Are NDAs necessary to impose legal obligations of confidentiality?

Though an essential practice, if one is not in place the law imposes a duty of confidence in appropriate circumstances, says Harper Grey’s Norm Streu

A non-disclosure agreement (“NDA”) is often the starting point to any business discussion. It is common practice to protect yourself with an NDA before sharing information on an opportunity or giving another party access to your non-public information. Certainly, a well-written NDA makes the obligations of confidentiality clear and establishes strong remedies for a breach.

But what happens when you aren’t under an NDA? Here there is a common misperception. It is often assumed that if no NDA is in place, no legal obligations arise. The assumption is that since nothing has been signed, no legal obligations of confidentiality can exist.

This common perception is, however, incorrect. Even in the absence of an express agreement, the law will impose a duty of confidence in appropriate circumstances.

The duty of confidence is a principle of law that a party who receives information from another party in confidence cannot take advantage of it. It is a broad legal principle that if you are given information in confidence, you must not make use of it to the detriment of the person who gave it to you without obtaining their consent.

Most frequently, this duty has been applied to the use of confidential information to take a corporate opportunity. An example of this might be the sharing of information on an innovative new product. Where the confidential information is used improperly, the wronged company may seek an injunction against the party using the information to their advantage. The company may also require that the party give up any profits arising from the use of the confidential information or compensate the company for the loss of profits it would have obtained.  

There are three elements that must be present for there to be a breach of this duty:

  1. The information must be confidential. There is a low threshold on the type of information capable of constituting “confidential information”. For example, it can include information that has been put together based on publicly available information by someone applying independent thought. In this case, what makes it confidential is the fact that someone dedicated effort and intelligence into assembling the information.

    In determining whether information is confidential, the law takes into account factors such as: the extent to which the information is known outside the business; the extent to which it is known by employees and others involved in the business; the measures taken to guard the secrecy of the information; the value of the information to its holder and to its competitors; the effort or money expended in developing the information; the ease or difficulty with which the information can be properly acquired or duplicated by others; and whether the holder and taker of the secret treat the information as a secret.

    Based on these factors, confidential information can include specifications and designs of products, internal workings of technology and products, licensing arrangements, sales or financial data, business or marketing plans, unpublished patent applications, recipes, software algorithms, and identity of suppliers, manufacturers, and customers.

    What is not included in this scope is the general skill, knowledge, and experience that an employee may gain during their employment with the company or information generally known within a particular industry.
  2. The information must be communicated in confidence. Not all circumstances where information is communicated will give rise to the obligation of confidence. Courts will consider industry practices to determine what a reasonable person would consider to be information being communicated in confidence. In other words, it is not necessary for the confider of the information to communicate that the information is confidential.

    Third parties that receive information that they should have known was obtained through a breach of confidence can also be held liable to the same extent as the person that directly received the information.
  3. There must be improper use of the information to the detriment of the party communicating it. In the commercial context, one of the most common ways confidential information is used improperly is when the recipient uses the information as a “springboard” or “head start” to accelerate a design or product in competition with the company that shared the information. However, what constitutes misuse is broadly viewed and tends to capture any non-permitted use that causes a form of detriment to the confidant.

In summary, the use of an NDA is an essential practice to ensure commercial confidentiality.  However, if no NDA is signed, do not assume that you have a green light to use confidential information freely. Conversely, if no NDA is in place, don’t assume that if someone wrongfully uses your confidential information you do not have legal recourse.


Norm Streu is Associate Counsel with Harper Grey LLP and a former Chair of the Vancouver Regional Construction Association. This article was prepared with the assistance of Kelley Cho, articled student.


Norm Streu