Non-Disclosure Agreements | What is an NDA | NDA Best Practices


The DNA of NDAs

November 2, 2010

The first contract most individuals are required to sign in their adult life is a Non-Disclosure Agreement (NDA), very often as a condition to interviewing for or accepting a job. Similarly, most pre-startups and startups need to engage in confidential  discussions very early in their corporate existence, generally long before they have a product to show for or have earned their first dollar. Because it happens near the beginning of the process, most people sign NDAs (and sometimes draft their own) with no legal understanding of their subtleties – what is common to the trade, what is not, and of the associated risks. Needless to say, they rarely have legal representation on their side to guide them. This article purports to address some of that and give a better understanding of the possible implications of this ubiquitous, yet often overlooked legally binding document. 

What is an NDA exactly? In short, it’s a formal promise one makes not to use or disclose confidential information that it becomes privy to by means of a relationship or business transaction. An NDA is not a license and should never be used for instance to share a piece of software. NDAs create and formalize a confidential relationship - not only by imposing a legal duty upon another to protect the information or risk liability from its exposure, but also by providing formal notice to both parties that such a duty exists. In our last issue of POINTERS, we discussed the concept of Trade Secrets - information that derives actual or potential economic value purely from the fact that the information is not generally known to others. In order to be deemed a trade secret, the information must be subject to reasonable efforts to maintain its secrecy. Having signed NDAs on file is good evidence that a company has taken reasonable steps to protect its CI when dealing with its employees as well as third parties.

Inherent in trade secret law (as well as all areas of intellectual property law) are the competing interests of businesses, employees and the public: businesses want to explore partnerships while protecting their investments in R&D, employees want career mobility, and the rest of the world wants fast innovation and a competitive consumer marketplace. NDAs are an attempt to resolve this balancing act by contract.  

When should I sign an NDA? Small businesses are typically required to sign NDAs when they provide services like development or marketing to other businesses. Large companies require NDA signatures from practically everyone – from business partners and vendors providing development and other services, to discussion group participants, job candidates, and so on. Companies operating in innovative areas such as aerospace will often require NDAs of guests touring their campuses. As long as the form itself is consistent with industry standards (see below), it is reasonable to expect the presence of an NDA in those scenarios.  

When should I not sign an NDA? The first reason not to sign an NDA is if you haven’t read it! While NDAs are ubiquitous in the tech industry, the fine print and legalese is tedious and tiresome to read carefully every time it’s presented. However, signing an NDA with unfavorable terms – whether overreaching or simply inappropriate for a particular situation – is a strategic error that can bring about costly results. For example, the intellectual property assets of new companies in their forming stages are often little more than an exciting collection of ideas and vague plans. You can see how signing an NDA with such a company could be very dangerous, especially when that company later evolves into something entirely different. An overreaching NDA could unnecessarily “taint” the recipient of the disclosure and prevent them from developing something competitive – essentially exclude them from an entire area of industry. These risks present the main reasons startups will sometimes avoid signing NDAs – and, paradoxically, are also why venture capitalists often refuse to sign, as further discussed below. Another critical factor is whether the CI is truly confidential, and how long it can reasonably be expected to remain so. If a company signs an NDA regarding information that soon thereafter becomes part of the public domain, then that recipient may later be at a disadvantage to the rest of the world – unable to utilize that information -while others can- to innovate and compete with its market peers – for the term of the agreement.  

Do I really have to sign an NDA? In situations where NDA signature cannot be entirely avoided, the agreement should, at the very least, be carefully vetted with legal counsel. Always consider who is sharing the information. NDAs can be “one-way” or “mutual” depending on whether one or both of the parties are disclosing CI. Obviously, a one-way NDA is attractive where a business is simply divulging its CI to service providers or investors, and there is no two-way information exchange. However, the non-disclosing party will often argue that a mutual agreement is still preferable where their business strategy or other IP will inevitably be revealed during the course of the business relationship. The non-disclosing party typically believes that the mutual form will be less overreaching and more reasonable with respect to the duties owed by each party.  

What are the risks of not obtaining having one in place? While it’s possible to create confidential relationships by oral agreement, handshakes or conduct, such informal agreements are obviously less favorable in litigation, and far less effective in discouraging wrongful disclosure in the first place than a signature in black and white. The stakes are high for small businesses in the process of developing their intellectual property assets. A startup’s trade secrets can include everything from business plans and financial data to work product in progress that might someday become eligible for patent or copyright protection. As we have seen, trade secret status is destroyed where a business waives – or lets lapse – the confidentiality of the information. If a company fails to safeguard its trade secrets with NDAs and other confidentiality agreements, it likely forfeits its right to petition for court injunction for misappropriation of the information, or to sue for damages. Similarly, absent a NDA in place, the disclosure of an invention before a patent application has been filed is likely to automatically trigger the one year grace period under the Patent Act to file such application and, more importantly, negate any chance to ever secure patent rights outside of the US. This happens more often than we think, either during meetings with partners or customers where a company will want to “brag” about how innovative it is, or at tradeshows or other public events.  Beware! There is rarely a way to put the genie back in that bottle.  

But what if the other side refuses to sign my NDA?  Obviously, the most foolproof way to protect your inventions, trade secrets and other CI is to not disclose them to anyone. However, this strategy is entirely unrealistic if a startup wants to hire employees or attract investors to capitalize on their invention or innovation. Startups are often faced with unavoidable disclosure of CI when they enter into discussions with venture capitalists. VCs have traditionally refused to sign NDAs: they have the financial leverage and clout to do so, and the startup, needing investment capital, has its hands tied. In these situations, companies must employ a secondary line of defense to protect CI. The cardinal rule is to disclose trade secrets and other CI only on a need-to-know-basis. Prior to disclosure, do your due diligence by researching anyone you are considering sharing your information with. Make sure investors have a reputation for integrity, and examine their portfolio to make sure your company fits before starting any discussions. Use a staged approach, disclosing only very general information at first, and only proceeding with reasonable assurance that the third party still wants to move forward. Start with an executive summary – very basic information about the business or innovation, describing the market for the product and the revenue it could potentially generate. Discuss how your companies could work together and why it would be beneficial. Proceed with caution. There is much information that can be discussed without taking the “secret sauce” out of the vault and laying it out on the table. Leave detailed information, business plans and patent filings in the vault. Courting VCs without teaching them your secrets is an art, but one that must be learned.  

Larger companies typically refuse to sign NDAs prepared by smaller, less powerful companies, and will only use their own forms. With no other alternative, the smaller company must carefully examine the terms, make sure they’re appropriate for the given scenario or relationship, check that all the usual elements of an industry-standard agreement are present, and push back if they are not. 

What language is standard in a NDA? The nuts and bolts of a typical NDA are as follows:  i) the definition of Confidential Information, ii) the obligations of the receiving party, iii) exceptions and exclusions from CI, iv) time periods for nondisclosure, and v) miscellaneous provisions.

1. Confidential Information can be defined specifically or vaguely. Some NDAs include marking requirements, where the disclosing party must explicitly mark information as confidential in order for it to be treated as CI. Information clearly marked as confidential is obviously more easily protectable, but marking all CI as such may be unfeasible, especially where there is significant CI contained in verbal or contextual communications

2. The non disclosing party agrees to:

  • refrain from making, using, selling or disclosing the CI to third parties without prior authorization, usually in the form of written consent;
  • refrain from replicating the CI or related materials; and
  • return CI and related materials after a specific duration of time.
  • Subject itself to legal remedies in case of breach.

3. In return, disclosing party typically (but not always) agrees that information will lose its confidential status, thereby releasing the receiving party from their legal duty not to disclose, if any of the following exceptions occurs:

  • the information entered the public domain prior to disclosure (i.e., the purported CI was not actually confidential);
  • the information enters the public domain after disclosure, but not by fault of the receiving party (i.e., the disclosing party does not safeguard their secret);
  • the receiving party also receives the same information from another, unrelated source, who does not impose any restrictions on disclosure (again, the information was not actually confidential);
  • the receiving party already knew the information, or created the information independently, prior to disclosure (this one is often overlooked. If you’re the intended recipient of CI, make sure it is present), or
  • the receiving party was required by law to disclose the CI (i.e., the receiving party is compelled to testify in court or questioned by the FBI).

These exceptions are not mandatory, but are common sense and adequately protect the recipient of the CI so that it cannot be placed in a worse situation than the rest of the world.     

4. The time period for nondisclosure, or survival period, can either be specifically defined in terms of years, or vaguely “as long as the information remains confidential.”  If you intend to relay on trade secret protection as part of your IP strategy, putting a term –even a long one- might not work. Some software companies will put a 5 year ban on the disclosure, except for source code for which the ban remains perpetual.     

5. Miscellaneous provisions may include residuals clauses. “Residuals” are information retained in the unaided memory of a receiving party after the physical information or materials have been removed or returned. Since intellectual property is, after all, just a collection of ideas, it’s logical that technology companies want to protect their ideas after the business relationship is completed and CI materials returned. Some people have associated such “residual’ clauses to a disguised trade secret license. This is debatable and an argument can certainly be made for larger companies insisting on such clauses given the scope of the numerous projects they work on.  However, it does introduce a possible loophole in the otherwise clear safeguards of the NDA and companies disclosing information are always better without than with such language in their NDA.  

We just exchanged confidential information under a NDA. Anything I need to do? It depends. If documents were exchanged, they should have been marked as “Confidential”. If you forgot to do it, you should immediately follow the meeting with an email attaching a new set of said documents with the proper notice and request that the old version be destroyed. If some information was exchanged verbally, it is advisable to confirm in writing what was discussed so that you build an accurate and undisputed record of such disclosures.  

In conclusion, NDAs are a very important tool in your arsenal, both as courtroom evidence of your company’s due diligence in maintaining the confidentiality of inventions, trade secrets and other CI, but as importantly, to deter misappropriation or wrongful disclosure by employees, business partners, investors and other parties from the commencement of the relationship. NDAs memorialize the obligations and serve as a reminder of consequences for breach. NDAs should be secured at the beginning of such relationships and should be presented again after relationships terminate. Litigation around wrongful disclosure of CI is expensive and replete with probative challenges. NDAs should never be relied upon as a stand-alone defense mechanism, but rather integrated into a carefully-crafted overall intellectual property protection strategy. The most effective NDAs are specifically crafted for each unique scenario by skilled attorneys who understand the nuances and subtleties of intellectual property law in order to best protect the secrecy of your valuable business and technical information.