NDAs – Protecting your most important assets
A nondisclosure agreement (NDA) is a ubiquitous agreement executed by all types of companies in all phases, from start-ups to established enterprises. An NDA is a very important document because it allows a “discloser” to protect its confidential and proprietary information from unwanted use or disclosure by a “recipient.” Despite this, parties often sign NDAs with little thought as to their terms or their importance. As a result, a discloser may find that an NDA is ineffective in protecting information until it is too late.
When should an NDA be executed? An NDA should be considered when exploring a relationship with a potential investor or strategic partner, certain vendors or customers, or a possible acquirer of the business. The provision of an NDA may be different depending on the parties and the purpose of the NDA. It should be noted that there are some parties who simply do not execute NDAs as a matter of course—including legal counsel and accountants, who are bound by certain confidentiality obligations imposed by professional standards or certain types of investors such as angel investors or venture capital investors who do not execute such documents as a matter of policy.
Purpose. An NDA should clearly state the purpose for the parties sharing of information. This purpose will define how any shares information may be used by the parties.
What is “Confidential Information?” Confidential Information is non-public, confidential and proprietary information provided by discloser to recipient or its representatives. It may be disclosed orally or in written, electronic, or other media and may be disclosed before or after executing an NDA. In defining “Confidential Information,” parties to an NDA should determine whether there should be a requirement that information be clearly marked ‘confidential’ or, if disclosed orally, be followed up with written confirmation. A discloser may find difficulty in managing this approach, while a recipient would prefer this clear distinction. In most cases, it is simplest to state that information disclosed during the evaluation period will be considered “Confidential Information” unless (i) it is or becomes publicly available other than due to a breach by recipient or its representatives, (ii) it is obtained by recipient on a non-confidential basis from a third-party, or (iii) it was previously in recipient’s lawful possession without any confidentiality obligation.
What can be done with Confidential Information? An NDA should specify that Confidential Information may only be used by recipient for the defined purpose and recipient should be subject to a defined standard of care in protecting the information. A recipient should be allowed to share information only with its representatives who have a need to know such information, such as employees, officers, agents or advisors (i.e., legal counsel and accountants), provided, however, the NDA should make it clear that the representative is subject to the confidentiality provisions and recipient is responsible for any breach by such representatives. An NDA usually provides for disclosure of information by recipient in connection with a legal proceeding or other legally mandated disclosure, subject to limitations.
The following points should also be considered in an NDA:
- Recipient and its representatives should be required to return or destroy all Confidential Information following request by the discloser, including recipient’s notes or records based on or containing any Confidential Information. There may be exceptions to such destruction if recipient is required to keep such information for regulatory purposes, and there should be an acknowledgement that it is likely that confidential information may be automatically archived and backed-up and be difficult to delete. In those cases, if information is to be retained, the NDA should specify that only certain personnel can access the information and that any information retained will continued to be subject to confidentiality.
- The NDA should specify that disclosure does not transfer any ownership or create a license of any information. Further, the NDA should provide that Confidential Information is provided without any representation or warranty. This should not be viewed as allowing the discloser to be careless in disclosure, or to be untruthful, rather it is an acknowledgment that any representations and warranties about information, and any damages, should be spelled out in a definitive agreement between the parties should they proceed in their relationship.
- There should be no obligation of a discloser to share any information.
- The NDA should specify a term under which information will be shared as well as specify the length of the confidentiality obligation—this length of time should be an acknowledgment that information becomes stale and once destroyed, the recalled information diminishes. Confidentiality should continue for any retained information that is not destroyed or returned and should continue indefinitely for trade secrets. The parties should carefully consider whether any trade secrets would be disclosed, and in many cases, a receiving party would not want to receive trade secrets because of that obligation.
- When entering into an NDA with a potential strategic partner or possible competitor, including an investor that may have a portfolio company that is a competitor, it is important to spell out non-circumvention and non-solicitation obligations that would prevent the receiving party from taking customers away from the disclosing party or hiring away any employees or contractors that it becomes aware of as part of the confidential information. These provisions should be focused on preventing a recipient from disrupting a discloser’s business.
- An NDA needs to provide for equitable relief so that a party can seek a restraining order or injunction to prevent disclosure by the other party.
The above points are high-level considerations that should be reviewed in each NDA to make sure the parties are thinking about how best to protect their information.