NDAs – Not Doing Anything?
Date: 23/07/2020 | Corporate
We are often asked for a standard Non-disclosure Agreement (NDA) to protect clients where they plan to exchange confidential information with another organisation. Whilst it’s tempting for clients to ask for the shortest and simplest agreement they can get, it’s worth remembering that while the idea is simple in theory, in practice there are pitfalls that can trip up the unwary.
So what should you be thinking about before signing on the dotted line and disclosing valuable information?
1. Who should be party to it?
It pays to think carefully about exactly which company or companies in a group you are going to disclose information to and which company in your own group it is being disclosed by. Once you understand that, the agreement can be drafted so that it’s clear who has an obligation to keep the information confidential and who has the right to enforce the contract and recover if it’s breached.
2. Who will the confidential information be shared with?
Both sides may need to disclose the information to employees, consultants, funders, regulators and professional advisers as well as other members of their group. Are there people you specifically do not want to have access to your information? The agreement can contain a list of categories of people the information can and cannot be shared with and can limit that in some cases to specific people. If you agree that the information can be shared, how are those people going to be bound to keep information confidential? If it’s very sensitive information, you may want every person/organisation accessing the information to sign an NDA. The alternative is to accept an indemnity from the other party that they will ensure anyone they share information with will comply with the terms of the NDA and agree they will pay up if they don’t.
3. What exactly must be kept confidential?
Obviously detailed commercial information is the key here but is it just information provided in writing or should it cover conversations also and if so, how do you plan to record what was disclosed? Should it include all documents prepared using your confidential information and should it cover information you provide from other sources such as professional advisers?
Do you want the fact that discussions are taking place to be confidential? Should the existence of the NDA itself be confidential? Both these questions become more important if the other business changes hands – do you want details of your discussions being provided in any diligence process?
4. How confidential is confidential?
What obligations are in fact practical here? It is all very well providing in the agreement that a record has to be kept of the exact location of every bit of confidential information disclosed and that it has to be kept password protected with limited access etc. but there is no point in saying all that if it’s not what the parties plan to do in practice. Make sure the agreement reflects the steps parties will take day to day to keep the information secure. Remember your idea of keeping information secure may not be quite the same as the person you are disclosing it to.
5. What can you use it for?
It’s important to have a very tight definition of what the information you disclose can be used for – the catch all of general commercial purposes is a lot wider than needed. Think carefully about why the information is being disclosed.
6. How do you get it back?
Remember it is very difficult to ensure you have all hard and electronic copies of confidential information returned. Whilst the agreement can provide for certification that all copies have been returned or destroyed, making it happen is not really possible. Copies may need to be retained for regulatory purposes and they will certainly be stored on back up servers so getting everything back will in fact be an impossible task. On that basis think carefully about what you disclose.
7. How long should it last?
Quite often there is no time limit stated in an NDA but depending on the sensitivity of the information being disclosed, it may be worth thinking about putting in a time limit. Most financial information only remains relevant for a few years whereas something like a formula for a product may need to remain secret permanently. Different time periods for different information may be an option.
8. Making it stick
Enforcing an NDA can be expensive and difficult especially if the other party is located overseas. It can be difficult to prove how information became public and once information is out there no amount of damages recovered can make it secret again.
When signing up to an NDA it’s worth remembering that deep pockets will be needed to get to court and prevent disclosure of information or claim damages arising from any breach. If the other party is fishing for information and has no intention of abiding by the terms of the agreement, the damage to your business will be done long before any court action to recover damages can be completed. Given that’s the case, you should think carefully about what to disclose and what to keep back.
The key thing to remember is that while an NDA offers some protection you need to think carefully about the whole disclosure process. There are things you can do to manage your risk:
- Keep back very sensitive information
- Only provide very sensitive information in numbered hard copies and prevent copies being made
- Have one person who is responsible for supplying all information so you know what’s been disclosed, when and to who
- If information is disclosed orally, make a record of what was said and to who
- Seed ‘test’ information into what you disclose – for example put your mother’s address into the customer list, if she starts getting emails from the other party you will know they are using your confidential information.
NDAs are worthwhile, if only to flag to others the need for confidentiality, but think about what you want to sign up to. Make sure your NDA doesn’t fall in to the trap of “Not Doing Anything”.