This article is written by Raghav Mittal, pursuing Diploma in Law Firm Practice: Research, Drafting, Briefing and Client Management from LawSikho. The article has been edited by Tanmaya Sharma (Associate, LawSikho) and Ruchika Mohapatra (Associate, LawSikho).
“Confidential Information” as the name suggests, is the kind of information that is disclosed only to the selected few and not to the public in general. When such information is disclosed to the receiving party it is made sure beforehand by entering into a Non-Disclosure Agreement (NDA) that such information will remain confidential and should not be disclosed without the permission of the party disclosing such information.
But the question that remains standing is, till when can one keep confidential information as a secret, and what if the professional relationship between the party disclosing information and the party receiving it has ended?
What constitutes a piece of information as confidential cannot be put to a definition as it varies from case to case, such as:
- For a restaurant owner, certain recipes of dishes, ingredients used, or maybe dough of a certain type of bread.
- For a manufacturer, its suppliers, manufacturing process, details of raw material, the technology used.
- For a company, its customer’s data, financial records, plans of the business.
- For a bank, its customer’s account details, aadhar card details, etc.
And this list has no end. The point is that there is no such thing that can be termed confidential. It depends upon person to person and business to business what information is to be termed as confidential. Therefore, in an NDA it is very important to define what information is taken to be confidential by the receiving party. The disclosing party should try to cover all the information that it has disclosed as confidential to avoid any conflict in the future.
Validity term of an NDA
It is not possible for parties to keep an agreement active for an infinite period of time. There needs to be a time specifying the period in which the party at the receiving end of the confidential information cannot disclose such information to the public, otherwise, there are chances that if within that period its competitors get a hand on such confidential information then it can result in huge loss to the party disclosing such information in the first place.
NDA is entered into with the party who is either hired for a particular project or on a contract basis or is an employee of such entity, where confidential information is exchanged between the parties. The period of NDA depends upon the type of information that needs to be protected. If the information relates to the daily working of an entity, then it can range up to 2 years. If the information relates to the internal matters of an entity then it may extend up to 4-5 years.
It depends upon the disclosing party for how much time they do not want a piece of information to become public, and for that, they need to analyze that for how much time that piece of information is relevant for them and after that period it doesn’t matter to them to that extent anymore. Some policies keep on changing with time and once a policy is changed then the information regarding that policy doesn’t attract such kind of protection.
When an employee leaves an entity, he/she is generally put to sign an NDA confirming that no information or policy that relates to the entity shall be revealed to any outsider or its competitor in the near future or to the public at large. It is generally because that company knows that the concerned employee would have gathered much insider information about the company during his tenure with the company and if such data and statistics get in the hands of an outsider, then it may result in loss of business to the company.
Destruction and return of confidential information
Even after entering into a Non-Disclosure Agreement, there can still be some lacuna left that needed to be covered because there was some information relating to deep internal affairs of an entity that it is needed to protect for a longer period than usual. The problem that arose was with the period in which the receiving party cannot disclose confidential information when increased beyond a certain level was not considered as reasonable.
Then, parties started to include a clause in Non-Disclosure Agreements that talks about either the return or destruction or both of the confidential information by the receiving party on the instructions of the disclosing party. It also includes the restrictions on the receiving party about not making any kind of replicas of the documents relating to such confidential information of the disclosing party.
The disclosing party has to be very careful while sharing any information with the receiving party. The disclosing party may also insert a clause in NDA about restricting or prohibiting any further use of such information, irrespective of whether it results in any loss to the disclosing party or not.
In the present time, since everything is being done digitally and especially after the covid outbreak in the world, there is hardly any sharing of information taking place by the supply of hard copies. Everything is being shared by the parties online. Cloud storage has become a part of life now, the information can now be accessed from any part of the world if it is been stored on cloud storage. The internet has become a basic necessity of an individual.
As technology is advancing, it is becoming easier and easier for the entities to share the information with the other and this has helped in maintaining the confidentiality of the information shared. The access to the shared information can anytime be taken away by the disclosing party resulting in more control over who can and in how much time the party can have access to such information.
Importance of this clause
No one can anticipate how anyone can use any information that relates to someone else to his benefit just because the term of NDA has lapsed and he still has access to some confidential information that relates to the other party obtained when they both have entered in a transaction in the past. In these situations, the clause of return or destruction of such information by the receiving party comes into the picture.
Such a clause will not only bar the receiving party to use such information for their gain but will also make them liable for damages in the future even after the term of NDA has expired. As per this clause, the receiving party is obliged to either return or destroy such information, so if there is an act of the receiving party using such information against the disclosing party will lead to the payment of damages to disclosing party because as per the contract the receiving party must not be in possession of any such information and thus there is a breach of such contract.
As technology is advancing, the majority of the information that is shared is through the means of the internet and there are endless methods in which a piece of information can be shared. There are various modes in which a piece of information can be shared through the internet. The disclosing party has options available with them:
- Where they can revoke the access to such information by the receiving party at any time,
- Where they can put restrictions on copy/pasting of such information by the receiving party,
- Where they will be notified when the receiving party tries to take screenshots to make replicas of the same.
All these have curbed the practice of parties trying to bypass the clause.
The internet is a thing that we know dangerously little about. There are so many complexities involved that together make the working of the internet. There is something called the Dark Web that we don’t know much about. There is Hacking that we are unaware of. There is no such thing on the internet that cannot be accessed in one way or another, ethically or unethically. There is nothing on the internet that gets permanently deleted. the information can still be accessed if you have deleted any information. There is a concept of the internet footprint, also known as a cyber shadow, electronic footprint, or digital shadow, where every information leaves its traces and by following such traces such information can be accessed.
So, if one thinks that by just deleting the information from the internet, it cannot be accessed again, it is not so.
What all is left is that an entity should use the mix of offline and online share of information as per the gravity of the information being shared. All attempts should be made to make sure that the information that is shared with the receiving party is duly returned or destroyed as per the instructions given.
The disclosing party should make sure that the term of NDA should be as maximum as possible as even after the expiration of its term, there are chances that such information would have become obsolete even for the disclosing party, the policies would have changed. An entity is therefore advised to change its internal policies from time to time and opt for transparent management. Also, they should choose judicially while disclosing confidential information to the other party about what needs to be disclosed and what is not at all necessary. Extra sharing of information should be curbed.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: