The Confidentiality Clause Curse: Should Your Professional Services Contract include a Confidentiality Clause?​

by | Nov 24, 2020 | Data Privacy and Cybersecurity, Contracts, Small Business | 0 comments

Confidentiality Statements Featured Image

The Confidentiality Clause Curse:
Should Your Professional Services Contract Include a Confidentiality Clause?

Professional services are those that require some specialized degree, certification, training, or license – think: accountants, architects, corporate consultants, and engineers. In the small business world, these services are often outsourced to independent contractors rather than handled in-house. Though typically cost effective, this setup inherently requires disclosure of some sensitive information. For example, a tax attorney simply can’t do her job without access to her client’s financial documents. 

Attorneys have an ethical duty to protect their clients’ confidential information under the law, but most professional services providers are not automatically bound to do the same. One way the parties to a professional services contract can manage the risks accompanying the necessary access to sensitive information is to address them in a confidentiality clause. However, for the reasons set out below, professional services providers should fully consider the risks and benefits before reflexively accepting additional liability.

A Little Background

A confidentiality clause can be used to protect against disclosure of any non-public information. Although complex business relationships and transactions might require a standalone Confidentiality Agreement (also called a Non-Disclosure Agreement), professional services are often provided to small businesses by sole proprietors or partnerships using relatively uncomplicated agreements. Even the simplest contract can contain a confidentiality statement.

confidentiality clause signature

Confidentiality Clause Considerations

Professional services providers should be extremely cautious with their clients’ information. Therefore, it may seem like a no-brainer to include a confidentiality clause in your professional services contract. After all, your clients work hard to build their businesses and may need to protect their proprietary information, client databases, and other sensitive information to ensure their continuing success. If you intend never to use it for anything other than the specific purpose your client hired you for, what’s the harm in including a confidentiality clause in your contract?

Any time you agree to take on liability that is not already assigned to you under the law, you are giving something up. Make sure you know what you’re bargaining for.

Many confidentiality clauses make the recipient party responsible for damages from inadvertent disclosure. You could be on the hook if a bad actor breaks into your systems and accesses your client’s info – even if you’ve taken reasonable preventative measures. A confidentiality statement that survives the end of the business relationship can even create an indefinite liability that you’ll always need to be on the lookout for. Stricter confidentiality statements might prohibit the professional services provider from even acknowledging a business relationship exists. Some clauses make confidentiality a material part of the contract, so that any disclosure is a breach of the entire agreement.

The obligations contained in these statements come in two flavors: multilateral and unilateral. Multilateral obligations arise when both sides are trading information with one another. There’s a place for multilateral obligations in a professional services contract – say, an IT service provider for a small business. The IT provider may want to protect information relating to its methods, while the small business wants to protect its customer records and other sensitive information accessed by the IT provider. Both must take appropriate precautions and either can sue if the other side discloses their information to another party.

Unilateral obligations, on the other hand, only hold the recipient party legally accountable for disclosing protected information. Many professional services providers only need to receive confidential information; they never need to disclose any protected information of their own. This means that even a confidentiality statement structured to look like a mutual obligation may be, in effect, only binding on the professional services provider.

Further, a confidentiality statement can be used as evidence that the parties established a confidential relationship, in which the information’s recipient has an affirmative duty not to disclose it. The existence of a written contract makes the confidentiality obligation much easier to enforce in court.

The Case for Confidentiality Clauses

But confidentiality clauses aren’t all bad news for professional services providers. Sophisticated clients might even rethink your business relationship if they don’t see a confidentiality clause where experience tells them they should. A thoughtfully crafted clause can proactively limit your liability for disclosure.

To safeguard yourself, start by carefully defining “confidential information.” What is not confidential can be just as important to explicitly exclude. A mutually agreed-upon description of covered information prevents litigation over disclosure of information that one party didn’t realize the other considered to be confidential.

While the discloser might prefer a broad, general description to cover as much of their information as possible, as a recipient of confidential information, you likely want to keep this definition narrow. Really consider what information you actually need to access to perform your services. How serious would the consequences be for your client if that information got into the wrong hands? What are you willing and able to do to protect that information?

Your confidentiality clause should outline the standard of care with which you’ll treat your client’s information. Are you committing to use typical industry standards to store the information? Maybe you’ve promised to treat the client’s information as preciously as you treat your own. These expectations should be realistic and clear-cut.

You should also confirm that your confidentiality statement carves out exceptions allowing you to disclose confidential information: (i) when required by law, and (ii) to any of your agents or employees, as necessary to perform under the contract. Anticipating the situations in which you might have to disclose your client’s information (there likely aren’t many!) and spelling them out in your confidentiality statement puts your client on notice.

If you’re working with an appropriately specific definition of confidential information, a practical standard of care you’re prepared to uphold, and adequate exceptions, then your confidentiality statement is probably in pretty good shape. Ultimately, it comes down to your clients’ expectations and your own tolerance for legal uncertainty. 

When in doubt, it’s never a bad idea to seek legal counsel to holistically assess the risks you may be exposing yourself to with your professional services contract and ensure you’re making the right decisions for your business. You can book a free 15-minute consultation with us to see how we might be able to help you with document preparation and analysis.

Related posts:

  1. Be Smart(er) about Data Collection
  2. 4 SaaS Security Best Practices
  3. Virginia Lawyers and Cybersecurity: What Do The Rules Say?
  4. Part 3 11 Tips Before Becoming an LLC Minority Member

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.