Contact tracing: complying with the data protection laws
Guidance for employers who intend to collect customer and visitor information as part of the Government's contact tracing scheme and data protection compliance.Read more
Check that the right parties are listed in the agreement and that their details match those in the signature clauses. If you are dealing with a group of companies, then you need to ensure that each company in the group is listed or, if only one company is listed, that it is the correct one. You should also make sure that the company numbers and registered office addresses are included so that it is easy to identify the right company.
Where highly sensitive information is being shared, you might want to insist that the individuals who actually sign the agreement are also included as parties so that they are personally bound by its terms.
Before entering into a non-disclosure agreement, you should decide what information it needs to cover. It could, for example, protect only information that is recorded in writing and marked as ‘confidential’, or it could protect the information that you share in meetings or presentations.
A good NDA restricts the use of the ideas and information to a specific permitted purpose (for example, the discussion of a potential project) and you should specify the purpose as precisely as you can.
Does the non-disclosure agreement work to protect both parties’ confidential information or only that of one party? More often than not, the agreement should protect both parties equally. However, in situations where only one party is disclosing sensitive information, a ‘one-way’ agreement may be more appropriate.
When looking at the definition of confidential information, consider whether the relevant information is covered. The information does not need to be top secret for it to be covered under the definition of confidential information.
It is up to you to decide what information is confidential to your organisation and ensure that it is appropriately protected under the non-disclosure agreement, but you should avoid trying to cover anything which is already in the public domain.
Confidential obligations under the non-disclosure agreement can be set to a specific time period or can be indefinite.
You need to consider whether the protection provided by the agreement is long enough to protect the nature of your confidential information. Try to imagine the point at which you would be happy for the information to be in the public domain and then make sure that the agreement, as a minimum, covers you up until that point.
The NDA should identify who the information may be disclosed to and under what terms. For example, your employees and sub-contractors may be entitled to see the information, but only under conditions of confidentiality that mirror the obligations within the non-disclosure agreement.
Information disclosed under a non-disclosure agreement may include personal data (as defined under the Data Protection Act 2018/GDPR). If it is, a data processing clause should be included to ensure personal data is not disclosed or otherwise used illegally.
You should check the terms of the NDA carefully to ensure that no provision within it requires your organisation to enter into a further contract with the other party.
You should also make sure that there are no other contractual obligations (such as payment terms or delivery terms) within the non-disclosure agreement. These provisions should be documented properly in a separate contract.
Non-disclosure agreements often contain a provision requiring that the disclosee protects the confidential information of the discloser “with the same degree of care that the disclosee takes to protect its own confidential information”. However, the practices and processes of many businesses in relation to information security are less than ideal, so this is not a good measure of protection.
Alternatively, consider including an obligation on the parties to put in place adequate security measures to protect the unlawful disclosure or loss of, or theft or damage to, the information.
A non-disclosure agreement should not dictate intellectual property ownership, other than to state that each party will retain the ownership they had prior to signing the agreement.
Although deciding who might own intellectual property that arises from a project is something for the main agreement itself, NDAs may include a clause which either purports to transfer intellectual property from one party to the other or gives one party (rather than the other) ownership of intellectual property. If such a clause is included in your non-disclosure agreement, you should query it and only agree to it after taking legal advice.
Scroll to next section
Scroll back to the top