In the wake of scandals such as the Presidents Club and POTUS Trump’s alleged infidelities, the Non- Disclosure Agreement has fallen under intense scrutiny, being labelled the “hush agreement”, synonymous only with cover-ups and wrongdoing. In reality, NDAs retain many benefits and often save businesses from very public, damaging disputes. So why are they important and how can you ensure they are effective?

NDAs: what are they?

An NDA, a non-disclosure agreement, a confidentiality undertaking, a confidentiality letter or a confidentiality agreement are all names for essentially the same document. NDAs therefore come in all shapes and sizes, but have at their core one clear purpose: to identify certain information to be provided to another and to establish how that information can and cannot be used.

When does an NDA make sense?

You'd expect to encounter an NDA in any situation where confidential information is being provided and the party providing that information wishes to record and regulate its treatment.

Having an NDA has a number of irrefutable commercial advantages. The mere act of putting one together focuses the minds of the parties on what information is confidential and how it can be treated.

Typical examples can include:

  • On an investment; the company seeking the investment would ask the investor to sign an NDA relating to the confidential due diligence information about the company the investor will receive.
  • On the outsourcing of a service; the outsourcer would expect the service provider to sign an NDA relating to the confidential information he will receive to allow him to commence providing the service and also to the information received in the course of such service provision.
  • On taking a lease; the tenant would expect the landlord to sign an NDA if the tenant needs to pass on confidential information about his business to the landlord relating to the anticipated use of the property.

NDAs are also commonplace in normal trading arrangements where customers and/or suppliers are providing or receiving confidential information.

Should you expend time, cost and effort in putting one in place?

There is no definitive answer to this tricky and well-rehearsed question. However, this article will look at the question on first a legal and then a commercial level.

Legally, subject to certain formal considerations that apply to any contract, NDAs do work. They create a contractual right for the “Information Provider” to seek a judicial remedy from the “Information Recipient” should he breach the terms of the agreement. The remedies available should, assuming the NDA is drafted properly, allow the Information Provider to choose between financial compensation and a court order preventing disclosure of the confidential information concerned. Legally, to enforce an NDA, the Information Provider will need to go to court and to show that there was a contract, to establish its terms, to establish that on the face of the facts there was a breach by the Information Recipient and then to establish the financial damage the breach has caused the Information Provider.

A well-drafted NDA and a properly managed and controlled information disclosure process can make it relatively simple to provide strong evidence under most of these heads. Proving damage could be harder, but the facts normally speak for themselves. If, for example, you have provided your secret recipe to a manufacturer and the manufacturer in turn provides it to a competitor who then uses it to produce a competing but cheaper product, it is a good bet that your sales will fall while your overheads will remain the same, or, put more simply, that you have suffered provable loss.

How to draft or review an NDA

Before you get too bogged down with reading or amending the NDA itself, you should take the time to work out what information you are going to be disclosing, how confidential it is (certain aspects may be more confidential than others) and why you are disclosing it. You need to know this before you can draft or analyse an NDA. This will also help you understand what it will cost you if your confidential information is not kept confidential. If the cost is minimal, you might not require an NDA. If the cost is moderate, you might well choose to draft your own. If the cost is high, it might be better to have a lawyer draft the NDA for you to make sure it really does protect you. Lawyers also carry insurance, so if they make an error and you suffer loss, the insurer will pay.

The first point to note about how to draft an NDA is that you should never start with a blank piece of paper. You may find the other party to the deal gives you their standard document to sign. It is best to be sure you are fully comfortable with the NDA you have been given and all of its terms before you sign it. You should be aware that NDAs are normally biased in favour of the drafting party. So don’t be afraid to ask why a clause is included, what it means and, if you are not satisfied, to ask to have it removed or amended. An NDA is a commercial agreement much like any other and bargaining power counts.

So, what does the document itself look like?

The NDA is likely to include the following clauses:

The parties

These are the parties to the agreement. In most cases there will be two parties: the Information Provider and the Information Recipient. Insert their full names and, if relevant, company numbers.

The definition of “Confidential Information”

The NDA will define what is meant by “Confidential Information”. This is probably the most important clause in the agreement. You need to spell out what you mean by Confidential Information. A description or a list is a good way of doing this. The definition must not be too wide in scope; be aware that mixing patently non-confidential information with confidential information will cause all information to be treated as non-confidential and render the agreement useless. Similarly, it must not be too narrowly defined as this might mean key information is not caught by the obligations in the NDA. Linked to this, you need to consider whether copies, notes and secondary information created by the Information Recipient having seen the confidential information should also be included.

The definition of “Permitted Purpose”

As the words would suggest, this sets out exactly what the Information Recipient is permitted to do with the information. For example, if you ran a drinks manufacturing company and you were in talks with an investor to buy half of your shares, the investor would rightly want to carry out his due diligence and this would involve you sending him a great deal of confidential information about your company. This might include the recipe for one of your best-selling drinks. The Permitted Purpose of the information you supply is to allow the investor to decide whether he wants to invest. An investor would therefore not only be obliged to keep the information confidential, but also would only be allowed to use the confidential information for the Permitted Purpose. The Permitted Purpose would not extend to the potential investor keeping the information confidential but then using it to manufacture the drink himself.

The confidentiality obligation

This is the main clause. It sets out what the Information Recipient must do and must refrain from doing. Keeping information confidential is a given. However, you should consider stating exactly how it should be kept confidential and who may access it, and add in an obligation to return or destroy it and all copies of it on request. The more specific you are, the easier it is for you to inspect for compliance and to prove a breach. For example, where the Information Recipient is a company, consider limiting access to certain named directors and requiring it to be password-protected. Consider whether it can be shared with their lawyers or accountants and, if so, consider limiting this to a need-to-know basis.

Duration of the obligation

It is customary to limit the duration of the obligations to a period that reasonably reflects the shelf life of the information being provided. Anything from one year to five years would be normal, but there is no reason why it could not be longer. As a sanity check though, you should ask yourself how long it would take until you would no longer be concerned by a breach of the (now) “old” information.

Non-compete/non-solicit

This is a clause that will prevent the Information Recipient from competing with your business, and from poaching your staff or clients. Investors might decline to accept such terms as they are not really relevant to their interest in your business, and competitors would not wish to accept terms that restrict their existing (and proposed) business. However, they might accept an obligation not to poach your staff or clients, though they would probably seek customary limitations which, for example, allow them to hire respondents to job adverts and to deal with unsolicited customers who approach them. You should be aware that you can only lawfully protect your legitimate business interests and, therefore, any such provision will need to be limited with respect to duration and applicable geographic area.

Break clause/lock-in/exclusivity

This is a clause found only in corporate deals where one party is locked in to the negotiations for a period of time during which due diligence takes place. If, at the end of the period, a deal is not then completed, one party may be required to pay the other a break fee. Such provisions are unusual, but are relevant where one party requires the other to prove he is serious about the deal at hand. Announcements

This clause sets out who can announce what. Normally, you would expect announcements only to be permitted with the consent of both parties.

Costs

This clause would set out who will bear the costs of preparing the NDA. Remember that NDAs are contracts and it is common for both parties’ lawyers to amend the NDA before the parties sign it. This of course incurs costs. Normally, each party would bear its own costs, but sometimes a party can have sufficient bargaining power to compel the other side to pay its legal costs.

Practical points

When to sign?

There is no question that it is preferable to have the NDA in place before you disclose confidential information. But what is meant by confidential information and at what stage should you refuse to hand over any more information without an NDA? The decision will of course be yours, but be aware that an Information Recipient would expect to know why he was being asked to sign an NDA and the nature of the information he will be provided with, should he sign. To understand the reasoning behind this, ask yourself: how happy would you be if you signed an NDA and the confidential information disclosed under it turned out to be similar to something you were working on?

Where you might not have any choice

There will be times when you have no choice. For example, you may find that venture capitalists won’t sign an NDA and that if you are the Information Recipient and you are working with a big Information Provider, then you will be required to sign their standard NDA. You will often be confronted with decisions like this and you need to take a risk-based commercial decision as to whether to sign or whether to accept that you won't be offered an NDA.

What if you don't have an NDA?

The equitable law of confidence will apply in all cases and will offer the Information Provider some limited legal protection in so far as the Information Recipient may not take unfair advantage based on information received in confidence. Where you have a choice, it is best not to rely on this general rule of law, not least because it is hard to enforce and you will need to show that there was both a relationship of confidence in place and that the Information Recipient knew he was required to treat the information in confidence. However, you might not have a choice, in which case the equitable law of confidence will be of assistance.

Conclusion

Ultimately, the best protection is not to disclose confidential information at all. Where required, take practical measures to ensure the information’s confidentiality. Do not be afraid to perform your own due diligence on the Information Recipient. Ask yourself: do I trust them? Having an NDA is a highly advisable second stage. An NDA is enforceable and, by not having one, you take a permanent decision not to require a contractual commitment to confidentiality and risk sending out the wrong signals to investors.