Confidentiality clauses — better known as non-disclosure agreements (NDAs) — aren’t just legal boilerplate. They’re a frontline defence against losing valuable business, client, and employee information. In every sector, from tech to finance, healthcare to professional services, employees handle trade secrets, client lists, business plans, and sensitive data. If that information is disclosed, whether deliberately or by accident, the consequences can be severe — leading to financial loss, competitive disadvantage, or lasting reputational damage.
While Irish law already imposes an implied duty of confidentiality during employment, an explicit, well-drafted clause strengthens that obligation and extends it beyond the end of employment. Crucially, it removes doubt about what is considered confidential, how it must be handled, and the consequences of a breach.
When it comes to handling personal data, GDPR makes the case crystal clear: confidentiality isn’t optional, it’s a legal duty. Employees need to know exactly what that means in practice — especially when dealing with sensitive information like client records or medical files.. As one data security maxim reminds us, “confidentiality does not start with the firewall, but with the employees.”
But not every confidentiality clause will stand up to scrutiny in court. To be enforceable, confidentiality provisions must serve legitimate business purposes and protect genuine confidential information. They should not be so sweeping that they infringe employee rights or public interest. This is why careful, industry-specific drafting is essential. Tailored clauses set out clearly what is considered confidential, how it must be safeguarded, and the limits of the obligation. In the following sections, we examine how to achieve that balance and make confidentiality clauses effective in practice.
Overbroad Clauses and the Need for Tailoring
When it comes to confidentiality clauses, one size does not fit all. Drafting too broadly can render a clause unenforceable. Irish courts (and, by extension, the EU) – in line with other common law jurisdictions – will not uphold provisions that go beyond what is reasonably necessary to protect legitimate business interests. This principle is well illustrated by case law, which shows that the courts will carefully distinguish between different types of contractual restriction and scrutinise how they are drafted. In P14 Medical Ltd v Mahon [2020], for example, the UK High Court granted interim relief to enforce post-termination restrictions, including restrictive covenants, but nonetheless examined the scope of the confidentiality clause in detail.
The clause defined “Confidential Information” as covering not only trade secrets, but also “information relating to the business, products, affairs and finances” of the company, with no time limit. The court noted (para 119) that while the employee clearly had access to trade secrets, the clause sought to restrain the use of much broader categories of merely confidential information indefinitely. This was considered impermissibly wide, as it attempted to extend protection beyond genuine trade secrets after employment had ended.
The judgment is a reminder that courts will differentiate between types of restriction (e.g. non-compete, non-solicitation, confidentiality) and apply the proportionality test to each. Confidentiality clauses must be carefully drawn: trade secrets can attract indefinite protection, but lesser categories of confidential information must usually be limited in duration and scope.
Irish courts take a similar approach. In Net Affinity Ltd v Conaghan [2011] IEHC 160, the High Court held that a 12-month non-compete clause was void because it was too wide and not limited geographically. However, the Court recognised that the employee’s access to confidential information and customer connections created a legitimate risk, and granted more targeted injunctive relief — including a 12-month restriction on soliciting existing customers and an injunction restraining breaches of confidentiality.
This case highlights why narrower, well-defined confidentiality clauses are more likely to withstand scrutiny. The Court rejected a blanket restraint on competition but was willing to uphold and enforce proportionate protections tied to genuine confidential information and specific client relationships.
A tailored clause should clearly identify the categories of information being protected – for example, technical designs, client databases, pricing strategies – and limit restrictions to what is necessary in scope, geography (if applicable) and duration. For ordinary confidential information, 2–5 years post-employment is common; trade secrets can justifiably be protected indefinitely.
The takeaway is simple: narrower is safer. A focused clause is more credible, more enforceable, and more likely to achieve its purpose. A generic, copy-and-paste provision risks leaving your business with no contractual protection at all.
Industry-Specific Considerations
Before drafting a confidentiality clause, regard should always be had to the industry in which the business operates and the specific information it needs to protect. A clause that is appropriate for a technology start-up may be wholly inadequate – or unnecessarily wide – for a law firm or medical practice. Tailoring the provision to the realities of the business ensures it protects what matters most while remaining enforceable. For example:
- Healthcare and Medical: Protect patient-identifiable information, clinical trial data, and medical research (all of which is deemed special category data under GDPR). The clause should reflect legal and ethical duties in the sector, ensuring staff understand their obligation to safeguard this highly sensitive information.
- Technology and R&D: Focus on proprietary algorithms, source code, product roadmaps, prototypes, and unpublished patents. If client or user data is central to the business, include clear protection for security protocols and data integrity.
- Financial Services: Address client lists, transaction data, investment strategies, and other non-public financial information. Ensure the clause aligns with regulatory obligations, such as restrictions on market disclosure or anti-money laundering rules.
By defining the precise categories of information that need protection in each industry, the clause becomes both stronger and more defensible if challenged.
Best Practices for Drafting Enforceable Confidentiality Clauses
A strong confidentiality clause should be precise, proportionate, and clear. The aim is to protect genuine confidential information in a way the courts will uphold. Key drafting steps include:
Define “Confidential Information” Precisely: Avoid blanket definitions. List specific categories relevant to the business, such as customer lists, financial records, technical designs, trade secrets, and sensitive client data. Exclude trivial or public information to show the clause is targeted.
- Set Purpose and Scope: Make clear that confidential information is provided solely for the employee’s role and must not be used or disclosed outside that context, both during and after employment.
- Apply Sensible Time Limits: Use finite periods (typically 2–5 years) for ordinary confidential information, with indefinite protection reserved for genuine trade secrets. Be prepared to justify any indefinite period.
- Allow for Legal and Ethical Disclosures: Include carve-outs for whistleblowing, disclosures required by law, or regulatory reporting. This demonstrates the clause is balanced and lawful.
- Scale Clauses by Seniority: Match confidentiality scope to the employee’s role and access. Senior staff may require broader definitions, longer restrictions, and stricter return/deletion obligations, while junior staff may only need narrower, role-specific protections. This proportional approach improves enforceability and avoids overreach.
- Require Return or Deletion of Material: On termination (or on request), employees should return all company materials and delete any confidential information from personal devices or accounts.
- State Remedies for Breach: Specify that breaches may cause irreparable harm and that the employer can seek injunctions and damages. Clear consequences strengthen deterrence.
- Include Severability: Include a “blue-pencil” clause that allows unenforceable parts to be removed without invalidating the rest, while remembering that courts will not rewrite an overbroad clause.
- Review and Tailor Regularly: Update clauses to reflect changes in roles, business operations, and law. Avoid using the same clause for all positions without adjustment.
- Reinforce with Policies and Training: Support contractual duties with internal policies, training, and a workplace culture that treats confidentiality seriously.
Key Point: Draft with a scalpel, not a sledgehammer. Precision increases enforceability, reduces disputes, and ensures the clause protects what truly matters.
