How to Use Confidential Information, and Who May Use it

Written By Adam Yohanan

Written By Ethan King

You signed an agreement with confidentiality provisions! That is a great first step for you and your business partner to protect confidential information. Now comes the hard part: who can you share this information with, and who can use it so that each party can do their part to deliver under the agreement? 

Earlier this year, we discussed how confidential information can be defined. Let’s continue that conversation by discussing how confidential information may be used and who may use it.

How Should Confidential Information Be Used?

1. Purpose: Confidential information should only be used for the purpose for which it was disclosed. Sometimes, the purpose will be tied to the description of services in the terms and conditions. At other times, the purpose will appear in the confidentiality section itself. In the case of a non-disclosure agreement (NDA), the purpose of exchanging confidential information will be defined. 

2. Need-to-Know Basis: Only those who need the information to fulfill the purpose should be given confidential information to use.

3. Encryption & Protection: In some cases, confidential information should be password-protected and encrypted. Some parties may further define the type of encryption to be used or how to devise usernames and passwords for login access to the confidential information. 

4. Compliance: Depending on the type of confidential information being shared, you may need to comply with regulatory requirements for that type of data. Examples of data that might be subject to regulations include personal consumer, health, and financial information. 

5. Using Data Outside of the Purpose: You may want to use the data outside of its intended scope. Here are some ways to allow this:

  • Insert a clause stating that you may use aggregated and anonymized data to improve your systems. 

  • Have a license to use the information granted in perpetuity, either generally or for similar projects or purposes.

6. Return and Disposal: Once the scope for which the information was provided is completed, the confidential information must still be protected, and in some cases, must be returned. Additionally, the agreement may require certification that the confidential information has been properly disposed of (except for what is required to be stored by law) or will be disposed of in accordance with the counterparty's retention policy. And if any confidential information is retained by a party, that retained confidential information should stay protected to the same level of security described in the agreement.

When Using Confidential Information, Who Is Allowed To Use It?

1. Authorized Individuals: Define “Authorized Individuals” in the agreement, which may include the following:

  • Employees: Individuals who need the information to perform their duties under the scope.

  • Contractors/Consultants: Third parties who are working under a service agreement and scope that requires access to the confidential information to perform their duties.

  • Legal & Compliance Teams: The Legal & Compliance teams need access to the information to ensure it is being handled in accordance with the applicable laws and regulations.

  • Senior Management: Those who need the information to make strategic decisions.

*Some counterparties may ask for your employees or third parties to sign individual confidentiality agreements, which should be avoided at all costs! This exposes your employees to risk and may lead to third parties trying to get terms that do not align with your own duties, creating a gap in expectations.

2. Regulatory or Legal Authorities (if required): If the law requires the sharing of confidential information, such as in response to a legal inquiry, authorized regulatory agencies, courts, or law enforcement may be able to access the information.

Never define a term in an agreement without considering how the term will apply in context. In the case of confidential information, always consider: who do I want to have access to the confidential information, and how do I plan to use it or allow others to use it?

Adam Yohanan is a transactional business lawyer with extensive experience representing companies, investors, and entrepreneurs in a wide range of high stakes business transactions.

Adam handles the small and large transactions in the life of a businesses, including mergers & acquisitions, entity formations, partnerships and joint ventures, investing and fundraising, commercial contracts, and dissolutions. His office can be reached at 212-859-5041.

Haley Kopp is a corporate lawyer focused on representing start-ups and small companies in formations, venture capital, angel investor financings, mergers and acquisitions, and general corporate matters.

Haley's diverse experience gives her a practical approach to solving complex business issues, whether guiding companies through financing rounds or corporate transactions. Her office can be reached at (619) 512-3652.

This guide is meant for educational and informational purposes only and should not be considered legal advice. It is essential to consult with an attorney or other advisors regarding all legal and other important matters.

Adam Yohanan
Next

Capitalization Table 101: Authorized vs. Issued vs. Outstanding Shares