Non-disclosure agreements (NDAs) can be tricky. After all, they’re useless when they're unenforceable, and yet, you need to keep parties accountable when protecting data and trade secrets.
But NDAs aren’t difficult as long as they are clear and concise. Here are common questions about NDAs and how to make them work for your company.
What is an NDA?
A non-disclosure agreement or NDA concerns confidential information. It is an agreement where one party will not disclose the sensitive information of the other party. You may also see NDAs called confidentiality agreements, confidential disclosure agreements, and proprietary information agreements.
What type of information do NDAs protect?
NDAs are customized to the parties and cover many types of information. Companies draft NDAs that protect financial data, trade secrets, patents, vendor lists, or anything else they deem sensitive.
Who signs NDAs?
NDAs are often a significant component of the employer-employee relationship or an independent contractor arrangement. Some companies make signing an NDA a condition of employment or hiring an independent contractor.
You can also see NDAs used in mergers and acquisitions. A selling company may have a buyer sign an NDA to protect any confidential information it reviews during due diligence and closing. Start-ups may also use them when sharing information with prospective investors.
There are less common NDAs too. A HIPAA NDA is required for all healthcare workers. Its role is to protect patients' medical information. Companies in sensitive industries like tech or government contracts may also require NDAs for guests and visitors to their facilities.
What are the essential sections in NDAs?
Vague NDAs are not enforceable under any state law. You can avoid this possibility by ensuring the following five sections are present in every NDA.
Description of confidential information
This section is where you need the most precision. Agreements merely stating “all sensitive information” are vague and give no guidance to the one signing the contract. However, “Project A Information,” “Current and past financial data,” and “Code related to Project X” all offer adequate descriptions.
If you want a broader description, “any document or data stamped ‘Confidential’” can be sufficient. However, ensure you have a document management system that will apply these labels accurately.
Party obligations and requirements
You also need provisions describing how the party should keep the information safe. This section often explains that parties cannot use the information for personal financial gain and must take reasonable steps to keep data confidential.
The easiest way to manage this section is to have a data management policy. This policy contains rules for keeping data secure, e.g., locking desk drawers for paper files, password-protected systems, and security checklists. The NDA can refer to this policy and incorporate it by reference, allowing for consistency and less time spent drafting the contract. If employees fail to follow the policy, then you can hold them accountable for breaching the NDA.
Sometimes, a party can’t follow all provisions in an NDA. For example, they may need to share confidential information with coworkers or vendors in the ordinary course of business.
You also can’t keep publicly known information secret under an NDA. So, if you include final press releases as protected information, that provision is likely, not enforceable.
Also, government inspections and investigations are exceptions too. Your employees and independent contractors can face penalties and jail time if they don’t comply with these information requests. You can’t force them to undergo criminal penalties to keep your data secret.
The first instinct is to make the term of the NDA indefinite. However, the reality is your company’s trade secrets and financial status will change. Someone who left your company seven years ago no longer has knowledge that will impact it if disclosed.
The agreement is more likely to be enforceable if you have a set term. A typical NDA term is one to five years from their departure date, depending on the trade secrets or data.
Consequences of breach
Your NDA must also outline the consequences if the signor breaches it. Some ideas include liquidated damages, termination of employment or independent contractor status, and an award of attorney’s fees and costs to the company.
What are some NDA red flags?
Your NDAs are unlikely to be enforceable if they contain:
- Vague or broad language: You must have clear definitions. “Any and all information that can personally identify our clients” works, but “any and all potentially sensitive data” is not descriptive enough to be enforceable.
- Provisions protecting nonconfidential information: You can’t punish employees or independent contractors if they share public information. If you would rather they avoid posting about the company on social media, work that into an employee or independent contractor contract–not an NDA.
- Clauses encouraging illegal activity: Hopefully, this never happens, but if law enforcement or government agency investigates your company, your employees, independent contractors, vendors, and anyone else who signed an NDA must cooperate. You can’t make this cooperation a breach of contract.
- Unlimited liability: An NDA that allows unlimited liability for disclosing sensitive information is also not enforceable. Make your breach provisions clear and cap damages so your agreements don’t appear unreasonable.
Are NDAs enforceable?
Yes, as long as you keep them clear and use descriptive language. Any vagueness or too-broad definitions will likely render it unenforceable. You can reduce contract-related risk by using standard language.
What happens if someone violates an NDA?
There are two things to consider before enforcing an NDA:
- Once disclosed, you can’t “undisclose” the information. The damage is done the minute the breaching party provides that information to an unauthorized individual.
- If you take an NDA to court, it continues to expose your sensitive information. Lawyers, paralegals, legal assistants, jury members, judges, and court officers will all know your deepest secrets.
Now, that doesn’t mean you shouldn’t enforce an NDA. It does mean you need to enforce it in the least damaging way possible.
The NDA should outline your steps if a party breaches it. These steps may include:
Cease and desist
The cease and desist letter is an excellent first step. It notifies the party that they breached the NDA and that they must stop immediately and return the confidential material. Once they comply, that can be the end of the matter. Then you can proceed with other NDA steps, like employment termination.
If the NDA designates a cash value for breach, you can demand that the breaching party pay that amount to settle the matter. This approach requires payment agreements. If you must take the matter to court, the payment agreement is the subject rather than the confidential information. So, you can enforce an NDA without risking the exposure of more trade secrets.
Injunctions and restraining orders
If the breaching party doesn’t stop disclosing trade secrets and other sensitive data, you can get an injunction. Once entered, the party won’t be allowed to use the trade secrets or data, and you can also restrain them from entering company premises or working for you ever again.
Also, remember that your approach to a breach will depend on the individual involved and the facts of the matter. For example, if an employee or independent contractor breaches the agreement because of a training gap or mistake, you can take a more forgiving approach, especially if the breach wasn’t harmful. However, if the breaching party is unapologetic about continuing to use your trade secrets, you may need to consider a more aggressive approach to stop further breaches.
Does my company need to use NDAs?
Most likely. While NDAs are often associated with larger companies in high-stakes industries, it’s also likely that a medium or small-sized company has intellectual property, client lists, vendor agreements, and other sensitive information that makes them unique.
Also, while no one wants to think about employees committing information theft, there are other benefits to using NDAs. They include:
- Setting out employee expectations: Employees know which information is sensitive and can help protect it. It reduces misunderstandings about what is and isn’t disclosable.
- Protect Trade Secrets: Most companies have trade secrets. It may be as simple as a client list or lead strategy. Chances are, if a business approach or product makes you unique, it is a trade secret worth protecting.
- Expand legal remedies: If information theft occurs, you want remedies. An NDA is an enforceable contract. That allows you to file a breach of contract claim or receive an injunction to stop further disclosure. These steps are nearly impossible unless you have a written agreement.
Keep NDAs secure with workflow solutions
As a GC, you have a lot on your hands and likely feel overwhelmed at times, especially when your company has technology, trade secrets, and data to protect. A contract management system like Lexion can help you keep those NDAs straight and draft new ones as you hire or add new investors or vendors.
This article contains general legal information and does not contain legal advice. For legal advice, please consult a lawyer.