The Duration of Confidentiality Agreements

Reader David recently posed the following question:

I have a question for you that has bugged me for several years. From time to time, my company shares company-related information with a third party and, before doing so, enters into a confidentiality agreement (CA) [also known as a nondisclosure agreement—KAA] with the third party. Our CA has a term of five years, and it often gets negotiated down to a shorter time frame. Several lawyers have suggested that we remove the term in our agreement and force the third party to request a term. These attorneys argue that, if a term is not requested, and thus no term is specified in the CA, the term is perpetual (i.e., the confidentiality obligations will go on forever), which would benefit my company. Other attorneys I have spoken with have said that a CA without a term runs the risk of being voided by a court (either the court would impose its own reasonable term, or void the entire contract for vagueness reasons). Do you know of any case law on this particular issue or have any thoughts on whether you should or should not include a term in a CA (or any other contract)?

It would take me several pages to answer this question thoroughly. For the time being, here’s my quick answer:

Information that Constitutes a Trade Secret

The key issue is the nature of the information being protected.

Information that constitutes a trade secret is protected under common law until such time as it’s no longer a trade secret.

The owner of a trade secret could elect to reinforce by contract the common-law protection afforded trade secrets, and there are advantages to doing so. See Milgrim on Trade Secrets § 4.02[1]. Could duration of a contract obligation not to disclose trade secrets be subject to a “reasonableness” standard? Here’s what Milgrim has to say:

While there is some (and, in your author’s view, fundamentally misconceived) authority for the proposition that covenants not to disclose must also be reasonable as to duration, such view is patently unsound because the covenant simply ceases to be enforceable upon the underlying matter’s becoming generally known or otherwise ceasing to be a trade secret, and hence such restriction can never be unreasonably enforced. Given the inherently indeterminate life of trade secrets and the practical inability to enumerate specific trade secrets which may be known to the employee as a consequence of the ensuing employment, the notion that restrictions on use and disclosure must be limited as to time is both unreasonable and harsh.

In other words, according to Milgrim it wouldn’t make sense for a court to say that an open-ended contract obligation to keep trade secrets confidential isn’t enforceable, that instead it should have been of limited duration.

But I’d add that it might make matters clearer for the parties, and for any court, if it were made explicit that any contract obligation not to disclose trade secrets would lapse once the trade secrets in question stopped constituting trade secrets. Sure, you’re stating the obvious, but sometimes stating the obvious is the cautious thing to do. What say you?

Information the Doesn’t Constitute a Trade Secret

But it’s a different matter when a contract seeks to cover information, such as confidential information revealed to an employee during the course of employment, that’s broader than trade secrets. Such broad confidentiality obligations constitute, along with restrictions on competition, “restrictive covenants,” and in many jurisdictions restrictive covenants have been held unforceable unless they are limited in duration. See Milgrim on Trade Secrets 4.02[2][a].

I’ve only dipped into the case law. For instance, one relevant case is AMP, Inc. v. Fleischhacker, 823 F.2d 1199 (7th Cir. 1987) (applying Illinois law).

So David, whether it would make sense to remove the term from your confidentiality agreement depends on the nature of the protected information. But even if the agreement protects only trade secrets, the protection wouldn’t last forever. I suspect that your agreement covers more than trade secrets. If that’s the case, I’m not sure you’ve been given good advice. Of course, this isn’t the place to get into a discussion of what constitutes a trade secret.

And of course, I’m not giving you legal advice! These are simply my first impressions, based on a couple of hours of thought. I expect some readers will weigh in with thoughts of their own.

How to State Duration in a Confidentiality Agreement

Here’s a question David didn’t ask: what’s the best way to state the duration of a confidentiality agreement?

To state the duration of any obligation, you have two choices. You could build it into the obligation: Acme shall keep the Information confidential for three years. Alternatively, you could omit any mention of duration from the obligation and instead specify the duration (or “term”) of the entire agreement.

Economy favors the former approach, but I can think of two reasons in favor of specifying duration of the agreement.

First, if you state the duration in the obligation, that suggests that the agreement itself is of indefinite duration. I prefer to specify that a confidentiality agreement terminates at some point, so there isn’t any question of a company having to forever include a given confidentiality agreement in any list of contracts to which it’s party, even though it’s no longer bound by the only obligation in the agreement.

And second, confidentiality obligations often form part of a broader agreement that contains a “term” provision; duration of the confidentiality obligation should key off that “term” provision. Sometimes that requires a hybrid arrangement, with the confidentiality obligation also addressing duration: During the term of this agreement and three years thereafter, Acme shall keep the Information confidential.

  • Eric Goldman

    An NDA with a term limit can be a trap for the unwary. All trade secrets disclosed via a term-limited NDA should automatically lose their trade secret status (both against the recipient and the entire world) at the end of the term. The term expiration might also trigger an accelerated timeline for filing patents on any patentable trade secret material disclosed via the NDA.

    As a result, a term-limited NDA makes sense only for trade secret information that doesn’t have a long shelf life–for example, marketing plans where the plans will have been already publicly launched by the end of the term. A term-limited NDA would be a terrible choice for other types of trade secret information that has longer-term value, such as recipes, processes, source code, etc. because it builds in a finite term for an asset that might have lasted longer with better drafting. Despite this, I’ve seen it done many times in my career.

    There are possible two solutions to these conundrums:

    1) Use customized terms for each deal reflecting the nature of the disclosed information

    2) Use an NDA with a perpetual term, even if you don’t really need that in all cases.

    It’s easy to see why IP lawyers default to the latter. Eric.

    • David M; Ginsberg

      Excellent Point. Thank you very much. Have to carve out a separate provision for Trade Secrets and other confidential information.

  • Ken Adams

    Eric: I don’t know how a court would respond to a perpetual term if only some of the information consists of trade secrets.

    Maybe it would be best to say that the term is perpetual in the case of trade secrets and X years in the case of all other information. That differs from your first option in that the parties wouldn’t attempt to suggest what constitutes a trade secret and what doesn’t. The parties’ intent in that regard might well be a factor to take into account, but whether something constitutes a trade secret is a question of fact and could always be questioned in litigation, particularly if at signing the parties aren’t in much of a position to address with any certainty what kind of trade secrets would arise in the future. I suspect that’s often the case.


  • David Munn

    The possibility that an agreement would maintain protection of information (both trade secret and non-trade secret) perpetually is tempered by the fact that almost every confidentiality agreement includes enumerated exceptions under which the confidential information is not protected or ceases to be protected under the agreement. These exceptions typically cover information that is publicly disclosed, information received by the recipient from a third party, and information independently developed by the recipient. Those exceptions mean that over time much of the information disclosed will cease to be protected, even if there is no stated term in the agreement.

    • David M; Ginsberg

      I have a question on that. Take, for example, attorney client privileged information as an analogy to contractually protected confidential information. Some information may be somewhat in the public domain, but not generally available. For example, if a client was charged and acquitted of some crime in a “municipal court” in a distant state, a crime which may have moral implications, (sex or drugs). While that information is technically in the “public domain” (because it is a matter of public record if you know where to search), I don’t believe an attorney can broadcast this information if he/she learns it through a conversation intended to be privileged from the client. I have argued this point with many attorneys. The same issue applies to the general exceptions to confidential information. I don’t need or want the people who sign the confidentiality agreements to run around using information they learned to assert the information is in the “public domain” [one very common exception to confidentiality provisions]. So I put a covenant that the signer of the Confidentiality Agreement will not contest, inter alia, the confidential nature of the information, its proprietary value, etc. Any thoughts about whether such a provision, and the absence of the usual exceptions, will adversely affect the confidentiality provision or agreement?

  • Ken Adams

    David: Agreed. In fact, I think those exceptions just state the obvious: even if a contract were to omit them, it’s unlikely that the party providing information would be able to recover damages for disclosure due to any of the factors listed in those exceptions. Ken

  • mike

    My term clause (when there is one) is always bifurcated:
    1. In general, the term is duration of relationship + [#] years, and
    2. For information constituting a trade secret, until that information no longer constitutes a trade secret under the law.

    I’ve had people tell me that they view omitting a term as a ordinarily low risk since there’s only a small risk that anyone would actually challenge the agreement. When term is omitted, I’d argue that it is nevertheless appropriate to give a court guidance (just in case) of a reasonable minimum: Company shall keep Confidential Information confidential for the duration of the business relationship between the parties and thereafter.

  • 10803

    I’ve been thinking about this a bit recently and, in fact, just rolled out a new NDA. Our approach is that the Agreement has a perpetual term. Confidentiality obligations, however, survive

    – for trade secrets, for as long as it constitutes a trade secret under the Uniform Trade Secrets Act;
    – for CPI, in perpetuity unless statute provides a shorter term;
    – “other” confidential information for N years from the date of disclosure.

    This is pretty close to what Ken was writing above, but rather than limiting the agreement by term, we (try to) avoid the unenforceability issue by limiting only specific obligations by time.

    Also, I think there are four standard exceptions to confidentiality: publicly available other than from breach, received from another source not (known to be) in breach, independently developed and previously known. I know Ken likes cutting as much chaff as possible, but those exceptions would be glaring in their omission and, in fact, are subject to occasional negotiation (for example, whether a recipient has to know if another party disclosing CI to it is doing so in breach of a confidentiality obligation).

  • Ken Adams

    10803: The exceptions state the obvious, but I in fact keep them in. As I noted above, stating the obvious can sometimes be useful, and I think that’s the case with these exceptions.

    Also, I’m not sure about giving the agreement a perpetual term but limiting the confidentiality obligations. You might be giving with one hand then taking away with the other.


  • 10803

    I’m open to suggestions on the term. If it’s perpetual, that’s stating the obvious for trade secrets but is of questionable enforceability for everything else.

    If we limit the term (other than for trade secrets), we either have to do so from the date of the agreement (e.g., January 1, 2008 to December 31, 2013) or we have to have a continually rolling term from the date of disclosure. Most of my NDAs are for ongoing business relationships. That causes problems with both of those options. In the first setup, I could have CI disclosed on November 30, 2013 and it’s only protected for a month.

    In the second structure, I could receive CI today and still have to treat it confidentially 15 years from now (because I received additional CI later under the same NDA), or rely on one of the standard exceptions. I’d rather my colleagues be absolutely vigilant for (at least) N years from the date of disclosure and not have to worry about making an inquiry (or defending a claim) about whether the materials have or haven’t fallen out of the definition.

    Are you proposing that the agreement has different terms (duration terms, not rights/responsibilities) for each disclosure, or were you just contemplating discrete NDAs for discrete (no pun intended) disclosures?

  • Jeffy

    An interesting article, though unspoken in all this discussion of “term” is the considerable likelihood that, for most kinds of confidential information (excluding the kinds of trade secrets highlighted by Eric’s above comments), damages arising from a breach of an NDA would rather rapidly decline over time. In other words, what’s the harm in inadvertent disclosure of once-confidential information 5 or 10 years after the fact? In most cases, I suspect the answer is that there is no harm and, therefore, no basis for a damages claim. Not endorsing perpetual term NDAs by any stretch, but just suggesting that in many cases the practical implications are comparatively limited.

  • Ken Adams

    10803: I always thought it cumbersome to have a confidentiality period attach to each bit of disclosed information. I’d be inclined to tack on a catch-all confidentiality period after termination of the relationship.

    Jeffy: No argument that when you’re not dealing with trade secrets, in most circumstances the likelihood of damages drops off precipitously over time. But what’s more important is that courts are inclined to hold that perpetual confidentiality periods are unenforceable. Also, as I suggest above, it’s neater to be able to say that a given agreement is definitively over.


  • Chris Lemens

    In a stand-alone confidentiality agreement anticipating a commercial deal (i.e. not M&A and not employment), I usually bifurcate the term.

    The first part is the period during which the disclosure must occur for the information disclosed to be considered “Confidential Information.” This deals with the risk that someone receives information long after the discussions ceased, but the other side then contends it is confidential under the agreement. Usually, I use a term of one year for our business, but I’d want to look at business practices for each business before making that decision.

    The second part of the term is the duration of confidentiality for information that was disclosed during the term. Here, I usually say that the obligations last as long as the information remains within the definition of confidential information. That definition comes pretty close to the definition of a trade secret, with the exception that I don’t require it to be vlauable. I don’t think I’ll ever be enforcing the agreement for valueless information, so I have a hard time seeing a situation in which a court would invalidate the agreement as anticompetitive.

    I’m leaning towards changing my form, out of an abundance of caution, limit the duration of protection to the maximum allowed by state law, if that is less, for information that is not a trade secret.

    That said, I’ve tried to avoid the jurisdictions where I knew they made that kind of distinction. (I never allow Georgia law to govern, for example.) Does anyone know if there is a reliable list?


  • David

    Chris raises a good point. In many types of commercial contracts arguing over governing law is a pointless exercise. With confidentiality agreements that is not always the case. Does anyone know of a concise and reliable list that can be used as a guide to identify states where there may be reasons to avoid the application of that state’s law if you are the one looking to protect your confidential information?

  • Liz

    Not to further complicate matters, but there’s the third case where the information disclosed must be held in confidence because of applicable regulations. An example would be a technology partner to a technology services provider to financial institutions that will have access to the TSP’s own company confidential information (draft press release), trade secrets (product roadmap), and the TSP’s customers’ data that is protected by specific law or regulation (GLBA). Current FFIEC regs don’t reach so far as to specify contract provisions for the TSP’s subcontractors. In this scenario it might make sense to have a third term, i.e, for so long as applicable law (or the specific regulation) requires the information be held in confidence. Typically, in this case it’s known at the time of contract what regulated information will be disclosed, and there will be additional paragraphs discussing specific obligations relating to that class of information. It’s important to ensure that any term limitations on the agreement are consistent with the regulatory requirements that apply to the regulated disclosures.

  • George

    Assuming there is a breach of confidentiality much after (let’s say 7-8) years after the information is disclosed under a perpetual confidentiality agreement, what is the probability that any damages can be claimed? Since confidential information will lose its value due to obsolescence, is entering into a perpetual confidentiality agreement really a risk?

  • Jeannette

    I have a question. What if you disclose the same information to different parties and you do not use the same CDA? Specifically, what if the period of confidentiality is different in each one? Is there any case law that says every recipient’s obligation with respect to that confidential information expires on the shortest date?