How to Use Confidential Information, and Who May Use it

Written By Adam Yohanan

Written By Ethan King

You signed an agreement with confidentiality provisions! That is a great first step for you and your business partner to protect confidential information. Now comes the hard part: who can you share this information with, and who can use it so that each party can do their part to deliver under the agreement? 

Earlier this year, we discussed how confidential information can be defined. Let’s continue that conversation by discussing how confidential information may be used and who may use it.

How Should Confidential Information Be Used?

1. Purpose: Confidential information should only be used for the purpose for which it was disclosed. Sometimes, the purpose will be tied to the description of services in the terms and conditions. At other times, the purpose will appear in the confidentiality section itself. In the case of a non-disclosure agreement (NDA), the purpose of exchanging confidential information will be defined. 

2. Need-to-Know Basis: Only those who need the information to fulfill the purpose should be given confidential information to use.

3. Encryption & Protection: In some cases, confidential information should be password-protected and encrypted. Some parties may further define the type of encryption to be used or how to devise usernames and passwords for login access to the confidential information. 

4. Compliance: Depending on the type of confidential information being shared, you may need to comply with regulatory requirements for that type of data. Examples of data that might be subject to regulations include personal consumer, health, and financial information. 

5. Using Data Outside of the Purpose: You may want to use the data outside of its intended scope. Here are some ways to allow this:

  • Insert a clause stating that you may use aggregated and anonymized data to improve your systems. 

  • Have a license to use the information granted in perpetuity, either generally or for similar projects or purposes.

6. Return and Disposal: Once the scope for which the information was provided is completed, the confidential information must still be protected, and in some cases, must be returned. Additionally, the agreement may require certification that the confidential information has been properly disposed of (except for what is required to be stored by law) or will be disposed of in accordance with the counterparty's retention policy. And if any confidential information is retained by a party, that retained confidential information should stay protected to the same level of security described in the agreement.

When Using Confidential Information, Who Is Allowed To Use It?

1. Authorized Individuals: Define “Authorized Individuals” in the agreement, which may include the following:

  • Employees: Individuals who need the information to perform their duties under the scope.

  • Contractors/Consultants: Third parties who are working under a service agreement and scope that requires access to the confidential information to perform their duties.

  • Legal & Compliance Teams: The Legal & Compliance teams need access to the information to ensure it is being handled in accordance with the applicable laws and regulations.

  • Senior Management: Those who need the information to make strategic decisions.

*Some counterparties may ask for your employees or third parties to sign individual confidentiality agreements, which should be avoided at all costs! This exposes your employees to risk and may lead to third parties trying to get terms that do not align with your own duties, creating a gap in expectations.

2. Regulatory or Legal Authorities (if required): If the law requires the sharing of confidential information, such as in response to a legal inquiry, authorized regulatory agencies, courts, or law enforcement may be able to access the information.

Never define a term in an agreement without considering how the term will apply in context. In the case of confidential information, always consider: who do I want to have access to the confidential information, and how do I plan to use it or allow others to use it?

Ethan King is a business lawyer experienced working with start-ups, nonprofits, consulting firms, and mid-large size businesses in a variety of transactional matters. His experience working in-house provides him with a unique perspective to analyze risk, consider the regulatory environment, understand business strategies, and break down complex legal issues into simple terms.

Ethan has negotiated numerous types of agreements, including, but not limited to consulting agreements, products, software, engineering services, influencer agreements, profit sharing, and more. His office can be reached at (303) 736-9634

Adam Yohanan
Previous

Check the Governing Law and Court Selection
Next

Capitalization Table 101: Authorized vs. Issued vs. Outstanding Shares