The impossible clause: the NDA 'return or destroy' obligation

19 Nov 22

The obligation to return or destroy confidential information upon request (or at contract termination) is ubiquitous in confidentiality agreements. But in this era of distributed network computing and cloud storage, when nothing can ever be completely deleted everywhere, compliance with such a clause is illusory.

In complex, long-term contractual relationships, confidential information (usually defined quite broadly, and including “copies, analyses, descriptions” etc) is exchanged wide, often, and far, disseminated via and among countless individuals. Data resides simultaneously in emails and voicemails, in .doc, .xls, and .ppt files, in messages (eg Skype, Zoom, and Slack), cloud folders, etc, and on multiple servers at multiple locations—some of which may be under the control of third parties (eg AWS, Salesforce, and Google).

A truly effective deletion campaign would be either impossible or prohibitively expensive. And yet, return or destroy clauses are routinely accepted—even those with a requirement for a corporate officer to certify in writing that destruction has occurred.

It’s not uncommon for desperate and/or well-financed parties in litigation to pull any levers available. For such parties, a tempting target could be a claim for breach of a return or destroy clause—or even better, a claim for specific enforcement of such a clause. The e-discovery burden of defending such a claim, or complying with the clause, could force an unfavorable settlement.

Strategies for dealing with such clauses, and alternative contract text, can be found at RedlineReturn or Destroy Clauses in the 21st Century.


(The intended audience for this post is licensed and practicing lawyers, not laypersons seeking legal advice for their situation. If you are not a lawyer, hire one before using or relying on any information contained here.)