CLS Blue Sky Blog

Cleary Gottlieb Discusses Non-Disclosure Agreements — Are They Effective?

Over the past several years, the use of non-disclosure agreements (“NDAs”) has received significant public scrutiny following their controversial use in a number of high profile harassment claims.[1]

NDAs were back in the headlines earlier this year following the leak to the Telegraph of around 100,000 Whatsapp messages belonging to the former UK Health Secretary Matt Hancock.[2] The messages, which revealed Mr Hancock’s communications with other members of the government during the COVID-19 pandemic, were disclosed by a journalist who had access to the material through her work on Mr Hancock’s memoirs. The journalist’s actions reportedly breached the terms of an NDA that had been agreed between the parties.[3]

NDAs play a critical role in many walks of commercial life and this article reviews their utility and some of the issues which can arise with their enforcement. Awareness of the risks of disclosure of information, even under a tightly drafted NDA, is essential to avoid being caught out, as perhaps Mr Hancock discovered.

What is Meant by an “NDA”?

Whilst it is clear the aim of an NDA is to keep sensitive or valuable information confidential, the term is used very flexibly and can apply in a number of contexts. An NDA may be a standalone agreement imposing obligations of confidentiality, or a clause or number of clauses with similar effect within a broader agreement. NDAs are thus a feature of many different types of contract including agreements to promote business between parties such as investors and prospective parties to a M&A deal, agreements to protect intellectual property or other commercially sensitive information, employment contracts which seek to prevent the disclosure of confidential information during and after employment, or settlement agreements which attempt to keep private details of a settlement and/or the dispute.

Several years ago the #Metoo movement triggered the publication of a number of official inquiries, consultations and pieces of guidance which were aimed at reforming the unethical use of NDAs in the context of harassment and discrimination claims in the workplace.[4] Whilst ensuring NDAs are used ethically in this context is a highly important topic and deserved of the attention it has received, this article focuses on NDAs in a more commercial context.

SRA’s Warning Notice

Perhaps the starting point is the Solicitors Regulation Authority’s (the “SRA’s”) Warning Notice (originally published in 2018 and updated in 2020) regarding the use of NDAs.[5] It is of broad application and stated as being relevant to all NDAs regardless of the context in which they arise, and adopts a wide definition of NDA, being “any form of agreement or contract, or a clause within a wider agreement or contract, under which it is agreed that certain information will be kept confidential”. The notice sets out that the SRA will consider an NDA has been improperly used where:

The notice also states that taking unfair advantage of an opposing party (e.g., capitalising on a party’s lack of legal knowledge or representation), applying undue pressure or oppressive tactics, or preventing a party from keeping a copy of the NDA, would be a breach of a solicitor’s regulatory obligations. Practitioners should note that failure to comply with the warning notice may lead to disciplinary action by the SRA.

The Enforcement of NDAs

Contractual Principles

NDAs are subject to standard contractual principles which must be met for the contract to be enforceable (i.e. there must be an offer and acceptance, the terms must be sufficiently certain, there must be consideration etc.). In certain situations, there may also be vitiating factors to take into consideration which could affect a contract’s enforceability (such as misrepresentation, mistake, unconscionability, undue influence or duress). To the extent that contractual obligations are unenforceable, equitable obligations in relation to confidentiality may still survive.[6]

Whistleblowing Disclosures

As a matter of law, NDAs cannot be used to prevent protected disclosures being made to relevant bodies by a “worker”[7] (a point also emphasised in the SRA Warning Notice discussed above).

Whistleblowing is only protected by law if the content and reporting meets the requirements of  Public Interest Disclosure Act 1998 (“PIDA”). Qualifying disclosures are disclosures of information which the worker reasonably believes are in the public interest and that show one or more of the following is either happening, has taken place, or is likely to happen in the future:

Qualifying disclosures are protected where made to an appropriate person. PIDA encourages workers to make “internal” disclosures to their employer. Disclosures to third parties may also qualify as “protected disclosures” but in more limited circumstances which vary according to the category of third party the disclosure is made to.[8] Wide disclosures, such as those to the media, will only be protected in narrow circumstances, and must be shown to be reasonable and not made for personal gain, amongst other things. For this reason, leaks to the media are rarely protected under PIDA.

Causes of Action

Where confidential information is disclosed in breach of the terms of an NDA, the disclosing party may be subject to claims for breach of contract and/or a free-standing equitable claim for breach of confidence (the scope of which will fall to be determined by reference to the contract agreed between the parties). The recipient may also be under an equitable duty of confidence as a third party recipient of information disclosed in breach of confidentiality obligations.[9]

If the disclosure contained personal or private information about which there was a reasonable expectation of privacy there may also be tortious claims for the misuse of private information. Whether there was a reasonable expectation of privacy, is a broad question which takes account of all the circumstances.

Public Interest Defense

The law of confidentiality is based on the principle that people who are entrusted with confidential information ought, as a general rule, to respect it. However, disclosures of confidential information which are made in the public interest may avoid liability where a court considers the public interest in maintaining confidence is outweighed by the countervailing public interest in disclosure. This appears to have been the ground used to justify the disclosure of Mr Hancock’s Whatsapp messages.[10]

There is a broad range of circumstances in which such a defence might apply, but a summary of the general principles arising from caselaw which relate to its application are below:[11]

  1. Respect for confidentiality is itself a matter of public interest.
  2. To justify disclosure of otherwise confidential information on the grounds of public interest, it is not enough that the information is a matter of public interest. Its importance must be such that the duty otherwise owed to respect its confidentiality should be overridden.
  3. The matter must either relate to serious misconduct, or it must otherwise be important for safeguarding the public welfare in matters of health and safety (or of comparable public importance) that the information should be known to whom it is disclosed.
  4. Even if the information meets the test, it does not necessarily follow that it would be proper for the defendant to disclose it. The court must consider the relationship between the parties and the risks of harm which may be caused (or avoided) by permitting or prohibiting disclosure, both in the particular case and more generally.
  5. Ultimately the court has to decide what is conscionable or unconscionable, which will depend on its view of what would be acceptable to the community as a fair and proper standard of behaviour.



A party owed a duty of confidence (or a party to a contract) may seek an injunction to prevent a breach. However, this remedy may not be available or may be of little practical use, if the relevant information has already been disclosed or misused (for example, where confidential information has been leaked to and published by the media). In general, the remedy for past misuse of confidential information will be financial rather than an injunction.[12]

Where a party is seeking to obtain an interim injunction, the court will generally apply the test derived from the American Cyanamid guideline of whether there is a “serious question to be tried” or a “real prospect” of success at trial. Where, however, a party seeks to restrain publication of information before trial, it faces a higher threshold. In those circumstances the court will have particular regard to the importance of a party’s right to freedom of expression under Article 10 of the European Convention of Human Rights, and the court must be satisfied the applicant is likely to establish that it would succeed at trial and that publication would not be allowed.[13] In these circumstances, factors which may be relevant to the court’s determination include whether:

The fact-sensitive nature of this exercise in any given case means there is often considerable uncertainty as to whether an injunction will be granted.

Damages and Account of Profits

Where confidential information is divulged in breach of a non-disclosure agreement, usually damages for the loss suffered by the innocent party will be a more appropriate remedy than an account of profits. In a commercial context, such damages might often be assessed by reference to a notional reasonable price to buy release from the claimant’s rights.[25] In other words, damages may be assessed by reference to the commercial value of the information which has been misused.

In determining whether the case is sufficiently exceptional for an account of profits to be preferred to damages, the court will ask whether the claimant’s interest in the performance of the obligation of confidence made it just and equitable that the defendant should receive no benefit from his conduct. Where the obligation in question is similar to a fiduciary obligation,[26]it may be appropriate for remedies to be similar to those in respect of a breach of fiduciary duty (so as to allow for an account of profits). Where the obligation arises from an arm’s-length contract, or circumstances similar to a contractual relationship, in the absence of exceptional circumstances, the appropriate remedy is likely to be similar to those available for breach of contract.[27]

Additional Consequences of a Breach

Where a contractual confidentiality obligation is breached which is of sufficient importance to be a condition of the contract, the innocent party may repudiate the contract (in addition to seeking damages). An NDA may also stipulate the consequence of a breach will be the repayment of any sums paid under the agreement and/or other costs. Such sums will be recoverable if considered liquidated damages and not a penalty.


The effectiveness of any given NDA will depend to a large extent on the nature of the contract and the circumstances in which the confidential information has been shared. Where ethically used, NDAs remain a useful tool to protect sensitive information, but they cannot necessarily prevent unauthorised disclosures from being made. Sharing confidential information with another party, even where there is an NDA in place, necessarily involves a degree of risk and a reliance that the sensitive material will not be misused.

Even where a party can enforce an NDA after a breach, there may remain practical problems to doing so. Once confidential information has been made public, much of the damage may already be done — it may be impossible to “unring the bell” —and the innocent party may be restricted to seeking compensation for any harm caused. Pursuing a claim may also risk exacerbating any reputational damage and adverse publicity arising from the breach. If a party’s claim lies against a newspaper or large media outlet, any remedy is likely to be expensive to obtain.

Commercial parties should therefore be careful to balance the risks when deciding whether to share confidential information under an NDA. On one side of the scales are the opportunities that may be created from sharing confidential information with a counterparty. On the other side of the scales, is the real risk that valuable information is misused in breach of the NDA, the potential difficulties in securing an injunction and the limits placed by the courts on financial recoveries.

Disclosing parties should seek to manage these risks where possible, both through the terms of the NDA and in practice. The steps taken to manage the risk will depend on the circumstances in which the confidential information is being shared but may include:


[1] See for example the claims of harassment involving Harvey Weinstein, Phillip Green and the 2018 President’s Club Dinner.



[4] See for example the Equality and Human Rights Commission’s March 2018 report “Ending Sexual Harassment at Work”, the House of Commons Women’s Committee’s July 2018 report “Sexual Harassment in the Workplace” and its June 2019 report “The use of non-disclosure agreements in discrimination cases”, the Law Society’s December 2019 Practice Note “Non-disclosure agreements and confidentiality clauses in an employment law context” and the UK Government’s July 2019 response to its consultation on proposals to prevent the misuse of confidentiality clauses in situations of workplace harassment or discrimination.


[6] Force India Formula One Team Ltd v Aerolab SL 2013 EWCA Civ 1374

[7] s43J Employment Rights Act 1996

[8] A “protected disclosure” may for example be made to a list of “prescribed persons” (available here), which includes the National Crime Agency, the Serious Fraud Office, the Competition and Markets Authority, His Majesty’s Revenue & Customs and the Health and Safety Executive.

[9] Attorney General v Guardian Newspapers Ltd (No 2) 1990 1 AC 109


[11] Toulson & Phipps On Confidentiality (4th ed., 2020), p.135

[12] Vestergaard Frandsen A/S v Bestnet [2009] EWHC 1456 (Ch)

[13] Cream Holdings Ltd v Bannerjee [2004] UKHL 44

[14] ABC v Telegraph Media Group Ltd [2018] EWCA Civ 2329

[15] Ibid

[16] Mionis v Democratic Press SA & Ors [2017] EWCA Civ 1194

[17] HRH The Prince of Wales v Associated Newspapers Ltd [2006] EWCA Civ 1776)

[18] ABC v Telegraph Media Group Ltd

[19] Ibid

[20] Ibid

[21] Ibid

[22] The Bank of London Group Ltd v Simmons & Simmons LLP [2022] EWHC 2617 (Ch)

[23] Rafael Advanced Defense Systems Ltd v Mectron Engenharia, Industria e Comercio SA [2017] EWHC 597 (Comm)

[24] s12(4)(a)(i) Human Rights Act 1998

[25]Wrotham Park Estate Co. Ltd v Parkside Homes Ltd [1974] 1 WLR 798; Seager v Copydex Ltd [1967] 1 WLR 923

[26]as in the special context of obligations imposed on officers of the Secret Intelligence Service in A-G v Blake [2001] 1 AC 268

[27] Vercoe v Rutland Fund Management Ltd [2010] EWHC 424

This post comes to us from Cleary Gottlieb Steen & Hamilton LLP. It is based on the firm’s memorandum, “RIP NDA? How Effective Are Non- Disclosure Agreements?” dated April 25, 2023, and available here. 

Exit mobile version