A nondisclosure agreement (NDA), sometimes called a confidential disclosure agreement or confidentiality agreement, is a legal contract between two parties that addresses how the parties will handle confidential information that one party will share with the other. An NDA is not a party’s only means of protecting its confidential information. Most states have adopted some form of the Uniform Trade Secrets Act, which provides significant protection independent of any contract. An NDA, however, can provide substantial protection beyond that offered by statute and also allows parties to tailor the protection to the circumstances of their specific relationship.
In preparing an NDA or reviewing a draft presented by another party, several basic issues should be considered. A decision can be reached about the manner in which each of those issues will be dealt with and reflected in the NDA (if at all) only after considering the expected flow of information between the parties (will it be one-way or mutual and, if mutual, will significant information be disclosed by each party) and the sensitivity of the information to be exchanged. Significant issues to consider include the purpose and permitted use of information, an identification requirement, disclosure restrictions, the term of protection, enforcement of the NDA and possible export controls.
Purpose and Permitted Use
The NDA should clearly specify the purpose of the information exchange and how the information received can be used by the recipient. In many NDAs this purpose is very limited and related to an evaluation or other preliminary stage of the parties’ relationship. Typically, if the relationship moves to a more substantial level, another agreement with appropriate confidentiality provisions will supersede the initial NDA.
The NDA should address whether the disclosing party is required to expressly identify all confidential information disclosed – whether in writing or otherwise – as confidential as a condition to protection. Many NDAs incorporating this requirement allow orally disclosed confidential information to be subsequently identified in writing as confidential. On the other hand, many NDAs provide that all information exchanged between the parties is to be treated as confidential unless certain specific exceptions apply (e.g., the information is in the public domain, the recipient already possessed the information with the unrestricted right to use it, etc.). Needless to say, there is a greater opportunity for a party to make a mistake under an NDA incorporating a provision with an identification requirement, and a party contemplating such a provision needs to be confident in its internal administration and discipline if it is going to be making significant disclosures to the other party. Conversely, a party who will only be receiving information would want to include such an identification requirement. Regardless of whether the NDA contains an identification requirement, any party should administer its operations carefully to restrict the extent to which it accepts confidential information in the first place and control the dissemination of any confidential information once it enters the company to minimize the risk that it inadvertently will be used for some unpermitted purpose, or be unknowingly combined with information that the company is otherwise free to use, thereby contaminating that other information.
Disclosure Restrictions – Internal and External
Any NDA should address how extensively a party is permitted to share the information received. Typically, this would be on a “need to know” basis given the identified purpose. In some cases, depending on the sensitivity of the information, the disclosing party may wish to restrict access to the information to specified individuals or groups within the recipient organization. The NDA also should address the extent to which a recipient is permitted to disclose information to third parties including consultants or affiliated companies that may be involved in the project. Some such disclosure may be appropriate, but, at a minimum, the recipient should commit to be responsible for such third parties’ compliance with obligations under the NDA and, in the case of more sensitive information, a disclosing party may wish to have such third parties sign separate agreements.
Term of Protection
One of the characteristics of trade secret protection setting it apart from other forms of intellectual property protection (such as patents and copyrights) is that it is, in theory, of indefinite duration. As long as a party is able to maintain the secrecy of certain information, it can last forever. Notwithstanding that characteristic, many NDAs seek to impose a fixed term on the parties’ obligations to treat information disclosed under the NDA as confidential. Such terms typically run for three to five years from the date of disclosure. A party disclosing confidential information that it
Any NDA should address how extensively a party is permitted to share the information received.
believes may have a useful life beyond that period should strongly resist any such limitation, instead advocating for perpetual protection in the absence of the loss of trade secret status through occurrences such as the entry of the information into the public domain without fault of the recipient.
Having a valid NDA and having the ability to enforce it as a practical matter are two quite different things. Often not enough attention is paid to the enforcement mechanism. This omission may result in an NDA that provides inadequate protection to the disclosing party.
There are three key provisions that relate to this issue. The first is a clear choice of law provision specifying the law governing the NDA. Without a choice of law provision, the basis of enforcing the NDA may be less certain. The second is an agreement between the parties as to the location and method of dispute resolution. Especially where parties may be located far from each other, it is of strategic advantage for a party to be able to enforce an NDA in a nearby forum. The third, and perhaps most important, is an attorneys’ fees provision allowing the prevailing party in any enforcement action to recover its legal fees from the other party. Such fees can be substantial. In the absence of an attorneys’ fees provision under California law, even if a party wins a trade secret action it will likely have to pay its own fees, unless it can establish willful and malicious trade secret misappropriation. This reality might make a party hesitant to enforce its rights under an NDA, even following an obvious misuse of its confidential information by the other party. Parties should keep in mind, however, that an attorneys’ fees provision is a “double-edged sword” because the party attempting to enforce an NDA could lose the case and subject itself to the defendant’s recovery of its attorneys’ fee. Additionally, there is the reality that such a provision may be of little value if the offending party has no money to pay a judgment.
If a party to an NDA is located outside of the United States, ... care should be taken to confirm that the NDA will be as valid and enforceable in such case as in cases where all parties, disclosures and uses are domestic
Though the primary focus of this article is on NDAs between parties located in the United States and subject to the jurisdiction of US courts, many relationships, especially in the technology sector, are now international in character. If a party to an NDA is located outside of the United States, or if any part of the information to be disclosed is to be used in another country, care should be taken to confirm that the NDA will be as valid and enforceable in such case as in cases where all parties, disclosures and uses are domestic.
Parties also should be aware that disclosures of information may raise issues under United States export control law (ECL). If, as part of an information exchange, information is to be transmitted or transported outside the United States, the parties need to address the possible application of the ECL. Especially in the case of new technologies, there may be some question as to how the information would be classified for purposes of the ECL and, accordingly, what level of approval may be required for export. Further, information may be exported without ever physically leaving the borders of the United States, e.g., through disclosure to an individual within the United States who is neither a US citizen nor a permanent resident. Caution is needed to avoid inadvertent violations of the ECL.
Finally, though the provisions of most NDAs tend to be fairly standard, albeit with variations like those noted above, provisions are occasionally used that might be considered out of place in an NDA or even overreaching. Two examples of provisions that may fall within that category are residual information and inspection rights.
A residual information provision seeks to impose a further exception to the obligations imposed under an NDA for information that a representative of a recipient learns from the other party, as long as the information resides only in that representative’s “unaided memory” and is not supplemented with documents or other materials containing the confidential information. The result would be that someone with a good memory could utilize important confidential information received from the other party without any restriction. The limitation to information retained in memory does provide some protection, however, the most interesting and important items of disclosed information may be relatively easy to remember. A disclosing party should strongly resist any such provision in an NDA.
Another potentially problematic provision is one that allows one party the right to inspect or audit the other party’s facilities, including computer files, to confirm compliance with the obligations imposed under the NDA. Such a level of intrusion may be very disruptive and is highly unusual in an NDA.
While this article has not provided an exhaustive list of every provision that might be in an NDA, making sure that these key provisions are included in (or excluded from, depending on your situation) any NDA will, in the end, provide a better result for parties who later seek to enforce the NDA through the courts.