For many companies, the execution of confidentiality agreements (commonly known as “NDAs”) is a common practice in exchanging confidential information with third parties.  While companies recognize the need to implement such agreements, little is often given to the extent of the agreement or the additional steps to be taken to ensure that the NDA can be implemented.  Recent trends in the practice of the NOA underscore the importance of careful consideration of these issues. For example, an omission can not only lead to a false sense of security regarding the confidentiality of the information shared, but also to the significant risk that the information will not be considered confidential at all.  In this context, there is a risk that personal data will not be covered by the definition of confidential information or that personal data will be covered by one of the exclusions. The NOA needs to be updated to provide a definition of the information contained in the IPI, as well as a language that clearly extends the NDA`s confidentiality obligations to these IIP.  Today, it is increasingly common for the seller to pass information directly to a buyer`s external legal adviser or investment banker, so the NDA`s assurance of such disclosure is essential for these recipients to be required to respect the confidentiality of that information. Each party should also be informed of who is entitled to receive confidential information or not, and this should be clearly stated in the NDA. Before allowing a related company or external consultant to be an approved recipient under an NOA, both parties should be satisfied that the buyer will be able and willing to fulfill its obligations and enforce confidentiality obligations with respect to its authorized subsidiaries and external consultants as soon as it receives confidential information. Depending on who is the authorized recipient (for example. B a third party that does not waive the buyer`s secrecy), the seller may also require that party take a back-to-back NDA that imposes on the external advisor the same obligations as those imposed on the buyer.
Protecting the information provided to the other party is also risky. With Software as a Service (“Saas” solutions and cloud-based enterprise data storage, a party can access personal data, or even store or transfer PIIs on behalf of a company, without the disclosure of personal data in the traditional sense.  In order to fully protect personal data, confidentiality obligations must be extended beyond personal data to personal data that is also stored, accessed, transferred or received by a party on behalf of a company.   Id. (“While nClosures and Block signed a confidentiality agreement at the beginning of their business relationship, no additional confidentiality agreement was required from those who accessed the Design files of the Rhino or Rhino Elite devices”). On appeal, the court said confidentiality agreements will only be enforced if “the information to be protected is truly confidential.”  Whether there was an enforceable contract between the parties was whether nClosures had taken the appropriate steps to preserve the confidentiality of its information.  An NDA may contain a residual clause allowing the recipient party and its authorized recipients to freely use the confidential information stored in the unsumed memory of its staff.