A Confidential Disclosure Agreement (CDA) is one of the most widely-used agreements in the life sciences sector. It is also an important agreement: While many jurisdictions protect trade secrets, know-how and confidential information in some way or another, protection is often fragmentary. That is why, prior to disclosing any confidential information to a third party, it is vital to conclude a CDA.
Given their importance, it is surprising to see how little care is put into CDAs. Here at BIO.LEGAL, we draft, review and negotiate CDAs on a daily basis. Based on our experience, we put together 10 tips on how to improve CDAs. Here they are:
1. Define what is considered ‘confidential’.
If you are the disclosing party, it may seem tempting to define ‘Confidential Information’ as broadly as possible. A typical phrase we often see in CDAs says that “Confidential Information will include any information the disclosing party makes available to the receiving party”. However, this approach may risk that the agreement is later deemed unenforceable because of an overly broad definition (note that this risk will increase even further under the new European Trade Secrets Directive).
Instead, try tailoring your CDA to the specific case: What types of information will be disclosed, and what subject matter will they relate to? A good CDA will use a definition that is neither too wide to be enforceable nor too narrow to catch all relevant information.
2. Include ancillary information.
Since we are at it – if you want to draft a great CDA, consider whether confidential information should include any of the following: (i) information that the recipient derives from the discloser’s confidential information; (ii) the fact that the parties are discussing a potential business relationship; (iii) the existence and terms of the confidentiality agreement itself.
3. Resist the urge to use a marking requirement.
To avoid uncertainty, receiving parties often require that the information be clearly marked “CONFIDENTIAL” in order to be considered as such. If you are the disclosing party, you should try to reject this requirement – it might not be possible or feasible for you to comply with it in all cases. Can you control what documents the consultant who is on your site has access to? How will you mark e-mail messages? As a disclosing party, you may even want to add the following words to your definition of confidential information: “regardless of whether or not such information is specifically designated as confidential”. As a compromise, consider stating that confidential information may be identified as such in a subsequent writing.
4. Specify which uses are allowed and which are prohibited.
At the core of any CDA, the recipient will be obliged to keep the information confidential and not disclose it to third parties – this is the so-called ‘non-disclosure obligation’. But what about the recipient’s internal use of the information? If the recipient is subject to a non-disclosure obligation only, it is still free to use the confidential information for any purpose, including to develop a competing technology.
A good CDA should restrict the receiving party’s internal use of the information – it should have a ‘non-use obligation’ in addition to the ‘non-disclosure obligation’. So, instead of saying “Recipient must not disclose the Confidential Information”, consider saying: “Recipient must not disclose the Confidential Information, nor use it for any purpose other than the Permitted Purpose”.
5. Take some time to think about your ‘Permitted Purpose’.
Lawyers know how important the ‘Permitted Purpose’ definition in a CDA is – it sets the agreement’s scope, defines what the recipient may do with the information, and provides background as to why the parties are talking to each other in the first place.
In practice, however, the definition is often treated as little more than a formality – a required field in a template that you spend little time on. The most common ‘Permitted Purpose’ definition we see goes as follows: “The Parties will exchange Confidential Information hereunder to evaluate a potential business transaction (the ‘Permitted Purpose’)”.
Note how vague and ambiguous this definition is: Arguably, almost any use of the confidential information could be in connection with a potential business transaction, and neither the parties nor the type of transaction are identified.
Instead, when drafting your CDAs, try to be specific about your ‘Permitted Purpose’. Let’s say the parties in question are a biotech company and a clinical research organization (CRO). It is likely that they will exchange information because the biotech company is considering to appoint the CRO with specific research services. In this scenario, a well-drafted CDA would say: “The Disclosing Party will disclose Confidential Information to the Recipient in order to allow the Recipient to propose and perform certain research services for the Disclosing Party (the ‘Permitted Purpose’)”.
Part 2 of this article will feature more tips and insights - coming soon. In the meantime, have a look at our CDA template if you'd like to see how we put these tips into practice.