Confidentiality clause

How confidentiality clauses protect sensitive information and where they fall short.

NDABeginnerContractual; equity (breach of confidence); trade secrets legislation by jurisdiction

What is a confidentiality clause?

A confidentiality clause restricts what a party can do with information received during the contract. It defines what counts as confidential, who can see it, how long the obligation lasts, and what happens if someone breaches it.

Every commercial contract has one, or should. Without it, you're relying on equitable remedies for breach of confidence, which are slower, less predictable, and harder to enforce across borders. A well-drafted clause gives you a contractual claim with clear terms.

Relevant legislation

Confidentiality is primarily contractual, but several legal frameworks sit behind it:

  • UK: common law breach of confidence. The equitable doctrine protects information shared in confidence even without a contract. The Coco v A.N. Clark Engineers test applies. The Trade Secrets (Enforcement, etc.) Regulations 2018 added statutory protection aligned with the EU Trade Secrets Directive.
  • US: Defend Trade Secrets Act 2016 (federal) plus state-level Uniform Trade Secrets Act. Most states have adopted some version. These create statutory remedies for trade secret misappropriation but don't replace the need for a contractual clause.
  • Australia: equitable breach of confidence plus the Corporations Act 2001 for corporate information. No standalone trade secrets statute, so the contractual clause does most of the work.

What to look for

Start with the definition of confidential information. "All information disclosed by either party" is broad but manageable if paired with clear exceptions. Watch for definitions that include "all information, whether written, oral, or observed," with no exceptions listed. That's unworkable in practice. You need carve-outs for information that's already public, independently developed, received from a third party, or required to be disclosed by law.

Check the permitted disclosures. Can the receiving party share confidential information with its employees, contractors, and advisers? It should be able to, on a need-to-know basis, provided those people are bound by equivalent obligations. If the clause says "shall not disclose to any third party" with no exceptions, it's too restrictive to comply with.

Look at the duration. Confidentiality obligations that survive "in perpetuity" are common but may not be enforceable everywhere. A fixed period (typically two to five years after termination) is more practical. For trade secrets, a longer or indefinite period is reasonable because the information retains its value as long as it stays secret.

Check the remedies. Many confidentiality clauses state that damages are an inadequate remedy and that the disclosing party is entitled to injunctive relief. This language doesn't guarantee a court will grant an injunction, but it helps establish urgency if you need one.

Common pitfalls

Confidentiality clauses that are too broad discourage compliance. If everything is confidential, people stop treating anything as confidential. Marking requirements (where only information marked "Confidential" is protected) solve this but create a different risk: forgetting to mark something important.

One-way confidentiality in a mutual relationship is a red flag. If both parties share sensitive information but only one is bound by confidentiality, the other party's information has no contractual protection.

Residuals clauses allow a party to use "residual knowledge" retained in the memory of its personnel after the contract ends. These are common in technology agreements and can quietly undermine the entire confidentiality framework. If an engineer remembers your trade secret, the residuals clause lets them use it.

Weak or missing return/destruction obligations mean your confidential information sits on someone else's servers indefinitely. The clause should require return or certified destruction within a specified period after termination.

Example clause

"Each party shall treat as confidential all information received from the other party that is marked as confidential or that a reasonable person would consider confidential given its nature and the circumstances of disclosure ('Confidential Information'). The receiving party shall not disclose Confidential Information to any person other than its employees, contractors, and professional advisers who need access to perform obligations under this Agreement and who are bound by equivalent confidentiality obligations. This clause survives termination for a period of three years. Confidential Information excludes information that: (a) is or becomes publicly available other than through breach; (b) was known to the receiving party before disclosure; (c) is independently developed without reference to the disclosing party's information; or (d) is required to be disclosed by law or regulatory authority."

Frequently asked questions

How long should a confidentiality clause last?

Two to five years after termination is standard for general commercial information. Trade secrets can justify longer periods, sometimes indefinite, because the obligation should last as long as the information remains secret. Courts are more likely to enforce time-limited obligations, so specify a period where you can.

Is a confidentiality clause the same as an NDA?

An NDA is a standalone agreement focused entirely on confidentiality. A confidentiality clause does the same job but lives inside a broader contract. The legal effect is the same. Standalone NDAs are common before negotiations begin; confidentiality clauses take over once the main contract is signed.

What happens if someone breaches a confidentiality clause?

The disclosing party can claim damages for losses caused by the breach. In urgent cases, they can seek an injunction to prevent further disclosure. Some contracts include indemnification obligations for confidentiality breaches, which may sit outside the liability cap, creating uncapped exposure for the breaching party.

Can confidential information be shared with subcontractors?

Only if the clause permits it. Most well-drafted clauses allow disclosure to employees, contractors, and advisers on a need-to-know basis, provided they're bound by equivalent obligations. If the clause is silent on subcontractors, the safe answer is no.

How Clara helps

Clara identifies confidentiality clauses and flags missing exceptions, one-sided obligations, residuals clauses, and weak return/destruction provisions. It checks whether confidentiality breaches are carved out from the liability cap, highlighting where uncapped exposure may exist.

See how Clara flags this in your contracts

Upload a contract and get AI-powered risk analysis in about 60 seconds.

Related Terms

Indemnification clause
How indemnification clauses shift risk and where uncapped exposure hides.
Limitation of liability clause
How liability caps work, what carve-outs really mean, and where the hidden exposure is.
Non-compete clause
How non-compete clauses restrict competition and when courts strike them down.