A Non-Disclosure or Confidentiality Obligation clause can be either a separate clause or the language can be included in the definition of confidential information. The clause contains four elements:

  1. confidentiality
  2. non-use
  3. non-disclosure
  4. protection

In the case of acquisition agreement (which will generally be governed by a separate confidentiality agreement), the provision may be general and broad, frequently prohibiting "use" of the information. However, since the term "use" is extremely broad, some provisions will add language to the effect: "except for the specific purposes contemplated by the transaction."

In the case of employment and consulting agreements, the provision typically contain more detail regarding use and protection of confidential information. In the case of service agreements, such data protection may also include data security and backup requirements.

Standard Clause

1. Non-Disclosure

1.1 Confidentiality. Each party agrees to hold the disclosing party's Confidential Information [confidential] [in strict confidence] [in accordance with this Agreement];

1.2 Non-Disclosure. Each party agrees not to disclose any Confidential Information to third parties without the prior, written consent of the disclosing party except as expressly permitted in this Agreement;

1.3 Non-Use. Each party agrees not to use any Confidential Information for any purpose except for the Disclosing Purpose without the prior written consent of the disclosing party;

1.4 Protection. Each party agrees to exercise at least the same care in protecting the disclosing party's Confidential Information from disclosure as the receiving party uses with regard to its own Confidential Information (but in no event less than reasonable care).

Optional Additional Clause Elements

Confidntiality and Non-Disclosure

Most non-disclosure clauses include an obligations of confidentiality and non-disclosure. However, an obligation of confidentiality includes a restriction againgst non-disclosure rendering the latter obligation unnecessary.

Protection of Confidential Information (Employee Agreement)

Example:Employee agrees that:
(a) Employee shall not use in any manner, directly or indirectly, any Confidential Information except in promoting the Company's business, and as necessary in performing the duties of his/her employment with the Company;
(b) Employee will not use any Confidential Information for his/her own benefit or for the benefit of any person or entity other than the Company, and will not permit or allow any Confidential Information to be used in competition with the Company.
(c) During his/her employment with the Company and at all times thereafter, Employee shall take all reasonable steps to prevent any unauthorized disclosure or use of any and all Confidential Information. Employee further agrees to notify the Company immediately in the event that he/she becomes aware of any unauthorized use or disclosure of Confidential Information.

Data Protection and Backup (Master Services Agreement)

(a) Data Protection. Service Provider will maintain safeguards against the destruction, loss or alteration of the Client Data in the possession of Service Provider which are consistent with those written procedures established and in use by Client as of the Effective Date and provided to Service Provider. To the extent that any such procedures have not been established or are not as stringent, Service Provider will maintain safeguards that are no less rigorous than those maintained by Service Provider for its own information of a similar nature. Client either by itself or through a third party, will have the right to establish backup security for the Client Data and to keep backup data and data files in its possession if it so chooses; provided, however, that Service Provider will have access to such backup data and data files as is reasonably required by Service Provider.
(b) Data Security. Without limiting the generality of Section (a) above:
(i) Service Provider or its personnel shall not attempt to access, or allow access to, any data, files or programs within the information systems environment to which they are not entitled under the Agreement. If such access is attained, Service Provider shall immediately report such incident to Client, describe in detail any accessed materials and return to Client any copied or removed materials.
(ii) Service Provider shall institute sound systems security measures with respect to any shared processing environment and with respect to the access and controls it affords to its employees, Affiliates and Service Provider Personnel (including the employees of such Affiliates and Service Provider Personnel) to guard against, identify and promptly terminate the unauthorized access, alteration or destruction of Software and Client Data.
(c) Data Backup. Service Provider shall provide backup of Client Data in accordance with procedures mutually agreed to in the applicable Statement of Work.