What is a Law Firm Confidentiality Agreement?
A law firm confidentiality agreement is a specific subset of legal confidentiality agreements between lawyers and firms and their employees, vendors, independent contractors, and other third parties to protect against the unauthorized disclosure of any information they may come across while performing their work related to the firm.
Each firm may have its own specific form confidentiality agreement, but confidentiality agreements in general are contracts that spell out the standard terms under which confidential information must not be disclosed to any outside parties. The definition of confidential information can vary depending on what the firm does and who signs the confidentiality agreement, but in general, confidential information can include correspondence , documents, drawings, reports, presentations, protocols, process descriptions, specifications, manuals, financial information, accounting data, and any and all other information that may be considered confidential by the parties involved.
In the context of the law firm, parties who may be required to keep confidentiality include:
All law firms, regardless of size, should have confidentiality agreements signed by all of these parties to ensure that sensitive information is kept safe, and there’s no confusion over disclosure. Since no two law firms are identical, it’s important to have the agreement use specific language that applies to your law firm (as well as the parties who will need the agreement) in order to avoid misunderstandings.
Essentials of a Confidentiality Agreement
In the context of an attorney-client relationship, confidentiality agreements are essential for safeguarding client information. In contemplating the terms of such an agreement, parties must consider the specific terms, conditions, and types of information they hope to protect. For example, a law firm may need to protect proprietary business research, client lists, or internal billing processes. IT departments may need to safeguard proprietary software or systems. Litigation departments may need to protect sensitive communications, court filings and other documents the firm does not wish to share with non-parties. Understanding the confidentiality obligations (and duration) of an incoming or existing employee is also critical. In certain cases, depending on the position sought or held, a law firm may require a prospective or current employee to sign a strict confidentiality agreement. Employees may be asked to acknowledge these agreements at the time they accept a job offer, after a conditional offer has been made, or right after they begin work. Standard confidentiality agreements typically include, among other things, the following provisions: Law firms are advised to consult with an experienced attorney when drafting confidentiality agreements to ensure that they conform to applicable legal standards and best protect its interests.
Legal Ramifications and Enforcement
Notwithstanding the fact that law firm confidentiality agreements are primarily contractual in nature, breach of such agreement by either counsel or the client can result in legal consequences. In the event of a breach of a law firm confidentiality agreement, sanctions such as monetary damages, injunctive relief or specific performance may be available to the non-breaching party, including injunctive relief or monetary damages in the event that a former outside lawyer usurps the client’s active litigation file and becomes adverse to the former client in an action based on the prior work. See, e.g., Lawrence v. The Florida Bar, 700 So. 2d 183 (Fla. St. Supreme Ct. 1997). In addition, law firms have been granted leave to pursue a client for damages arising from the perception of a potential conflict as a result of an improper representation. See, e.g., Rosenthal & Co., Inc. v. Hague, 704 So. 2d 1182 (Fla. St. Supreme Ct. 1998), reviewed, 718 So. 2d 975.
Law firms may seek damages for economic injury sustained from a breach of confidentiality or fiduciary duty arising out of a prior representation and/or breach of its law firm’s fiduciary duty to its current client. Liability will also likely arise pursuant to a form of quasi-estoppel. See, e.g., Robbins v. Goldsworth, 37 Cal.App.4th 1040 (Cal. App. 1995) (court required law firm to pay client the $450,000 settlement it received in prior action).
To enforce law firm confidentiality agreements, the courts will generally rely on the doctrine of "conflict pre-emption", or the idea that although a law firm and client may have a private contract, California law does not permit the law firm or client to hire or work with individuals whose presence in both firms will create a conflict of interest. In Cohen v. Brown & Wood, 4 Cal.App.4th 1081, 106 CalRptr. 882(1992), client brought an action against its former law firm for breach of contract alleging that the law firm had subsequently represented a company that was adverse to the client. In affirming the trial court’s order granting summary judgment, the court referred to Civil Code ยง1668, which provides that "all contracts which have for their object…any thing contrary to the policy of the land, or of the provision of the law, are to that extent void." The court further noted that notwithstanding the existence of a contractual relationship, the law firm’s duty to protect the client’s confidences and secrets should take precedence. See also Robbins v. Goldsworth, 37 Cal. App. 4th 1040 (Cal. App. 1995).
Confidentiality vs. Attorney-Client Privilege
While the terms confidential and privilege are often used interchangeably, they are not the same thing. In our law practice, we fully appreciate the difference because we seek to protect our client’s information on both grounds, and take great care to ensure that our own internal procedures are also consistent with this distinction.
The idea of confidentiality in the attorney-client relationship is based on the duty imposed on counsel to preserve all confidential information of the client, regardless of the use made of the information by the client. The nature of this duty is set out in Rule 1.6 of the Model Rules of Professional Conduct, which many states have adopted verbatim, including Arizona. So, once we accept a client and start rendering legal services, we are obligated to keep our communications and documents confidential.
On the other hand, attorney-client privilege has to do with the protection against compelled disclosure. Even if a communication would otherwise be confidential, it is not privileged if it is not kept confidential. For example, if an attorney wrote a letter to their client and posted it in a place where it is likely to be discovered by a third party, the fact that the letter was addressed to the client will not protect it. However, if the letter was written privately, and opened only by the client, then it will likely be privileged even though it might also be confidential.
And there is more. Even if a communication is privileged, it may be unprivileged for purposes of a fee dispute, and it is presumed that a document created by an agent for litigation purposes, such as a client’s statements to an attorney securing legal advice is always privileged unless overridden by a countervailing interest. The rules are complex, so I don’t suggest trying to go it alone in negotiating confidentiality agreement provisions in a settlement agreement. But understanding the distinction between confidentiality and privilege is one of the keys to success in creating the right structure for a good outcome.
Preferred Approaches for Law Firms
The rubric instruction for this section provides a helpful reminder of specific things to consider in drafting and implementing confidentiality agreements as part of best practices. Depending on the jurisdiction, and the organization of a law firm, what you would consider a "law office" may be subject to legal or ethical limitations, e.g., the "Five A’s," etc., to understand whether you can have that kind of a structure without getting into ethical or practical trouble. Can a conversation mark a record as confidential? Yes, if it’s confidential. This goes back to Client 102, where we said that confidentiality requires control. Do policies and rules work? They do, but sometimes you have to think about how policies and rules are implemented, and do you trust your lawyers to follow them? Because if your policies and rules are being bent or broken, do you really have as strong a "Hands-On" culture of control as you think? To the extent that we can, we want to be sure that our confidentiality rules and policies and agreements apply on a firm-wide basis. But that does not mean that confidentiality or the sharing of information among all of our partners and associates, at the moment, may not be set aside by our law firm rules in order for lawyers to perform due diligence, or other investigations . We still have to be cautious about creating silos, or barriers, between lawyers, such that we don’t have a ubiquitous, universal and consistent" Make No Mistake About It, We Will Keep Your Secrets" policy, that is so rigorous and enforced such that we lose the ability to serve the needs of the client. We don’t want to lose sight of the fact that a lot of effective work, a lot of good lawyering, is going to require information to be shared, and to be shared on a timely basis. How detailed or transparent do we want to be in assuring the client that we will keep their confidence, that we have a culture of confidentiality, an anatomy of trust and a hands-on ability to manage it? It probably involves some calibration of effort, expense and transparency. We don’t want to scare a client away when they are considering engaging us by saying we are going to spend great effort, great time and great money (and great effort by partner lawyers) in assuring that the client’s confidentiality is protected. These days we probably have to, but we ought to make sure that we are making the effort to go the extra mile, but we are also making it succinct. The best way to enforce confidentiality is to be prepared to apply the consequences if necessary. But have a communications or prompt corrective action policy, where confirming, that the lawyer has done what we expect and what was promised, we have no silence and we have no slow.
Common Issues and Solutions for Law Firms
As with any other contractual or legal matter, certain challenges and situations are likely to arise when navigating law firm confidentiality agreements. Law necessarily deals with the unpredictable and laws and precedents can vary widely. While there may be some uncertainty surrounding the enforceability of different NDA elements, attorneys and firms that are familiar with the most likely challenges will be better equipped to handle them. A confidential client or trade secret often involves sensitive information that many outside of an organization don’t have access to or are unaware of. For the most part, NDAs rely on the good faith of firm employees to keep potentially harmful information confidential. However, accidental or intentional insider trading or disclosures are a very real threat. In such cases, the firm is legally required to take certain steps before they can pursue action against the guilty employee. Even so, equally difficult issues often involve the actions of former employees. While it’s not uncommon for some protected information to become public knowledge after employees leave, this doesn’t mean that firms should be unconcerned about how, when, and under what circumstances departed employees are able to access privileged information from the firm. Your NDA should include measures to prevent former employees from inadvertently using any protected information in a manner that would provide a common competitor with an edge. Angie Turner, Ethics Officer at Abbott Labs, relays the importance of NDAs at law firms: "For a company that has as many products – some of them consumer facing – as Abbott, its critical that we protect our business partners and our products when we’re in discussions. So we use confidentiality agreements with our vendors and suppliers, our R&D partners and sponsors of trials we do with our clinical sites and investigator sites – the people who put forward their patients to be treated with one of our drugs." Turner goes on to highlight the fact that: "We also use a lot of nondisclosure agreements when we enter into a scientific deal, a collaboration or a license – or even when we negotiate. Once you’re in a deal you want to make sure the other party doesn’t use your information." As is often the case with inside information, it can sometimes be difficult to know what information is appropriate to details in an NDA and what isn’t. As a best practice, it’s generally advisable to start with as few exclusions as possible. Some examples of some common exclusions might include: As noted by Greg Ohappy, Associate General Counsel at AC Nielson: "Wherever you [as a law firm] might be, those kinds of restrictions are important, because it does apply to your legal work as well – your advice, your communications, our own internal documents." To avoid being the source of their own demise, public firms should be particularly careful with NDAs, contracts, and agreements, due to the increased exposure that firms operating in the knowledge economy face. The same can be said for firms that use confidential information from pharmaceutical companies. Situations involving excessive restrictions without any clear justification are often cited as a reason as to why certain firms tend to avoid or hodgepodge agreements with less than required security or foundation. Unfortunately, this isn’t the best practice if you’re interested in keeping pace with your competitors. As is the case with any contractual matter, lawyers should either enforce the confidentiality element of internal documents or seek to have any NDAs amended, renewed, or updated.
The Evolution of Confidentiality Agreements in Legal Practice
As legal practice becomes increasingly tech-driven and global, the future of confidentiality agreements for law firms will be shaped by ongoing changes to the digital landscape and emerging data privacy laws. With the rise of BYOD (bring your own device) policies and mobile email, law firm employees are communicating firm knowledge on remote devices that are not controlled by the firm. With shared servers or outsourced use of the cloud, knowledge may be transferred far beyond a law firm’s physical and legal custody. While the use of technology can be a great boon to law firms, that dependence on technology creates additional challenges to security protocols.
Encryption will play an increasingly essential role in the protection of law firm trade secrets. As technology continues to evolve and create new risks to confidentiality, law firms must remain vigilant in educating employees on the importance of electronic security controls and best practices . This is especially true in areas such as encrypted email, use of secure virtual private networks and secured cloud servers, and encryption of PST files.
Data privacy laws and the EU’s General Data Protection Regulation (GDPR) also affect the future of law firm confidentiality agreements. A law firm, which is processing personal data of EU nationals, must comply with the GDPR and quickly issue notifications when it has been affected by a data breach. With a breach, law firms must now provide significant detail on the potential impact of the breach. And while the GDPR has an extraterritorial effect, the United States has not yet enacted any national data privacy legislation comparable to the GDPR. While law firms have agreed to comply with GDPR for their clients, their employees may also have protections under the law. In addition, conflicting requirements of data breach laws and other laws can complicate adherence. Therefore, secrecy agreements, now more than ever, must keep pace with current data privacy requirements.
