information known to the recipient at the time of disclosure, and (iv) information which can be proved was independently developed by the recipient without any breach of confidentiality obligations.

The recipient’s obligations under a confidentiality agreement should be to hold the information in confidence and not disclose it further, and not use it for other than the stated purpose (if one is set out in the agreement). Furthermore, the recipient should be obligated to treat the information with a standard of care which she/he/it would use to protect her/his/its own valuable confidential information.

Another matter to determine in a confidentiality agreement is how long the obligations will be in place. For those obligations concerning personal non-public information, the obligations should be perpetual. Otherwise, it is appropriate to set a term in the agreement for the length of time that the obligations will survive.

The agreement should also contain general ‘boilerplate’ provisions respecting (i) the binding nature of the agreement on the signatory(ies) and her/his/its(their) successors and assigns, (ii) the non-assignable nature of the agreement (except perhaps with the consent of the other side party), and (iii) governing laws.

Finally, if the confidentiality agreement is well drafted and both parties have had legal representation (or waived such representation), understood the obligations and not entered into the agreement under any duress, then the agreement may be enforced if there is any breach of its terms, including the entitlement to bring an order for injunctive relief, a claim for breach of contract and/or specific remedies.

Handshakes may work for some, but the better course of action is to ensure that there are proper agreements in place to protect your interests and your valuable information!