After our extremely popular release of this free confidentiality agreement builder, we thought that it would be worthwhile to go into a little more depth on the subject of non-disclosure agreements.
But first, a little disclaimer: as always, it is worth restating that HPLpro is not a legal firm, and this article should not be taken as legal advice. It is important for you and your business to have experienced legal practitioners review any legal issues or documents to ensure that they adequately meet your needs. Please feel free to request a freelance in-house lawyer from us if required.
Meaning of NDA
The words 'non-disclosure agreement', 'NDA' and 'confidentiality agreement' all refer to the same thing: a document that is entered into to protect certain information from disclosure to third parties. This article will use those terms interchangeably. Of course, NDAs are not the only documents within which you will find references to the protection of confidential information - you are also likely to find clauses relating to protection of that information in all kinds of other agreements, such as employment contracts, services contracts, license agreements and so on. The information contained within the definition of confidential information can be defined by the agreement itself which, as we state below, can be something to look out for when agreeing an NDA. NDAs can protect the information of one party, both parties to the agreement or numerous parties.
Why have an NDA?
There are a variety of reasons to enter into such a document but ultimately, they all boil down to protection of information; NDAs are a way of preventing the disclosure of information by another party.
We love to gossip, don’t we? As this article from Peggy Drexler Ph.D, the Assistant Professor of Psychology at Weill Medical College, suggests, gossip is in our make up as humans. Now it goes without saying that the inherent human prevalence for gossip causes challenges when it comes to keeping secrets, particularly business secrets. One of the functions of an NDA is to highlight the importance of the information involved and the act of a signature suggests to the recipient that discussing the matter in the lunch queue is perhaps not the best idea. That sounds quite trivial, but research suggests that there is an important psychological factor in signing your name and the affect that can subsequently have on us.
The symbolism of the NDA itself is an important reason to have an NDA - to raise the status of that information.
In addition to the symbolism there are numerous reasons which will be specific to the circumstances of your business. For example, in certain countries worldwide you can lose your rights to file a patent on an invention if the information relating to the invention becomes widely known (referred to as being in the public domain). An NDA can help to protect that information so that the rights to file the patent are not lost.
Within a business environment, NDAs are commonly used when a company is exploring a business opportunity with a third party – for example, a company may release its confidential information to a supplier in order for the supplier to provide a quote.
A further reason to have an NDA is to protect the secrets of a third party. If your business has, for example, just signed a licensing deal with Universal, in order to manufacture branded marshmallow-coated popcorn for an upcoming release of a new film in the Minions franchise, you will likely be bound by confidentiality provisions around the film and its release date. Accordingly, your business will need to protect that information through the use of NDAs with your suppliers.
Additionally, within a business itself, an employee will likely be exposed to significant amounts of information which the employer would rather not become publicly known; if you are an employer, you should ensure that your contracts of employment have suitable confidentiality provisions in them.
Having an NDA also gives you access to certain remedies (and these remedies will change depending upon what country you are in and what country's laws the NDA is subject to) which are discussed in more detail below.
Confidentiality Agreements: things to look out for
Here are a few things to check when entering into an NDA, but again, this is general list and you will need legal advice from experienced professionals for your specific circumstances, particularly in relation to the laws that will govern the NDA and the laws of the country that you are in.
The first thing to look for is the definition of confidential information in the agreement. Some definitions can be exceptionally narrow and not necessarily capture all bits of information that they are expected to. Of course, if your company is the party receiving the information and committing to look after that information, it may suit you to have a narrow definition so that your obligations may only extend to a certain clearly-defined part of the information. Be aware of what format the definition refers to, it may exclude information disclosed verbally for example. Indeed, sometimes confidential information only covers information that is actively disclosed rather than information that is passively obtained. Some agreement limit the definition to only information which has "Confidential Information" written on it. This is why it is so important to have a lawyer who understands your business check the NDA prior to execution.
The length of the obligations within the agreement are important: you should look at both the length of the agreement itself and then the length of the confidentiality provisions as they may be two different periods of time. What does this mean? It means that information disclosed during the term of the agreement may still need to be protected after the agreement has expired. As an example, if the term of a confidentiality agreement is two years in duration, but the confidentiality obligations are stated in that agreement to last for 5 years, information collected at the very end of the second year may (depending upon the exact clauses in the agreement) need to be protected in accordance with the agreement for a further 5 years even though the agreement has already ended.
In the free NDA builder that we released last week, users can choose how long the confidentiality provisions will last from 3, 5, or ten years but the agreement itself has a fixed term of three years.
Another key element to consider is what the parties have to do with the information to comply with the agreement; what steps does the recipient need to take to protect the information? Do they have to restrict the flow of the information to certain people in their own organisation? Does the information have to be stored in a locked safe? Does the information have to be kept on servers not connected to the internet? These obligations can be particularly important in the digital age and should not be overlooked. It is common for the agreement to state that the recipient needs to look after the information in the same way that the recipient looks after its own information.
Connected to the above is the use that the information can be put to – normally defined as the 'purpose' in an NDA – in other words, this is what the agreement states can be done with the information. For example, a supplier may need to use the information to perform a particular service and if the language of the NDA or contact clause is too restrictive the supplier may not be able to perform that service.
There are often further obligations which come into effect upon the termination or expiry of the agreement and it is worth paying attention to those obligations if there are any – for example hard drives which stored the information may need to be destroyed.
Very often, the obligations of confidence in such agreements have exceptions and it is always worth considering what those exceptions are either as the party supplying the information or as the party receiving it. Common exceptions are: if a court orders the release of the information, very often the agreement will not apply; if the information is already in the public domain; if the recipient already knew the information prior to disclosure.
Always be aware of what legal system governs the agreement as different countries often have different laws governing how such agreements are treated and the remedies that are on offer after a breach of the agreement. Speaking of remedies:
What does an NDA do for you?
Perhaps the most important remedy for a breach of an NDA can be the ability to prevent further disclosure with a court injunction.
However, depending upon which country's legal system the agreement is governed by there are likely to be other remedies such as a financial remedy which may, for example, compensate for the losses that you have suffered. The precise nature of any remedies will be dependent on the legal system in the relevant country and the terms of the agreement itself.
For those of you who are interested and brave enough to read the transcript of an actual court case, the judge in the 2010 case of Vercoe v Rutland Fund Management Limited in the High Court of England and Wales reviewed the remedies available in that case and in that legal system for a breach of a confidentiality agreement.
As for the other side of the Pond, this blog from the US has an excellent real-life cautionary tale about how you should respect confidentiality agreements, once signed, and also highlights a particular remedy for breach of an NDA in the US.
An NDA is not a magic bullet.
Of course, sometimes it is preferable to be exceptionally cautious with information rather than rely on a confidentiality agreement as, in many instances, the damage that can occur from the release of the information far outweighs the remedy available to the wronged party. Whatever your thoughts on the politics behind the actions, consider the damage caused by confidential information being leaked, such as with the now-famous Edward Snowden. In many such instances, the breach of confidence can completely outweigh the remedy available to the wronged party.
You should always take additional precautions to guard confidential information as there is always a risk of disclosure. For example, if you restrict the information that the other party to the agreement has access to, the damage from any resulting breach can be limited; do not let the other party have all of the information that you have, merely the information that they need to provide the service, give the quote or perform whatever other function they require the information for. For example, if a supplier is providing a quote for an analysis of certain contracts, limit their access solely to those contracts rather than your whole contract database. Also, consider removing or obscuring parts of the information, such as supplier names and contact details.
All businesses should also consider the culture of the industry that they operate in and the culture of their own business. How is information dealt with generally? Is you company a leaky bucket or are you secrets safe in the culture of your employees? Do you need to have specific confidentially agreements with your employees relating to top secret projects?
It is always useful for businesses to have a periodic review, led by an in-house lawyer in conjunction with IT, of the data that they hold and what parts of their own data are confidential; what data from other parties do they hold; is that information safe and secure; where is that information located; who has access to that information? The same questions can then be asked of parties who hold your confidential information: have they secured that information; what do they hold; do they still need the information? Some of these questions are also relevant for compliance with data protection regulations and we may feature a post on that subject at a future time.
An in-house lawyer within your organisation can periodically perform reviews, help to identify confidential information, and ensure that it is safe and secure; do contact us if you would like to request the assistance of a freelance in-house lawyer.
Finally, always make sure that any confidentiality agreement is signed prior to the disclosure of any information.