Is It Time to Review Your Clients’ NDAs?

Recent media attention on non-disclosure agreements (NDAs) is a reminder to periodically review these form agreements to ensure that the provisions that were favorable or represented your client’s position in the past continue to do so.

At the Tech & Sourcing @ Morgan Lewis blog, we have discussed NDAs in the past. Here, we revisit some of those key considerations and expand upon additional items to bear in mind as you review your client’s NDAs.


At the outset, it is important to identify what parts of a business will use the NDA form and make sure the NDA covers each business entity—including your client’s subsidiaries and affiliates, if that is the intended scope. Additionally, you should consider whether each entity has the same needs and if those needs can be sufficiently covered in a one-size-fits-all NDA form.


Consider how long you want confidentiality obligations to remain for both confidential information provided and received, including whether a term is even appropriate when it applies to your trade secret information. It also is important to make sure that the NDA dates back to or includes confidential information you may have shared in anticipation of executing the NDA.

Definition of “Confidential Information”

If you are the discloser of information, you likely want to make sure that the definition of “confidential information” includes summaries and compilations of the confidential information you provide. This, of course, is in addition to other considerations we addressed previously, including whether information can only qualify as confidential under the NDA if it is labeled as “confidential.”

Disclosure of Information

If your client employs consultants who may need access to the other party’s confidential information in order to provide its services, you may need to include the right for your client to disclose the confidential information you receive to such third party. In exchange for this right, you may need to agree to have in place a commercially reasonable NDA with your consultants and to be responsible, vis a vis the disclosing party, for any breaches of the NDA between the disclosing party and your client arising from any acts or omissions by your consultants.

Standard of Care

Make sure that your form NDA is consistent with respect to the standard of care that the receiving party must use in protecting the confidential information of the disclosing party. Does the form state that the receiving party will keep the confidential information “strictly” confidential in one place and then state elsewhere that the receiving party will use “commercially reasonable” efforts to protect the confidential information, but not less than the efforts that the receiving party uses to protect its own, similar confidential information? We have seen plenty of forms with this inconsistency.

Obligation to Report Misuse

If the other side discloses your client’s confidential information in violation of the NDA, or the confidential information is otherwise accessed by an unauthorized third party, such as in a data breach, what reporting obligations does the other party have? Must they cooperate with your client in responding to data breaches? Your NDAs should cover these situations to help protect your information and satisfy obligations to other parties in the event of misuse or wrongful access.

Return of Confidential Information

Depending on the relationship between the parties, the business transaction, and your client’s data storage practices, the other side may be the only party with some of your client’s confidential information at the end of the term. As such, and in order to prevent the other side from continuing to use your confidential information, your client’s NDA should require the return or destruction, at your client’s direction, of all of your client’s confidential information at the end of the term. This requirement also should cover all copies and summaries the other side may have.

This post, as well as our musings elsewhere on the subject, encapsulate only a fraction of the considerations you should keep in mind when preparing or reviewing your form NDAs. Be sure to consult a lawyer when drafting these often-overlooked but vital agreements.

An earlier version of this article was originally published on Morgan Lewis’s Tech & Sourcing @ MorganLewis blog.

Michael L. Pillion is a partner at Morgan Lewis with over 30 years of experience in technology, outsourcing, and commercial transactions. He concentrates his practice on counseling clients in structuring, negotiating, realigning, and terminating information technology (IT) outsourcing and business process outsourcing (BPO) transactions, technology transactions, complex commercial transactions, and real estate leasing deals.

Jessica M. Pelliciotta (LAW ’15) is an associate at Morgan Lewis in the technology, outsourcing, and commercial transactions group. Jessica focuses her practice on counseling

Leave a Comment