It is important to periodically review form agreements to ensure that the provisions that were favorable or represented your company’s position in the past continue to accurately protect your company’s interests.
At the Tech & Sourcing @ Morgan Lewis blog, we have given tips on drafting nondisclosure agreements (NDAs) in the past. In this post, we revisit some of those key considerations and expand upon additional items to bear in mind as you review your company’s NDAs.
At the onset, it is important to identify what parts of a business will use the NDA form and make sure your company’s NDA covers each business entity—including your company’s subsidiaries and affiliates, if that is the intended scope. Additionally, you should consider whether each entity has the same needs and if those needs can be sufficiently covered in a one-size-fits-all NDA form.
Consider how long you want confidentiality obligations to remain for both confidential information provided and received, including whether a term is even appropriate when it applies to your trade secret information. It also is important to make sure that your company’s NDA dates back to or includes confidential information you may have shared in anticipation of executing the NDA.
Definition of “Confidential Information”
If you are the discloser of information, you likely want to make sure that the definition of “confidential information” includes summaries and compilations of the confidential information you provide. This, of course, is in addition to other considerations we addressed previously, including whether information can only qualify as confidential under the NDA if it is labeled as “confidential.”
Disclosure of Information
If your company employs consultants that may need access to the other party’s confidential information in order to provide services to your company, you may need to include the right for your company to disclose the confidential information you receive to such third party. In exchange for this right, you may need to agree to have in place a commercially reasonable NDA with your consultants and to be responsible, vis a vis the disclosing party, for any breaches of the NDA between the disclosing party and your company arising from any acts or omissions by your consultants.
Standard of Care
Make sure that your form NDA is consistent with respect to the standard of care that the receiving party must use in protecting the confidential information of the disclosing party. Does the form state that the receiving party will keep the confidential information “strictly” confidential in one place and then state elsewhere that the receiving party will use “commercially reasonable” efforts to protect the confidential information, but not less than the efforts that the receiving party uses to protect its own, similar confidential information? We have seen plenty of forms with this inconsistency.
Obligation to Report Misuse
If the other side discloses your company’s confidential information in violation of the NDA, or the confidential information is otherwise accessed by an unauthorized third party, such as in a data breach, what reporting obligations does the other party have? Must they cooperate with your company in responding to data breaches? Your NDAs should cover these situations to help protect your information and satisfy obligations to other parties in the event of misuse or wrongful access.
Return of Confidential Information
Depending on the relationship between the parties, the business transaction, and your company’s data storage practices, the other side may be the only party with some of your company’s confidential information at the end of the term. As such, and in order to prevent the other side from continuing to use your confidential information, your company’s NDA should require the return or destruction, at your company’s direction, of all of your company’s confidential information at the end of the term. This requirement also should cover all copies and summaries the other side may have.
This post, as well as our previous musings on the subject, encapsulate only a fraction of the considerations you should keep in mind when preparing or “cleaning” your form NDAs.