The What’s Market series is an ongoing analysis and breakdown of the various clauses found within software contracts. Each article takes data gathered by TermScout, which uses AI assisted by contract professionals to accurately review and rate contracts, and breaks down the differences between vendor contracts, customer contracts, and negotiated contracts.
This article will focus on the handling of confidential information, protection obligations and how often it is offered within IT, SaaS and PaaS contracts.
Contracts Standards defines confidential information as follows:
“Confidential Information means all material, non-public, business-related information, written or oral, whether or not it is marked as such, that is disclosed or made available to the receiving party, directly or indirectly, through any means of communication or observation.”
This is just one example of how confidential information may be defined in an agreement. Parties will heavily negotiate the exact scope, requirements, and other facets of the confidential information provision.
Confidential information may include, but is not limited to, things such as social security numbers, business and marketing plans, passwords, other IT related information, credit card numbers and more. Given how sensitive and critical much of this information is, it is natural for clients and businesses alike to want to protect it. The leak of such information could lead to loss of trust by clients, offer a competitive advantage to other groups, or a huge loss in revenue from leaked business plans. Further, as a result of a party’s failure to meet its contractual commitments, if this provision is breached, the non-breaching party will have a right to a remedy, which may include common remedies such as damages or injunctive relief to prevent further harm. Despite the importance of protecting confidential information, vendors and customers alike are reluctant to make an explicit commitment to protect the other party’s confidential information.
The reason for a lack of commitment in the starting contract may stem from the weight such a commitment carries. The protection of confidential information is a double-edged sword: By making a commitment of protection, a party subjects itself to added responsibilities and potential liability in the event that the commitment is breached. However, the same commitment also assures a party that in its use or performance of services, where confidential information is to be exchanged, that their confidential information will be protected. This makes the terms for confidential information not only critical to include, but also a potentially risky promise. As such, these terms are heavily scrutinized before being agreed to.
Vendor v. Customer v. Negotiated Contracts
One of the most interesting facets of the data gathered by TermScout, is that both parties want a guarantee that their confidential information is protected, but can be reluctant to offer the same to the opposite party. How do parties cross this impasse? If both parties desire their confidential information to be protected, but are reluctant to protect the other party, who gets what they want? To find the answers, TermScout has reviewed and gathered information from 647 vendor contracts, 103 customer contracts, and 101 negotiated contracts. By carefully studying the above contracts and their clauses, TermScout is able to determine the most detailed and accurate answer.
As discussed earlier, committing to protection of confidential information is a double-edged sword, as it not only inspires confidence and trust, but comes with the added risk of contract breach should the worst come to pass. The data below helps to reinforce this idea, but the results we see post negotiation prove how important such protection is to all of the involved parties.
What Vendors Offer (647 vendor forms)
Based on the data, vendors commit to protecting confidential information both for themselves and their customers at a near equal rate (~65%). This makes sense, as clients are less likely to agree to terms where their confidential information is not protected. This is reinforced by data that indicates mutuality between provisions (meaning the commitments of both vendor and customer are identical) in 72% of vendor contracts. This means, for vendors, the double-edged sword is worth the risk, but can the same be said for customers?
What Customers Offer (102 customer forms)
In quite the departure from the vendor data, customer forms are less likely to provide a guarantee of protection for vendors, but almost universally provide one for themselves. Yet, when we look at mutual obligations, the percentage of customer contracts that have mutuality in the confidentiality provision lines up with that from the vendor contracts. It appears that both parties do recognize the importance of confidential information protections, but customers are the ones who want that commitment, much more so than vendors. So how does this desire play out during negotiations?
What Happens When Parties Negotiate (101 negotiated contracts)
Post-negotiation, the percentage of contracts that do not provide protection for either party’s confidential information is less than 10%, even when you combine the numbers for vendors and customers together (8%). From these two charts we can gather that through negotiation, almost every single contract gains some form of protection for the vendor and customer’s confidential information. What’s interesting though, is that despite almost universally containing protection, the obligations are not necessarily fully mutual. This may arise from the fact that the information each party wishes to protect is different, and as such the obligations to protect said information vary from party to party. Regardless, this shows how powerful a tool negotiation can be for both parties, as it is not often that we see such universal agreement over contractual clauses and agreements.
Examples of Companies where Vendor information is protected:
- Casetext: V, Terms of Service
- Microsoft Azure: Confidentiality, Microsoft Customer Agreement
- Podium: 9.1, Terms of Service
- Zendesk: 5, Master Subscription Agreement
Examples of Companies where obligations are mutual:
- Amplitude: 4, Master Service Agreement
- Kira: 4, Terms of Service
- Snowflake: 5, Snowflake Terms of Service
- Vanta: 5, Master Subscription Agreement
Note: Examples of companies where Customer does not have protection for their confidential information and companies where obligations are not mutual have been excluded from this list, as in almost all cases where this is true it is due to the contract not addressing these topics, rather than clearly stating that there is no such protection or obligations.
As we determined early on, the protection of confidential information is of significant importance to both vendors and customers. We can see this through their efforts in negotiation, and for customers in particular, through their overwhelming inclusion of such language in their base terms. It is interesting to see how vendors are more likely to offer protection for both parties, while customers tend to skew more towards themselves. However, regardless of which side you stand on, your best bet to receive such protection is through negotiation. If confidential information protection is not addressed within the contract, then it is overwhelmingly likely that you will be able to negotiate for it, once again reinforcing the importance and weight that contract negotiations carry.
This is the final post in the What’s Market series for now. We hope you have enjoyed reading the series and hopefully you learned something as well. Thank you for your support and look forward to TermScout’s next project, coming soon!