Why the Definition Matters
The definition of confidential information is the foundation of every NDA. If the definition is too broad, courts may find it unenforceable. If it is too narrow, important information might slip through the cracks. Getting this right is the difference between an NDA that actually protects you and one that gives you a false sense of security.
Two Approaches to Defining Confidential Information
There are two primary methods for defining what qualifies as confidential information in an NDA, and each has distinct advantages and drawbacks.
The Broad Approach
A broad definition covers all information shared between the parties, regardless of format or subject matter. It typically reads something like: "all information disclosed by the disclosing party to the receiving party, whether in writing, orally, or by inspection."
Advantages:
- Casts a wide net that captures information you might not have anticipated
- Simpler to draft and less likely to have gaps
- Useful when the scope of shared information is unpredictable
Disadvantages:
- Courts in some jurisdictions view overly broad definitions as unreasonable and may decline to enforce them
- Can create uncertainty for the receiving party about what exactly is covered
- May be seen as overreaching, making negotiations more difficult
The Specific Approach
A specific definition lists categories or types of information that qualify as confidential. This might include trade secrets, business plans, financial information, customer lists, technical data, product designs, and marketing strategies.
Advantages:
- Clearer expectations for both parties
- More likely to be enforced by courts because it is reasonable and specific
- Easier to prove a breach because the boundaries are well-defined
Disadvantages:
- Risk of accidentally excluding important information
- Requires more thought and effort to draft
- May need to be updated if the relationship evolves
The most effective approach is often a hybrid: start with a list of specific categories and then include a catch-all provision for related information. This gives you both clarity and breadth.
Essential Categories to Include
When listing specific types of confidential information, consider including these common categories:
Business Information
- Business plans and strategies
- Financial data, projections, and budgets
- Pricing information and fee structures
- Customer and supplier lists
- Marketing plans and competitive analyses
- Sales data and pipeline information
Technical Information
- Source code, algorithms, and software architecture
- Product designs, specifications, and prototypes
- Manufacturing processes and techniques
- Research and development data
- Patent applications before filing
- Technical documentation and diagrams
Personnel Information
- Employee compensation and benefits data
- Organizational structures and staffing plans
- Recruitment strategies
- Performance evaluations
Legal and Regulatory Information
- Pending litigation details
- Regulatory filings and compliance data
- Licensing agreements and terms
- Intellectual property portfolios
Marking Requirements
Some NDAs require that confidential information be marked or labeled as "confidential" to be protected. This is a practical consideration that has significant implications.
Written Information
For documents, emails, and other written materials, requiring a "Confidential" label is straightforward. However, in practice, people frequently forget to mark documents, which can create gaps in protection.
Oral Disclosures
Oral information presents a challenge. Since you cannot stamp a conversation as confidential, many NDAs require that oral disclosures be followed up with a written summary within a specified timeframe (typically 10 to 30 days) identifying the information as confidential.
Best Practice
Consider including language that confidential information is protected regardless of whether it is marked, but that marking is encouraged. This avoids the situation where genuinely confidential information loses protection simply because someone forgot to add a label.
If your NDA includes a marking requirement, establish a clear internal process for labeling documents and following up on oral disclosures. The best NDA language in the world will not help if your team does not follow the marking procedures.
What to Exclude from the Definition
Every enforceable NDA includes exclusions — categories of information that are carved out from the confidentiality obligations. Standard exclusions include:
- Publicly available information — Information that is already in the public domain or becomes publicly known through no fault of the receiving party
- Prior knowledge — Information the receiving party already knew before the NDA was signed
- Independent development — Information the receiving party develops independently without using confidential information
- Third-party disclosures — Information received from a third party who is not bound by confidentiality obligations
These exclusions are essential for enforceability. Without them, courts may view the NDA as unreasonably restrictive and refuse to enforce it.
Common Mistakes in Defining Confidential Information
Being Too Vague
A definition that simply says "all information" without any further specificity may be struck down by a court. Provide enough detail to give the receiving party fair notice of what is covered.
Forgetting Derivative Works
If the receiving party creates analyses, compilations, or summaries based on your confidential information, those derivative works should also be covered. Include language that extends protection to materials derived from or incorporating confidential information.
Overlooking Digital Formats
Make sure your definition covers information in all formats: written, electronic, oral, visual, and any other medium. In today's digital environment, confidential information might be shared via cloud platforms, messaging apps, screen shares, or video recordings.
Ignoring Residual Knowledge
When someone reviews confidential information, they inevitably retain some knowledge in their memory. Consider whether your NDA should address residual knowledge — the information that remains in a person's unaided memory after the NDA period ends.
Tailoring the Definition to Your Situation
The right definition depends entirely on your specific circumstances. Here are a few examples:
Software Company
Focus on source code, algorithms, API documentation, user data, and architecture decisions. Include database schemas, deployment configurations, and security protocols.
Manufacturing Business
Emphasize formulas, processes, supplier relationships, equipment specifications, and quality control methods. Include tooling designs and production workflows.
Professional Services Firm
Prioritize client lists, project methodologies, pricing models, and proprietary frameworks. Include internal training materials and performance benchmarks.
Creating Your NDA with the Right Definition
Getting the confidential information definition right is crucial for an enforceable NDA. PactDraft helps you build a properly scoped definition by asking targeted questions about your situation, the type of information you need to protect, and the nature of your business relationship. Generate a customized NDA with a clear, enforceable confidential information definition in just a few minutes.