����ɫ��

A confidentiality agreement is a legally binding contract that outlines how confidential information shared between parties will be protected, used, or restricted from unauthorized disclosure. 

Confidentiality agreements go by many names, including:

• Non-Disclosure Agreement (NDA)
• Confidential Disclosure Agreement (CDA)
• Confidentiality Agreement (CA)

These are all more or less synonymous. Beyond confidentiality agreements themselves, legal terms regarding confidentiality are commonly included in other contracts between parties, such as research contracts or service contracts. The section below outlining Confidentiality Terms is still relevant to those situations.

“Confidential Information” in legal agreements generally refers to sensitive, proprietary, or restricted information which two or more parties exchange in the course of their collaboration. The recipient must comply with specific obligations towards that information. 

Common examples of “Confidential Information” in the course of research activities may include:

• Unpublished research data: results, raw and processed data, preliminary findings, drafts, notebooks, manuscripts.
• Technical information: designs, algorithms and source code, prototypes and schematics, scientific methodologies
• Business information: market analyses, customer/supplier lists, business or product strategies or plans, financial projections and statements, internal reports, manufacturing/processing techniques, non-public policies or procedures
• Intellectual property: engineering designs, patent materials (draft), trade secrets, proprietary processes or formulations
• Joint project materials: joint proposals, project charters or work plans, meeting minutes, internal communication records
• Regulatory information: submissions to regulatory bodies, compliance protocols, audit findings
• Personal or Health Information: study participant data (e.g. in clinical or social science research), health records, biospecimens, survey responses with personal identifiers. However, these categories of information attract privacy requirements which may make them more suitable for Data Transfer Agreements. 

The exact scope of “Confidential Information" is context-specific and will be carefully defined in the legal agreements. Overly broad definitions can unintentionally restrict academic freedom or future research. 

Typically, “Confidential Information” does not protect:

• Public information that is already in the public domain, or becomes public through no fault of the receiving party
• Information already known to the recipient, whether disclosed by the disclosing party or a third party
• General ideation and open-ended discussion about future plans or proposals

In research arrangements at UCalgary, an NDA is typically requested by a party when it intends to disclose proprietary, unpublished, or sensitive information before entering into a formal research agreement. This may include:

• Early-stage discussions about potential collaborations
• Sharing of unpublished data, methods, or results
• Initial access to proprietary technology or business information

An external partner may require UCalgary to sign an NDA before it shares its confidential information with a researcher. Alternatively, UCalgary researchers may want an external partner to sign an NDA before they feel comfortable sharing their own sensitive research ideas or information. 

You don’t always need an NDA to speak to a company or potential collaborator. Initial conversations may be high-level to determine if there is any mutual interest in collaboration. At this stage, before signing an NDA or other legal agreement

• Keep initial discussions general and non-confidential
• Ask for an NDA if conversations start to become technical and involve the exchange of proprietary, private, or sensitive information (see examples in What is Confidential Information above)

Generally, when the University is ready to enter into a definitive research agreement with an external party regarding a project, that research agreement will contain its own confidentiality terms. That typically eliminates the need for a standalone NDA.

NDAs can help establish clear expectations around the retention, dissemination, and use of confidential information, helping foster trust and enabling open dialogue. However, parties subject to confidentiality obligations need to carefully consider how these terms may affect their intended research responsibilities, academic freedom, and operational flexibility.

Before requesting an NDA through our Agreement Request Portal, UCalgary researchers should consider the nature of information they plan to share, and why they are sharing it. Some questions to consider:

Is the information truly confidential?

• Is the information already publicly available?
• Does the other party already have access to this information without confidentiality restrictions in place?

Could the NDA restrict future research or publication?

• Researchers should be cautious about NDAs that limit their ability to publish results, restrict research in related fields, or impose broad or indefinite confidentiality obligations.

Are confidentiality commitments already covered?

• By the time you share the confidential information – will the parties be bound by a definitive research agreement for a research project which already contains confidentiality terms?

Is the external partner requesting an NDA?

• External sponsors may require UCalgary to sign an NDA before sharing their proprietary information.

Will the information be shared with students or other collaborators?

• If confidential information will be shared with individuals beyond the principal investigator, additional internal UCalgary agreements (e.g., Research Participant Agreements) may be required to ensure compliance.

Do you know what information you will receive that is subject to the NDA?

• Have you and the external party clearly identified what information is to be treated as confidential? Or will you be assuming obligations towards a very broad potential scope of information? 

At the ����ɫ��, our preferred and standard practice is for NDAs to be signed by an authorized institutional representative on behalf of UCalgary. Not individual researchers in their personal capacities. 

Researchers should generally avoid signing NDAs on their own behalf if the purpose relates to UCalgary research activities. University Legal Services is unable to provide any advice or support on NDAs which bind individuals, rather than UCalgary as an institution. 

If researchers nonetheless decide to sign an NDA personally, then they are strongly encouraged to seek independent legal advice. Those NDAs will not be binding on UCalgary, and researchers may be personally liable for any breach. This could include monetary penalties or other claims. Supervisors of students are also cautioned to ensure that their students are aware that signing NDAs personally may result in legal risks. 

If you are a UCalgary researcher or student, and you have received an NDA from an external party, or would like to develop an NDA before you work with an external party, please submit a request to Research Legal through our Agreement Request Portal.

NDAs that involve the exchange of confidential information in the context of research will be reviewed by Research Legal to ensure:

• The terms align with researcher requirements, along with ����ɫ�� policies and legal obligations
• The agreement does not restrict academic freedom or future research
• Confidentiality obligations are appropriately scoped and enforceable

The Principal Investigator and their Department and Faculty are responsible for protecting the Confidential Information and informing their staff of the NDA terms.

No central University database stores or manages all NDAs which UCalgary has signed. This means that other employees at UCalgary may not know about the NDA if they receive or access the information. This is why it is important for UCalgary researchers to set up appropriate technical safeguards, and communicate confidentiality expectations to their teams. 

It is critical to carefully read your NDA to understand your obligations. Failure to comply with the terms of an NDA can have very serious financial and reputational consequences for you and UCalgary. It can affect both your academic career and your IP/commercialization rights. 

If you have specific questions about how to comply with your NDA, please contact researchlegal@ucalgary.ca.

• Unilateral NDAs: One party discloses confidential information, and the other agrees to protect it.
• Mutual NDAs: Both parties exchange confidential information and agree to reciprocal obligations. For two parties, these are “bilateral” and for three or more parties they are “multilateral”.

Mutual NDAs are the most commonly used NDA format for most research collaborations at UCalgary. These agreements reflect the fact that both sides are likely to share valuable private information during the course of their initial discussions, project scoping, and joint work. 

Unilateral NDAs may be desired where the recipient receives sensitive information for a discrete purpose, and is not sharing any significant private information back. For example, where the recipient is only be conducting a rote analysis of the disclosing party’s datasets.

“Confidential Information” should be clearly defined to ensure both parties understand what they’re expected to keep confidential. This may mean:

• Explicitly identifying categories of confidential information in a legal agreement, and/or
• Marking the information as ‘confidential’ (see below).

Confidential Information should include appropriate exceptions, based on the subject matter. This may include:

• Information already known by the recipient
• Publicly available data
• Independently developed knowledge
• Information legitimately acquired from a third party

Confidentiality terms should specify the permitted purpose for which that confidential information may be used. 

When NDAs are used for initial research discussions, that purpose is typically focused on evaluating the proposed research, generating ideas for research project concepts, and engaging in preliminary joint research activities. 

When confidentiality terms are included in other definitive research agreements pertaining to a project, that purpose is typically focused on conducting the research project, fulfilling any other obligations in the agreement (or to any other funders or collaborators), and submitting publications regarding the research results.

A recipient does not want to inadvertently disseminate information without realizing that the other party wanted it to be kept confidential. To help avoid disputes, confidential information should be:

• Clearly marked as confidential (for written materials)
• Confirmed in writing within a set timeframe (for oral disclosures)

UCalgary does not generally require external parties to limit the distribution of UCalgary confidential information to designated individuals (i.e. only those with a ‘need to know’). 

However, if an external party wants to limit recipients of Confidential Information to only those individuals at each organization who have a ‘need to know’ that information, then at UCalgary, this will need to include:

• Faculty, staff, and students who are involved in the project
• All administrative personnel supporting the research 

In some cases, individuals at UCalgary may be required to sign Research Participant Agreements to formalize their obligations. UCalgary will enter into these agreements (or other forms/agreements) directly with its personnel as an internal matter. 

UCalgary internally manages any confidentiality commitments which need to be passed down to its individual employees, students, or contractors. ����ɫ�� obligations to limit access to discrete personnel may be addressed by confidentiality duties under UCalgary employee contracts, separate internal forms, or through Research Participant Agreements for project participants. UCalgary does not distribute copies of these forms or any employment agreements to external parties, which are a strictly internal matter.

The main purpose of confidentiality terms is to prohibit the disclosure of confidential information to third parties. However, UCalgary generally expects to see industry standard exceptions to restricted disclosure, including:

• If the disclosing party provides its prior written consent to that disclosure
• Disclosures required for the recipient to comply with its legal or regulatory requirements. For UCalgary, this includes information we may be required to disclose under Alberta’s Access to Information Act, our public sector transparency legislation. That said, there are relatively broad exemptions under this legislation to research information.
• Information already in the public domain, information independently developed by the recipient, lawfully obtained information from other sources (these may instead be carved out of the definition of “Confidential Information”).

Confidentiality terms may speak to the steps that recipients must take to protect confidential information. They could broadly require “reasonable” measures to ensure the security of confidential information, or contain specific actions regarding:

• Secure storage (physical and digital)
• Controlled access procedures

UCalgary researchers will need to ensure that they can practically comply with any of these obligations given the technical and operational resources at UCalgary. For example, consider:

• If you need to restrict access to Confidential Information to only specific personnel (e.g. direct project participants), then:
  • the drive(s) you use to store that Confidential Information (and any other data derived from it) will need to be set up with those specific permissions.
  • those personnel need to be made aware that they are not allowed to share the Confidential Information outside of the permitted group.
• If the confidentiality terms require you to use specific technology security standards in storing and saving the Confidential Information, then:
  • verify that the drive(s) and/or databases you use to store that Confidential Information meet those standards.
  • your project participants must ensure that they deposit and access the Confidential Information using only permitted drive(s) and/or databases (i.e. no other copies sent to personal emails, unauthorized Githubs, etc.)

If you have any questions about the technical standards required for Confidential Information or available under your research data infrastructure, please contact itsupport@ucalgary.ca.

These terms relate to a recipient’s obligation to either return or destroy confidential information at the end of a legal agreement, or otherwise upon the request of the disclosing party. 

Any retention-related confidentiality terms must not conflict with ����ɫ�� . UCalgary can agree to provide written confirmation of its destruction of external confidential information, but it does not provide formal certificates or attestations of destruction.

If UCalgary receives a request from an external party to either return or destroy their Confidential Information, then the UCalgary research team will need to ensure that they comply with the terms of the associated legal contract. Under those terms, there may be allowances for you to retain a copy to comply with ����ɫ�� internal retention policies, or for other discrete purposes. If you are a UCalgary researcher and have received a request to return or destroy Confidential Information, and you have any questions regarding your obligations, then please contact researchlegal@ucalgary.ca.

When confidential information includes personal or health information, additional legal and ethical obligations may apply. 

Generally, NDAs should exclude personal or health information unless its inclusion is necessary and appropriate terms and conditions are included. For data involving human participants, generally a Data Transfer Agreement (DTA) may be more appropriate than an NDA. 

Where a UCalgary researcher is conducting a research project, they may be individually responsible as the “custodian” of personal information. The custodian is directly responsible for the collection, use, and disclosure of their associated personal information. UCalgary researchers are also subject to ����ɫ�� policies and procedures regarding information security and privacy.

As a publicly research institution, UCalgary is committed to the dissemination of knowledge through academic publications. Confidentiality terms must not unduly restrict a researcher’s ability to publish research results arising from their scholarly activities. 

While UCalgary may agree to provide external parties with a limited period of time to review publication drafts and request removal of their confidential information, UCalgary does not accept blanket publication bans, veto powers, or undefined periods of delay. Any restrictions must be narrowly tailored, time-bound, and consistent with both associated funding agency requirements and the University’s academic mission. For more information see: Publications and Sponsored Research Guidelines

If UCalgary is subject to any “open data” or “open research” requirements in connection with a research project or its funding (e.g. to complete ongoing research data deposits with public repositories), then it will need to ensure that its confidentiality obligations remain consistent with those requirements. UCalgary researchers should make their external partners aware of these requirements, as applicable, before collaborating on a research project together.

Confidentiality terms will also speak to the associated liability and remedies available for breach. UCalgary will negotiate terms regarding liability for breaches, equitable remedies (such as injunctions) where monetary relief is insufficient, and limitations of liability. UCalgary carefully reviews these clauses to ensure they are reasonable and enforceable.

Confidentiality obligations typically survive the termination of their associated agreement for a defined period (e.g. 3 – 5 years). This ensures protection of sensitive information beyond the life of the project. UCalgary cannot agree to perpetual confidentiality restrictions.

UCalgary cannot accept non-solicitation obligations. These clauses – typically intended to prevent a party from hiring or contracting the other party’s employees, suppliers, or customers – are not compatible with ����ɫ�� legal and operational framework. As a public sector institution, UCalgary is subject to specialized trade and competition legislation, and many of its employees are represented by labour unions under collective agreements. Accepting non-solicitation terms could conflict with these agreements or legislation, and restrain ����ɫ�� ability to recruit, collaborate, and operate freely within its academic mandate.

Similarly, UCalgary cannot accept any non-competition or exclusivity obligations which prevent it from freely collaborating or transacting with other businesses or parties, who may be engaged in similar areas of research as its current sponsor. These clauses undermine academic freedom, restrict future research directions, and again conflict with our public sector mandate.