An organization's most valuable assets often lie in its non-public, sensitive and proprietary information – commonly referred to as confidential information. Such confidential information often includes the organization's "crown jewels" and should be protected accordingly.
An effective way to protect confidential information, prior to its disclosure, is to execute a written confidentiality and non-disclosure agreement (NDA). An NDA is a legally binding agreement or contract that prohibits a person from disclosing another person's sensitive or confidential information to third parties or using the information for a purpose not otherwise permitted by the party disclosing the information.
General overview of an NDA
At a high-level, an NDA helps safeguard the sharing of information by:
- Defining the information that is going to be disclosed between the parties;
- Specifying the rights and obligations of each party with respect to such information;
- Defining the purpose for which the parties may use the information; and
- Outlining consequences for non-compliance.
There are many different circumstances in which an NDA can be a useful tool for a variety of different parties. For example, a company may wish to share confidential information with a potential investor, customer or research partner. A strong, effective and customized NDA can be a key step in developing these relationships, while still protecting an organization's sensitive proprietary information.
What are the appropriate circumstances to use an NDA?
Generally, an organization should consider using an NDA in the following circumstances:
- Whenever it contemplates disclosing confidential information outside of the organization, such as to potential investors or business partners.
- When another organization or other third party wants to disclose confidential information to your organization.
Prudent organizations will want their NDAs to identify which party is sharing the sensitive information, which party is receiving the information and any third parties that may, or explicitly may not, receive the confidential information.
Are you using NDAs correctly?
Typically, an organization will use an NDA when it is entering into discussions or negotiations with a potential business partner, contractor, consultant, service provider or other third party, and the parties want to share confidential or proprietary information with one another prior to the execution of a formal business agreement. In this context, an NDA is an important first step in the relationship; not the final contract or written agreement between the parties.
In most cases, an NDA should not be used as a long-term agreement permitting the continued disclosure of confidential or proprietary information between two parties from time to time. Organizations are better off dealing with this type of arrangement in a Data or Information Sharing Agreement or similar type of agreement. In contrast to a Data or Information Sharing Agreement, NDAs are typically intended to address preliminary or the short-term sharing of information for a specific limited purpose. Organizations can (and often do) include legal terms and conditions related to confidentiality in other commercial agreements as well.
Considering and clarifying IP rights in an NDA
While it may seem obvious, confidential information can only include information that is already confidential (i.e. not generally or widely available to the public). This is particularly important in the context of intellectual property (IP), including in the context of trade secrets and patents.
Many inventors and organizations will spend considerable time and resources developing new products. In doing so, they gain a competitive advantage, learn about their consumers, and build a confidential list of customers. These entities ought to take great care to ensure that their proprietary information, ideas, inventions or processes are adequately protected and kept confidential.
If the parties to an NDA decide to proceed with a more formal business arrangement, IP rights should be addressed again and in more detail in the subsequent agreement (for example, a Services Agreement, License Agreement, MOU or Data Sharing Agreement). In most cases, an NDA should not include any license or grant any rights related to IP.
Setting confidentiality time limits
NDAs can run indefinitely, or they can terminate upon a certain date or event. The term of an NDA will often depend on the sensitivity of the information, how quickly it may change or what the purpose for disclosure was. Typically, disclosing parties will prefer an NDA to stretch for an indefinite period to avoid use of their confidential information for as long as possible. Conversely, recipients of confidential information favour a set term to provide certainty.
Including sufficient safeguards in an NDA
Given the value of an organization's confidential information and the risk of unauthorized disclosure, it is important to ensure that an NDA includes safeguards and additional legal or contractual remedies. Parties should make sure that they have the right to demand the return or destruction of their confidential information at any time. Additionally, to further protect the confidentiality of their information, disclosing parties may want to include protective measures such as:
- Requiring the information to be kept in a secure location;
- Security protocols for data systems;
- Limits or safeguards when seeking to copy information or transmit it electronically; and
- Immediate notification if the information was accessed or misappropriated by an unauthorized entity.
In the event that the protective measures fail, NDAs will often provide for injunctive or other equitable relief, in addition to monetary damages. These remedies are important due to the risk of unauthorized disclosure of confidential information and the fact that typical contractual remedies may not be timely or sufficient to address a breach or threatened breach of an NDA.
Finally, a disclosing party will often require an indemnification provision that holds the other party responsible for costs related to enforcing the agreement. These provisions are particularly relevant when information is inadvertently or wrongly disclosed.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.