The other day I saw this in a confidentiality agreement:
You could express the same concept using efforts:
The Recipient shall use reasonable efforts to prevent disclosure or use of Confidential Information other than as authorized in this agreement.
Or you could express it using neither degree of care nor efforts:
The Recipient shall take precautions to prevent disclosure or use of Confidential Information other than as authorized in this agreement. Those precautions must be at least as effective as those taken by a reasonable person in the position of the Recipient.
I suggest that addressing this issue using the phrase degree of care isn’t ideal. The notion of a degree of care, or a standard of care, is generally associated with how someone is expected to go about providing services. Because the contract specifies what the services consist of, standards of care are primarily concerned with competence. (See my 2019 blog post for a detailed discussion of how to express a standard of care.)
By contrast, an obligation to keep information confidential leaves open what the recipient has to do. That involves more than competence, so it’s more in the realm of efforts.
What about the third alternative, using neither degree of care nor efforts? The third example is a long-winded way to say efforts. It doesn’t offer any offsetting advantages, so I recommend not going with this option.
Or is it feasible to drop this typical phrase from NDAs altogether? What purpose do these words of “not less than a reasonable care” and the like serve? What will happen if these words were to be omitted? If NDA says that recipient shall not share discloser’s information with unauthorized parties and shall not misuse information, why do we need to spell out the standard of care? The “don’t share/don’t misuse” standard is, in a way, absolute. Recipient’s obligation is spelled out and whether, in complying with this obligation, recipient is being “double-reasonable” or “half-reasonable”, that’s irrelevant, because in either “methodology” of caring for information recipient must achieve the same objective – don’t share/don’t misuse. Plus, the courts will typically imply the commercially reasonable standards in most of what a company does anyway. The primary question here is, IMO: will the standard of care clause allow the court to detract from seeing breach of an NDA by recipient through strict liability lens? In other words, if recipient is super-duper reasonable, but nonetheless breach occurs and attributed to recipient, will the court hold such recipient not liable? If not, then, again, what’s the purpose of spelling out the standard of care? Thoughts?
P.S. I don’t regard NDA as an agreement that should be perfectly balanced, to me NDA is a sword for the discloser, not the shield to protect the recipient, which is why I’m a bit more discloser-biased. That is not to say that recipient should be completely defenseless, of course.
Hi Alex. For what it’s worth, this provision addresses keeping confidential information for being disclosed inadvertently. That goes beyond the primary obligation not to disclose or use the information other than as contemplated.
I think the situation with that clause in particular is different from a general efforts type undertaking. The “reasonable degree of care” here is to be contrasted with the “what you do with your own information” language, just to make sure there’s no loophole if the company says, “yeah, well our usual standard for our own information is really sloppy.” The idea is that the “reasonable degree of care” puts a floor under the obligation. If they’re otherwise loose with their own information, they have to be reasonably scrupulous with yours; if they’re excruciatingly scrupulous with theirs, that standard applies to yours as well.
Hi Vance. I think we’re in a murky area, but I don’t see this as being analogous to having someone install a tile floor.
I don’t quite get where that analogy was heading, but with many decades of experience “in the field” I can attest that a dirty little secret of corporate life is that most companies have little to no systematic protection or even location tracing of confidential information, their own or anybody else’s, with the possible exception of protecting source code. With that in mind, relying on a company’s standards of self-protection is less than optimal.
I was just repeating myself: standards of care relate to competence, and that’s not what’s at stake here.
And one can invoke standards without framing them in terms of standards of care.
I always get crickets when I ask this, but isn’t ‘reasonable’ needless as a modifier of ‘efforts’? Won’t reasonableness be presumed and understood? What misunderstanding does the use of ‘reasonable’ avoid? That nugatory efforts will suffice? That superhuman efforts are required? And if the modifier ‘reasonable’ is necessary here, why not all over the place? -Wright
Acme shall use efforts to X isn’t colloquial English. The phrase best efforts is colloquial, but it’s too prone to legalistic hairsplitting. Reasonable efforts has become the accepted alternative. Even simpler would be try hard, but it’s best not to attempt to inflict novelty on a hidebound constituency.
Why not simply “The Recipient shall prevent disclosure or use of Confidential Information other than as authorized in this agreement.”?
If there is disclosure or other use, then comes the question about the reasonableness of the measures taken to take care of the Confidential Information.
Hi Dave. I think it better reflects reality to (1) say the recipient will take reasonable measures to protect confidential information and (2) also have a provision that imposes liability. Ken