Book a demo Log in / Sign up

It Confidentiality Agreements Template for Canada

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a It Confidentiality Agreements?

An IT confidentiality agreement protects proprietary systems, source code, client data, and technical know-how shared with IT contractors or consultants. In Canada, there is no standalone trade secrets statute, so contractual confidentiality obligations under common law are the primary protection mechanism. These agreements must also address PIPEDA data-processing obligations when personal information is involved, and should be tailored to the specific sensitivity of the technology and data being shared.

Frequently Asked Questions

What is an IT confidentiality agreement used for in Canada?

An IT confidentiality agreement (or NDA) binds IT contractors, consultants, or employees to keep proprietary systems, source code, security configurations, client data, and technical know-how confidential. In Canada, these agreements are standard practice in technology engagements because Canadian common law provides limited automatic trade-secret protection, making contractual confidentiality obligations the primary enforcement mechanism.

Is there a standalone trade secrets law in Canada?

Canada does not have a dedicated federal trade secrets statute equivalent to the US Defend Trade Secrets Act. Protection relies on breach of confidence as a common-law tort, breach of contract under an NDA, and, in some cases, breach of fiduciary duty. This makes a well-drafted confidentiality agreement especially important in Canadian IT engagements, as common-law remedies alone may be uncertain and costly to enforce.

What information should an IT confidentiality agreement protect in Canada?

The agreement should define confidential information broadly to include source code, system architecture, security protocols, network configurations, access credentials, client data, business processes, financial information, and any proprietary algorithms. Carve-outs for information that is publicly known, independently developed, or received legitimately from a third party without restriction are standard and prevent overly broad obligations.

How long should confidentiality obligations last in an IT agreement in Canada?

Obligations typically survive the end of the engagement by two to five years for general business information. For highly sensitive information such as trade secrets or source code, many Canadian IT agreements include perpetual confidentiality obligations, since the information never becomes less sensitive with time. Courts in Canada have upheld perpetual obligations for genuine trade secrets provided the clause is otherwise reasonable.

Can an IT contractor in Canada use client data for their own AI or machine-learning training?

Not without express authorisation. PIPEDA and the confidentiality agreement together prohibit using personal data or proprietary information for purposes beyond the contracted engagement. An IT provider using client data to train AI models without consent would likely breach both the confidentiality agreement and PIPEDA, and potentially the Criminal Code provisions around unauthorised use of computer data.

What remedies are available in Canada if an IT confidentiality agreement is breached?

Remedies include injunctive relief (a court order to stop the breach), damages for financial loss caused by the disclosure, account of profits if the contractor profited from the confidential information, and in appropriate cases destruction or return of confidential materials. Courts in Canada have granted interlocutory injunctions in IT breach-of-confidence cases where there is an immediate risk of ongoing disclosure or competitive harm.

Does PIPEDA affect how IT confidentiality agreements are drafted in Canada?

Yes. Where the IT engagement involves personal information, PIPEDA requires the contracting organisation to maintain accountability for that data even when it is processed by a third party. The confidentiality agreement should include specific data-processing terms: the permitted purposes for which the contractor can use the data, security safeguards required, breach-notification obligations, and data return or deletion requirements at the end of the engagement.

Can a non-solicitation clause be included in a Canadian IT confidentiality agreement?

Yes, and it is common. Non-solicitation clauses prevent the IT contractor from approaching the client's employees or clients for a defined period after the engagement ends. Canadian courts are more willing to enforce non-solicitation clauses than non-compete clauses, provided the scope (duration, covered individuals) is reasonable. A combined confidentiality and non-solicitation agreement is standard in Canadian IT services contracting.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Canada

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Disclosure Agreement

Sector

Business

Cost

Free to use

Last updated

About the It Confidentiality Agreements

An IT Confidentiality Agreement is a specialized legal contract that protects sensitive technical information, trade secrets, and proprietary technology when you engage in business relationships involving IT services or products. Unlike standard non-disclosure agreements, these contracts include specific provisions for digital assets, cybersecurity protocols, and technical data protection that are essential in today's technology-driven business environment.

When do you need this document?

You need an IT Confidentiality Agreement whenever you're sharing or accessing sensitive technical information with external parties. This includes engaging with software development companies for custom applications, hiring IT consulting firms for system implementations, working with cloud service providers for data migration, contracting cybersecurity firms for security assessments, or partnering with systems integration companies for infrastructure projects. The agreement is also essential when technology vendors require access to your internal systems, when independent IT contractors work on proprietary projects, or when data center operators handle your sensitive information. Any situation involving the exchange of source code, system architectures, database schemas, security protocols, or technical specifications requires this protection.

Key legal considerations

Your IT Confidentiality Agreement must clearly define what constitutes confidential information, particularly technical data, trade secrets, and proprietary systems. The contract should specify permitted uses of shared information, duration of confidentiality obligations, and return or destruction requirements for confidential materials. Include provisions for digital security measures, such as encryption standards and access controls, that the receiving party must implement. Address ownership of derivative works or improvements created using your confidential information, and establish clear procedures for handling data breaches or security incidents. The agreement should also cover employee obligations, ensuring that all personnel with access to confidential information are bound by the same restrictions. Consider including specific remedies for breaches, such as injunctive relief and monetary damages, given the potentially severe consequences of technical information disclosure.

Legal requirements in United States

Under United States law, your IT Confidentiality Agreement must comply with the Defend Trade Secrets Act (DTSA) of 2016, which provides federal protection for trade secrets and requires specific whistleblower immunity provisions in all confidentiality agreements. Most states have adopted the Uniform Trade Secrets Act (UTSA), which defines trade secrets and establishes protection standards that your agreement must meet. The contract should reference the Economic Espionage Act of 1996 to emphasize the criminal consequences of trade secret theft. Include provisions addressing the Computer Fraud and Abuse Act (CFAA) requirements for authorized system access and data handling. Your agreement must also comply with applicable state data breach notification laws, which vary by jurisdiction and may require specific procedures for reporting security incidents. Ensure the contract includes proper choice of law and jurisdiction clauses, as enforcement may involve both federal and state courts depending on the nature of the confidential information and the breach.

GOVERNING LAW

Applicable law

This It Confidentiality Agreements is drafted to comply with Canada law. Key legislation includes:

Personal Information Protection and Electronic Documents Act (PIPEDA): Requires organisations to implement contractual protections when sharing personal information with IT contractors or third-party service providers, making confidentiality obligations in IT agreements both a commercial expectation and a legal requirement.

Copyright Act (R.S.C. 1985, c. C-42): Governs ownership of software, database, and technical documentation created by IT contractors, which should be addressed alongside confidentiality obligations in the agreement to confirm that source code and proprietary systems remain confidential and ownership is clearly allocated.

Criminal Code (R.S.C. 1985, c. C-46): Sections 342.1 and 430(1.1) criminalise unauthorised access to computer systems and mischief to data, providing a criminal-law backdrop to the contractual confidentiality obligations in IT agreements and reinforcing why IT personnel must operate within defined access permissions.

Competition Act (R.S.C. 1985, c. C-34): Trade secret and confidential information protections interact with the Competition Act where disclosure could facilitate bid-rigging or sharing of competitively sensitive information, particularly relevant to IT contractors working across competing clients in the same industry.

Privacy Act (R.S.C. 1985, c. P-21): Applies to federal government IT contractors handling personal information about Canadians held by government institutions, imposing stricter confidentiality, access, and data-security obligations than those applicable to purely private-sector arrangements under PIPEDA.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it