Non-disclosure agreements (NDAs), which involve the exchange of confidential information, often fly below the radar screens of most businesses. They are routinely presented as a “standard" document, as legal “boilerplate," or as a “pre-requisite" to get the ball rolling. To some extent, that is true. However, there are several key business concepts you need to keep in mind when you review and accept an NDA. Here they are:
- Purpose. The purpose of the exchange of confidential information should be defined and limited. NDAs should limit the use of confidential information only to that which is consistent with the stated purpose.
- Nature of the Information Disclosed. This is a key definition. It should identify with some specificity the kinds of information intended to be disclosed. Additionally, and as important, the NDA should make clear that the information should be marked as confidential when in a tangible form. If disclosed orally, the NDA should make it clear that the discloser will identify the information as confidential during the disclosure, and send a follow up email or letter within 30 days confirming the confidential nature.
- Standard of Care. NDAs will specify the standard of care the recipient should use to safeguard the information disclosed. Ideally, what you want to see is a “reasonable" standard of care, not less than you would employ for your own business’s confidential information. Be wary of accepting language that obligates you to the “highest" standard of care or other extreme measures you may not be prepared to take.
- Disclosure to Third Parties. If you are the recipient of confidential information under an NDA, it may be necessary to share the information with employees of your business, or subcontractors, or other consultants or advisors. NDAs contemplate such events in two ways: they either (1) require you to obtain the prior permission of the discloser or (2) allow you to make further disclosures on a “need to know" basis.
- Copies. Most NDAs anticipate that it may be necessary to make copies of confidential information disclosed. That is an acceptable practice. However, be cautious of NDA language that contains an outright prohibition on making copies; if so, and you do make a copy, you may have breached the agreement and may be subject to damages. You should also know how you are to treat the confidential information disclosed at the end of the project. Are you required to return all materials and copies? Are you required to certify that you have not made any copies, or that if copies were made, that you have destroyed them? Are you allowed to retain an archival copy for your records?
- Exceptions. All NDAs contain a series of standard exceptions to the confidentiality obligations undertaken. Most often they include: (1) information that was at the time of disclosure already known to the public; (2) information that becomes known to the public by means other than a breach of the NDA by the recipient; (3) information that becomes known to the recipient from an unrelated source without any restrictions on use; and (4) information that is required to be disclosed by law. Depending on the circumstances, you might also want to insist on a fifth exception. If it is possible that your business could be working on the same kinds of matters, or looking for the same solutions to problems as the disclosing party, it would serve you well to insert into the NDA an exclusion for information that was already in your possession at the time of disclosure or developed by you without access or resort to the disclosed information. Of course, you will need to be able to document that this was the case. Without this exception and your documentation, the NDA may prevent you from using information or a solution that you developed internally.
- Intellectual Property. Look carefully for NDAs that require you to disclose to the other side any inventions or improvements you might conceive based on the information disclosed to you. This provision is premised on the concept that if the disclosing party’s information presents you with the opportunity to solve a problem, or create an improvement, the discloser of the information owns it and not you, the recipient who developed the solution. Often, the disclosing party will require you to assign any IP created. This can be a significant point of contention later. Unless you were initially retained to develop IP or you initially priced your work or goods to include such an assignment of IP, you can make a strong argument that your IP should belong to you.
- Time Period. You don’t want to be legally bound to hold information in confidence forever if you don’t have to. Pay particular attention to the time period required. Ordinarily, most information becomes stale over a period of time, such as one to five years. Some information, such as trade secrets, should be held and protected indefinitely. Know and understand the type of information being disclosed and the expected “shelf life," and make sure the time period of your obligation is as long as necessary but not longer.