Enhanced Prompt: Non-Disclosure Agreement for Government Data

You are tasked with drafting a comprehensive Non-Disclosure Agreement specifically designed for protecting government data. This is a regulatory document that must meet heightened standards for handling sensitive or classified government information while complying with federal requirements and applicable disclosure laws.

Document Objectives and Context

This NDA governs the relationship between a government entity (as the disclosing party) and a receiving party who will access sensitive government data. The agreement must balance the need for strict confidentiality with statutory obligations like the Freedom of Information Act (FOIA) and other government transparency requirements. The document should reflect industry best practices for government contracts while incorporating specific protections appropriate to the classification level and sensitivity of the data involved.

Research and Preparation Phase

Begin by searching the user's uploaded documents to identify any specific facts about the parties involved, the nature of the government data at issue, existing contractual relationships, security clearance levels, or prior breach incidents that should inform the agreement's terms. Look for concrete details such as agency names, data classification levels, project identifiers, personnel with authorized access, and any existing security protocols or compliance frameworks already in place.

Conduct targeted research to locate authoritative legal sources on government data protection requirements. Find and verify current federal regulations governing the handling of classified information, sensitive but unclassified data, and controlled unclassified information. Identify relevant statutes such as the Trade Secrets Act, the Economic Espionage Act as applied to government contractors, and agency-specific data protection regulations. Cite these sources properly using Bluebook format, ensuring each citation links to a verified, accessible source.

Research standard NDA provisions and best practices specifically tailored to government contracts. Examine how leading legal resources and government contract templates address unique considerations such as government inspection rights, security clearance requirements, and the interplay between confidentiality obligations and mandatory disclosure laws. Identify how courts have interpreted confidentiality obligations in the government contracting context, particularly regarding the scope of FOIA exemptions and the enforceability of remedies against government contractors.

Drafting the Agreement Sections

Parties and Recitals: Clearly identify the disclosing government entity with its full legal name, agency designation, and authority to enter the agreement. Identify the receiving party with sufficient detail to establish their legal capacity and, if applicable, their security clearance status or eligibility. Include recitals that establish the purpose of the disclosure, the government program or project involved, and the legal authority under which the government is sharing the information. Reference any underlying contracts, grants, or cooperative agreements that necessitate this NDA.

Definition of Confidential Information: Provide a precise, comprehensive definition of what constitutes confidential government data under this agreement. Specify whether the information includes classified national security information (and at what classification level), controlled unclassified information (CUI), sensitive but unclassified information, personally identifiable information (PII) subject to the Privacy Act, law enforcement sensitive information, or other categories of protected data. Include specific examples relevant to the particular government program or dataset involved. Address how information will be marked or designated as confidential, and establish procedures for handling unmarked information that should reasonably be understood as confidential. Clarify whether oral disclosures are covered and how they should be documented.

Obligations and Restrictions on the Receiving Party: Detail the receiving party's affirmative duties regarding the handling, storage, transmission, and ultimate disposition of government data. Specify that the receiving party must limit access to personnel with a legitimate need to know and appropriate security clearances or background checks. Require compliance with federal information security standards such as NIST guidelines, FISMA requirements, or agency-specific security protocols. Mandate that the receiving party implement administrative, technical, and physical safeguards commensurate with the sensitivity of the data. Prohibit unauthorized copying, reproduction, or removal of confidential information from approved secure locations. Establish clear restrictions on use, specifying that the information may only be used for the authorized government purpose and not for any commercial advantage or competitive purpose. Address subcontractor and third-party access, requiring flow-down of confidentiality obligations and prior written approval for any further disclosures.

Exclusions and Mandatory Disclosures: Enumerate the standard exclusions from confidentiality obligations, including information that is publicly available through no breach of this agreement, information already known to the receiving party without confidentiality restrictions, information independently developed without reference to the confidential information, and information rightfully received from a third party without breach of any confidentiality obligation. Critically, address the unique government context by including provisions for mandatory disclosures required by law, including responses to FOIA requests, congressional inquiries, subpoenas, or court orders. Establish a protocol requiring the receiving party to promptly notify the government entity of any such demand so the government can seek protective orders or assert applicable exemptions. Clarify that compliance with lawful disclosure demands does not constitute a breach of the agreement.

Term, Duration, and Survival: Specify the effective date and initial term of the agreement, recognizing that government data sensitivity may persist indefinitely depending on classification or statutory protection periods. For classified information, tie the confidentiality obligation to the information's classification status, continuing until the information is declassified through proper authority. For other sensitive government data, establish a specific term (commonly three to five years from disclosure) while recognizing that certain obligations may survive termination, particularly regarding return or destruction of materials and ongoing restrictions on use. Address how the agreement interacts with any underlying contract term and what happens upon contract completion or termination.

Return and Destruction of Information: Upon termination of the agreement or upon request by the government entity, require the receiving party to return all confidential information and materials, including copies, notes, and derivative works, or to certify their destruction in accordance with approved methods. For classified information, mandate destruction or return in compliance with National Industrial Security Program Operating Manual (NISPOM) or applicable agency requirements. Require written certification of compliance with return or destruction obligations.

Remedies and Enforcement: Acknowledge that unauthorized disclosure of government data may cause irreparable harm for which monetary damages are an inadequate remedy, justifying injunctive relief. Specify that the government entity may seek immediate injunctive or equitable relief to prevent or remedy breaches without posting bond. Address the availability of monetary damages, including actual damages, consequential damages, and potentially statutory damages under applicable federal laws. For classified information breaches, reference potential criminal penalties under espionage laws and other federal statutes. Include provisions for the recovery of attorneys' fees and costs by the prevailing party. Consider whether to include liquidated damages provisions for specific breach scenarios, ensuring they are reasonable and not punitive.

Governing Law, Jurisdiction, and Dispute Resolution: Specify that the agreement is governed by federal law, given the government's involvement and the federal nature of data protection requirements. Designate an appropriate federal district court for jurisdiction and venue, typically in the district where the government entity is located or where the breach occurred. Address whether disputes must be resolved through administrative procedures before litigation, and whether alternative dispute resolution is available or required. Include a provision preserving the government's sovereign immunity where applicable and clarifying that nothing in the agreement constitutes a waiver of governmental immunities or defenses.

Additional Provisions: Include standard contract provisions such as severability (ensuring that if one provision is unenforceable, the remainder continues in effect), integration (establishing this as the complete agreement superseding prior understandings), amendment procedures (typically requiring written modifications signed by authorized representatives), waiver provisions (clarifying that failure to enforce one breach does not waive the right to enforce future breaches), and assignment restrictions (generally prohibiting assignment without prior written consent). Address notice requirements, specifying how and where formal notices must be delivered. Include representations and warranties by the receiving party regarding their authority to enter the agreement, their understanding of the obligations, and their capability to maintain required security measures.

Signature Blocks: Provide formal signature blocks for authorized representatives of both the government entity and the receiving party. Include spaces for printed names, titles, dates, and any required organizational identifiers. For government entities, ensure the signatory has appropriate delegated authority. Consider whether witnesses or notarization are required under applicable procurement regulations.

Document Assembly and Finalization

Once you have gathered all necessary information from uploaded documents, completed your legal research with properly verified and cited sources, and developed comprehensive content for each section, create the final NDA document. The document should be professionally formatted with clear section headings, numbered provisions for easy reference, and a logical flow that guides the reader through the parties' rights and obligations. Ensure all legal citations are properly formatted in Bluebook style with verified links to authoritative sources. Include any necessary exhibits, such as lists of authorized personnel, data classification guides, or security requirement matrices, as appendices to the main agreement.

The final document should be immediately usable by legal professionals, requiring minimal revision, and should demonstrate sophisticated understanding of both general NDA principles and the unique requirements of protecting government data in compliance with federal law and regulations.