Navigating Confidentiality Disclaimers for Documents

Confidentiality Disclaimers Explained

Confidentiality disclaimers are a common element found in many documents which are circulated in order to designate the nature of the information contained in the document and to instruct the recipient on how the information can, and cannot, be used. It is generally assumed that the presence of a confidentiality disclaimer would transform a document into a confidential document, and would also give rise to an implied undertaking on the part of the recipient of the document to not disclose it, and to keep it confidential.
As is the case with most things in law, not every case or dispute is straightforward, and the law does not always fit in a nice box. Where confidentiality disclaimers are concerned, this seems to be even more true. There are many types of documents which may have a wide variety of confidentiality disclaimers contained within them, and some confidentiality disclaimers may be more sophisticated than others . In addition, there are many different formats in which these types of disclaimers can appear in the document, depending on what the drafter intends.
The use of confidentiality disclaimers can often be seen in commercial transactions during the course of negotiations, and is often considered to be a form of an implied undertaking with respect to the use of the information, and a form of a waiver from the receiving party of the implied undertaking terms. Such confidentiality disclaimers may also be used while a supplier is providing certain information to a third party under an NDA (such as financial projections or certain confidential information regarding a product).
Confidentiality disclaimers are also commonly used in pleadings or at the outset of a particular motion or application in order to describe the scope of the information that may, or may not, be made part of the electronic record.

Essential Components of a Disclaimer

The inclusion of a confidentiality disclaimer in internal documents – and especially for external communications – is a hallmark of effective information protection efforts. At the same time, relying on such disclaimers can be problematic for a number of reasons. Even more than with other types of policies and procedures for document handling, simply issuing such disclaimers will not result in immediate compliance or put an end to information security issues that may be currently occurring. Rather, a confidentiality disclaimer must include certain key components to be effective. The most important of these are the following:
• Legal language. A disclaimer that purports to limit confidential information discussed in a document or attached to it must explicitly state that the document is confidential and that the transmission of it will not impair the confidential nature of the information it contains. The legal language included in such disclaimers should also prevent the transferee or recipient of the document from arguing that it is not confidential (or that at least one portion of the document is not confidential) by stating either that all of the contents of the document are confidential, or specifying exactly which portions of the document are confidential. For example, a disclaimer could state that "all of the contents of this document are confidential – do not copy or forward." Alternatively, a disclaimer could contain language like the following: "The contents of this document, and any attachments to it, are confidential and privileged under the [name of local jurisdiction] law. The document is protected by the attorney/client or work product privileges and/or the common interest privilege. This document is protected from disclosure under the [name of Freedom of Information Act or similar statutes at the state or federal level] and any similar acts. The document is provided to you pursuant to these privileges and acts.
• Tone. Because the confidentiality of documents so often relies on the recipients’ exercise of discretion, it is imperative that confidential documents show the appropriate level of respect — both for the information contained in the documents and the recipients’ ability to be good custodians of that information. In other words, the formal legal language that must be included in a confidentiality disclaimer should be complemented by tone that communicates respect for the reader’s judgment. A company that conveys this level of respect will have better results than one that casts its readers in the role of adverse parties.
• The simple, "subject matter" approach. One of the simplest ways to instill the correct tone in a disclaimer, while including the legal language necessary to clarify the document’s nature, is to use language like the following: "This document is confidential and solely for the consideration and information of [name of recipient or recipients]. It is not intended to be binding in any way, nor is it intended to cover any subject matter except as expressly addressed herein. This document is merely a preliminary communication that addresses a limited number of topics. It does not address every potential issue. Nothing herein shall be deemed in any manner to create or constitute a contract (except as expressly and specifically stated herein)." Such an approach removes the statement or document from the category of contract, and gives the person communicating the information room to modify parts of an agreement once it is signed, or to amend a letter once it is sent, without misrepresenting the intent of the parties. Again, this type of language affirms the ability and discretion of the reader.

The Legal Aspects of a Confidentiality Disclaimer

In the context of legal proceedings, confidentiality disclaimers may provide some protection—though not an absolute safeguard. Courts have yet to render a definitive decision on the full scope and effect of these disclaimers, but the general legal consensus is that the disclaimers do not confer any additional protection onto the computing environment where they’re posted. They also don’t carry weight once a dispute over ownership arises in court. In fact, the reverse argument has been made multiple times in court. A "confidentiality" label or statement on a document has often been used in support of an argument that the item in question is legally protectable as a trade secret.
Confidentiality disclaimers have also been mentioned in courts when a party attempts to mitigate the discovery of information. The courts will not enforce confidentiality disclaimers that are overbroad or that seek to protect irrelevant information. California law underscores this point. If a confidentiality disclaimer or non-disclosure agreement (NDA) goes beyond what is legally protected, it can actually be discovered in its entirety. California courts specifically state that NDAs "cannot shield irrelevant documents from discovery."
While the legal implications surrounding confidentiality disclaimers have yet to be fully tested, one thing is clear: ambiguity in the language of the disclaimer can lead to court battles. To save your time and money, it’s best to be conscious of what language you’re using.

Bespoke Confidentiality Disclaimer for Your Situation

When it comes to a confidentiality disclaimer, one size does not necessarily fit all. You need to consider each situation and the risks. For example, do you want customers and employees to know what you consider confidential? Or do you want it just as a tool to help you later in litigation? For those going the litigation route, you may be better served with a more specific disclaimer than the generally tolerated "These materials are confidential and proprietary."
A good confidentiality disclaimer is short, explicit, and relates to the facts of your situation. In other words, avoid any boilerplate or form language. For instance, take a medical practice that sends out a patient satisfaction survey to select patients using a third-party vendor who automates the survey. Simply sending the survey via e-mail to patients generally should not constitute a HIPAA violation; however, if the vendor uses confidential survey data in its other marketing activities, then the practice may have a problem. For this practice, what you may want in the disclaimer is text that acknowledges the vendor’s use of the data for those limited purposes and the patient’s ability to opt-out.
This type of example may not lend itself to universal language, but there are numerous other scenarios where it does, with some examples below:
This issue is particularly pertinent for websites and social networks, which are built on the principle of sharing and distributing information. Generally, the content that you post online and make publicly available can be freely shared by others. Simply adding a confidentiality disclaimer to your website or social network page does not stop the sharing of that content, but it MAY help in two important ways:
On the flip side, if you want the content of a website or social network page to be confidential, then you need a confidentiality disclaimer saying so to everyone — even to those who are not allowed to view the content. This is an important point because of the way that confidential information travels across networks. Remember that network packets and other information headers can be read and specify the location of the original sender and time of sending.
The biggest problem with website disclaimers generally is that they are "buried" at the bottom or otherwise hard to get to by a casual visitor, either because they are in a "click here" or "scroll down" link that the visitor does not see. Ideally, your disclaimer should be "above the fold" or in your website’s navigation header or footer. This means that it should be no more clicks away than necessary and no smaller than the other text on the website. The disclaimer itself and any hyperlinks should also be in a contrast color and/or font size to the body text to make it more noticeable and searchable.
When in doubt, ask for legal suggestions that relate to your situation. Confidentiality disclaimers in typical business forms, subscriptions, websites, etc., can have far-reaching implications for you and present liability risks that you did not anticipate.

Avoiding Common Pitfalls

Many pitfalls await those who either fail to use a confidentiality disclaimer or use one that is poorly crafted. There are numerous types of examples, but below are the most common.
The most problematic of all are situations where the person receives information that is accompanied by a confidentiality disclaimer but is not informed that the disclaimer applies to the document itself. If the person acts otherwise after obtaining the document, such as by disclosing its contents or relying upon it, a major court fight often follows. Sometimes the disagreement can be avoided by issuing a quick follow-up letter making it clear that the confidentiality disclaimer applies to the document itself. Otherwise, and especially if the recipient has already disclosed or used the information, litigation is required to resolve the issue. Unfortunately, this happens more frequently than the public might imagine.
Other problems include use of inaccurate language, overbroad definitions, and poorly worded caveats. It is not uncommon for the disclaimer to employ circular reasoning, which occurs when it refers to itself: "This confidentiality disclaimer is confidential." Or, it can refer to the other document as a whole, which is usually not the case; "Proprietary and Confidential: This letter and all information contained herein." Sometimes the problem is even more basic: the idiot receiving the document thinks it discloses only what is in the title, or that a statement borrowed from some random predecessor document actually applies.
The worst form of this occurs on a broad basis. For example, in a document in the center of a major litigation case, where there were numerous exchanges among the parties over the background to it and its meaning, one small, innocuous document in the center of it was styled "Confidential" but contained no confidentiality disclaimer. A quick review showed, however, that the contents of the document were quoted in at least ten other documents submitted to the court that carried the appropriate confidentiality disclaimer. There followed a long and expensive tussle over whether or not the document was or could still be deemed confidential. Unfortunately , the unlucky clerks involved had to spend several days reading all the other documents and identifying where the contents had been quoted. The messenger in this instance had been careless and was required to pay for the additional expense he caused.
It is incumbent upon the person creating the document to ensure that the applicable disclaimer is both grammatically accurate and referenced where necessary. In looking over the legal disclaimers used, more than a few have been found where the taxonomy is incorrect. The last of these is totally unnecessary and easily corrected.
An interesting variant occurs when the person sending the document does so on a broadly non-confidential basis but later realizes the contents are sensitive. The person then issues a confidentiality disclaimer and breathes a sigh of relief thinking everything is now fine. Or, the disclaimer is required by someone downstream who was given the document and who allows the other party to have it only if it first has the confidentiality disclaimer. Either action can be problematic.
In short, an awkward situation sometimes develops in which the contents of the document are disclosed without disclaimer but the recipient of the next document in the chain does not want to accept it for that reason. There follows a fight over the inconsistent treatment of the contents between the two parties. The problem gets awkward because the person in receipt of the second document may have been originally authorized to receive it on a confidential basis. As the chain of custody unfolds, the information originally disclosed without confidentiality disclaimer may eventually be in someone’s hands who had no business having it. Legal battles then ensue over that person’s obligation to maintain confidentiality of the information.
It is also possible, once the person discloses the information, to inadvertently find out about its sensitivity through a lawsuit or settlement negotiation. The person is then under an obligation to preserve it and to account for it. Also, sometimes the sender is required to provide a confidentiality disclaimer as a condition of entering into a settlement agreement, to protect both the plaintiff and defendant. This can then turn into a tussle if the second party then discloses the document.
Contrary to what the ill-informed might believe, there is nothing magic about using a confidentiality disclaimer. Full discussion of how to properly draft one is permanently archived here. If used properly, it helps reduce legal fees and litigation risk, and thus should be used whenever possible.

Sample Disclaimers and Templates

The following are examples of standard confidentiality disclaimers that may help you as a guideline in drafting your own disclaimer. It is very important to note that if you are responding to an RFP and the RFP has a specific confidentiality disclaimer, that disclaimer should be followed exactly because the sender of the RFP will likely consider any deviation from the standard disclaimer as a reason to reject your submittal.
Internal Confidentiality Disclaimer
[Your Name] hereby acknowledges that the attached document [name of document] is internal, privileged, confidential and proprietary to [name of client]. [Your Name] further agrees not to review, copy, distribute or otherwise use the attached document.
"Standard" Confidentiality Disclaimer
Confidentiality Notice: The information contained in this communication is confidential. This document and the contents hereof are the property of [sender] and [client name] and are protected by applicable law. If you are not the intended recipient, you have received this document in error and are expressly prohibited from retaining, copying, or disseminating it or any portion thereof.
Email Disclaimer
This e-mail and its attachments contain confidential information belonging to [client name] and/or its affiliates. The information may also be legally protected by the attorney-client privilege or work product doctrine. If this e-mail should come into your possession in error, dissemination of this e-mail or its attachments is prohibited. If you are not the intended recipient (or you are responsible for delivery of this e-mail to the intended recipient) please notify the sender immediately and destroy all copies of this e-mail, including attachments.
Specific Confidentiality Disclaimers
Tax Disclaimer. In accordance with Section 6694 of the Internal Revenue Code of 1986, as amended, any U.S. Federal tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of avoiding tax-related penalties under the Code or applicable state or local tax law provisions. Including in these rules are plans or arrangements with many variations that are noted in the Internal Revenue Service guidelines. Recipients should seek advice based on their particular circumstances from an independent tax advisor. [client name] does not provide legal or tax advice.
Work Product Disclaimer. This communication and any documents, exhibits and other things attached hereto or referred to herein are privileged and confidential attorney work product, are intended only for the person(s) named and should not be passed on to, or discussed with, anyone other than the intended recipient(s) or their advisor(s). If you received this communication in error, please notify us immediately and destroy this communication. We appreciate your cooperation in maintaining the attorney-client and work product privileges.
Electronically Stored Information Disclaimer. The documents attached to this email, and the electronic media containing or constituting any such documents, are the property of [client name] and are provided to you for review and evaluation in connection with [client name’s] selection process. By reviewing the documents, you agree that same are confidential and proprietary to [client name] and agree not to use, copy, or distribute any document or electronic media so provided for any purpose other than the limited purpose of review and evaluation in connection with [client name’s] selection process, without the express written authorization of [client name].

Keeping Confidential and Compliant

One of the keys to maintaining the expected confidentiality is to consistently apply a confidentiality disclaimer to the documents that you are forwarding to clients and Counsel. A confidentiality disclaimer on a document will at least put the reader on notice that it is confidential, even if the information has in fact become generally known. It is always preferable when all communications on the subject of the information to be disclosed make reference to the information being confidential . If all communications regarding a particular client are consistently marked as confidential, then the confidentiality of the information is more easily established.
Another key to maintaining the confidentiality of trade secrets and confidential information is for the Company to keep careful records of when, how, and to whom the information was disclosed. It may also be helpful to maintain a summary of who has signed confidentiality agreements, when they signed them, what the terms of those agreements are, and who and when those agreements were distributed to.