Several states have passed new laws restricting use of nondisclosure agreements (NDAs), making it timely for companies to review their policies and practices. Below are some general “best practices” related to NDAs.

An NDA Is Still Critically Important.

It is still important to ensure that an appropriate NDA is in place before disclosing your company’s confidential information, whether you are exploring a potential joint development, procuring specialized parts, or even hiring a new employee. Disclosure without an NDA may bar your ability to maintain the trade secret status of your company’s key information, and allow others to freely use them based on your “voluntary” disclosure without an NDA.

Don’t Ignore Future Threats.

In negotiating an NDA, it is important to recognize that the relationship may eventually sour (e.g., the employee is terminated and goes to a competitor; the joint venture transaction does not come to fruition or ends badly; the other party’s representations were a ruse to gain access to your confidential information). Thus, your demands in the NDA negotiations should take into account the possibility that the other party may attempt to steal your trade secrets or accuse you of stealing its trade secrets.

Don’t Inadvertently Enter Into a Relationship Between the Parties Prematurely.

NDAs are often executed when parties are exploring a potential relationship (e.g., a sale of a business or a joint venture). If beneficial for your business, articulate in the NDA that neither party is agreeing to the potential relationship by signing it and, instead, its purpose is only to afford the parties protection against misuse of confidential information exchanged during the exploration of the potential relationship.

Consider the Direction(s) of Information Flow.

Another important consideration is whether confidential information will be exchanged by both parties. If the flow of information will be mutual, keep in mind that the obligations that you attempt to impose on the other party to protect your confidential information likely will be imposed on you by the other party to protect its confidential information. Thus, weigh the costs and benefits before interjecting into the negotiations a provision that imposes obligations to protect confidential information.

Scope of Protected Information Should Not Be Boilerplate.

Beware of provisions that require you to protect the other party’s non-confidential information. Protecting information is burdensome and expensive. Moreover, such provision could expand the potential scope of misappropriation or breach of contract claims that the other party may assert against you in the future. Articulate what is excluded from the scope of the duty to protect information under the NDA. For example, while it may seem obvious, explicitly state that any information that is readily ascertainable or independently developed is not protected under the NDA.

Be Mindful of the “As Required By Law” Carve Out.

Often NDAs will carve out from the obligation not to disclose confidential information “as required by law.” It is important to understand what is being carved under that exception so you know when you may disclose information the other party designates as confidential and when the other party can disclose information you designate as confidential. An obvious exception is when a court orders the disclosure of the information. But you should also be aware of a growing body of “whistleblowing” exceptions, including the following:

  • The federal Defend Trade Secrets Act protects whistleblowers who disclose trade secret information to government officials or private attorneys for purpose of reporting or investigating suspected violations of law.[1]
  • The Securities and Exchange Commission (SEC) considers any limitation on an individual’s ability to communicate directly with the SEC about a possible securities law violation illegal.[2]
  • Other statutory provisions that afford protection for whistleblowers include 5 U.S.C. § 7211 (governing disclosures to Congress) and 5 U.S.C. § 2302(b)(8) (governing disclosures of illegality, waste, fraud, abuse or public health or safety threats).
  • A number of states have restricted an employer’s ability to prohibit certain disclosures by an employee. For example, California’s Government Code § 12964.5 (effective January 1, 2019) makes it unlawful to require an employee “to sign a … document that purports to deny the employee the right to disclose information about unlawful acts in the workplace….”[3]

Pay Attention to Ownership Issues.

Watch out for proposed provisions that may result in a transfer of ownership of proprietary information. For example, a provision that a party disclosing a document will own any and all information in that document may give the counterparty an argument that it owns your information because it disclosed a document containing your information to you. The NDA should address which party will own any intellectual property derived from information disclosed by the parties (assuming the NDA contemplates the creation of intellectual property).

Do Not Ignore Third Party Access Rights and Obligations.

You should determine which third parties, if any, you may need to disclose the other party’s information to and negotiate a provision that meets your needs. For example, you may want to be able to share the other party’s information with your financial and/or legal advisors. On the flip side, the NDA should define clearly how the other party may use the information you disclose – namely, to which third parties, if any, such information may be disclosed and third parties’ obligation to protect the information to which they are given access. You may also want to include a provision requiring the other party to (i) give you notice if it is going to be acquired by a third party and (ii) to return all of your confidential information upon demand. That way, if the acquirer is one of your competitors, you can prevent it from gaining access to your confidential information.

Carefully Weigh Rights to Assign.

Special attention should be given to provisions that allow assignment of NDA rights to third parties or affiliates. Consider requiring the other party to obtain your consent prior to assigning the NDA or disclosing information subject to the NDA to third parties or even the other party’s affiliates since such affiliates may be your competitors. Even if the counterparty has no affiliates that are your competitors now, that may change in the future.

Set an Appropriate Duration for Confidentiality Obligations.

The length of confidentiality obligations should be driven by the nature of the information being disclosed – whether it is expected to remain a trade secret for a long time or will no longer be secret or valuable after a certain period. Confidentiality obligations may continue after the parties terminate their relationship. However, since protecting information can be expensive and burdensome, parties should avoid agreeing to protection period that is unnecessarily long.

Suitable Protection Measures Should Be Imposed.

NDAs often provide that “reasonable efforts” must be taken to protect the other party’s confidential information. But, given the wide latitude in determining “reasonable” efforts, this is sometimes the reason unnecessary litigation arises. For example, what is considered reasonable can vary depending on the scale and sophistication of a particular business. To avoid such dispute, your company should consider whether the NDA should expressly identify what specific protection measures the other party must use to protect your confidential information.

Consider Audit Rights.

The right to inspect the other party’s business records to determine how your confidential information is being used, disclosed, and protected may be important to assuage your concerns, should suspicions of misuse or negligent protection arise. They may be important later to build a case or to obtain an injunction against the other party, and in litigation (especially in jurisdictions where there are limited discovery rights, e.g., in certain non-U.S. countries or under certain arbitral rules).

Don’t Permit an Integration Clause to Backfire.

While it is generally a good practice to include an integration clause – a declaration that the written contract is the complete and final agreement between the parties and supersedes all prior negotiations – in NDAs, be careful not to inadvertently supersede (or worse, nullify) the terms of other agreements between the parties, which is sometimes is the main reason that the parties entered into a relationship in the first place.

Give Special Attention to Choice of Law and Forum Selection Provisions.

Careful consideration should be given to (i) the provision designating which state’s or jurisdiction’s law will apply to interpret the NDA, and (ii) which venue will be chosen to litigate any dispute that may arise, since these provisions may affect enforceability of the NDA, as well as availability of sometimes crucial injunctive relief (and, when foreign jurisdiction is involved, ability to obtain discovery that may be crucial to prove misappropriation). For example, some jurisdictions (e.g., China, Korea) do not provide for discovery similar to that allowed in the United States. Discovery rights also differ based on the arbitral forum chosen. These are essential provisions when it becomes necessary to enforce the NDA.

Educate Your Employees About the NDA and Obtain Their Acknowledgment.

In event that your company may later be required to show its exercise of reasonable efforts to comply with the NDA, it should educate employees who will have access to the other party’s confidential information about their obligations under the NDA, and better yet, obtain their acknowledgment of the training. This goal will also be furthered by maintaining appropriate records, including communications relating to the NDA with the other party, as well as documentation of the information designated as confidential under the NDA (which party designated it as confidential, which employees accessed it, how it was used, and where it is kept within your systems).

Reduce Risk of Misappropriation Claims by the Other Party.

Businesses should control access to the other party’s confidential information, as well as how it is utilized. When a product is being developed that potentially may later be falsely accused of having incorporated the other company’s confidential information, your company should carefully and methodically document the development of such product to be able to demonstrate that it was independently developed without use of the other party’s confidential information. Such documentation may allow your company to avoid (and, if necessary, prevail in) any potential litigation filed by the owner of the confidential information asserting misappropriation.

Stay on Top of Rights and Obligations at Termination of the Relationship.

Once the parties’ relationship is terminated, neither party should use or access the other’s confidential information except to return or destroy documents in compliance with the NDA. Plan in advance so that you can timely return or destroy the other party’s confidential documents and information, and to timely meet such demand by the other party (e.g., keep track from the onset of the location of documents containing such information, and dissemination of the information by the company’s email system, etc.).