UK: Confidentiality, NDAs and Business Secrets

Last Updated: 7 December 2010
Article by William Robins

More now than ever before, knowledge is king. Accordingly, how you use that knowledge or, more correctly, confidential information, is an important decision that all businesses have to take when interacting with others. This article looks at the legal and practical aspects of disclosing confidential information to others and the use of non-disclosure agreements (NDAs).

NDAs: What are they?

An NDA, a non-disclosure agreement, a confidentiality undertaking, a confidentiality letter or a confidentiality agreement are all names for essentially the same document. There are few formal requirements as to what can constitute an NDA and it is perfectly feasible for an NDA to be wrapped up in some other type of document or agreement, for example, some Heads of Terms or an Exclusivity Agreement, both being documents commonly used to begin formalising a transaction between two or more parties.

NDAs therefore come in all shapes and sizes, but have at their core one clear purpose: to identify certain information to be provided to another and to establish how that information can and cannot be used.

NDAs regulate and record the flow of information. This flow can be one way. For example, where a software designer is going to produce some software for your business based on certain confidential information you will provide. Or they can be mutual, i.e. the party receiving the information (the Information Recipient) is also providing their information to you. Both one-way and mutual arrangements are common, but it is important to identify from the outset which of the two arrangements is to be used.

Where would you expect to come across an NDA?

The short answer is that you'd expect to encounter an NDA in any situation where confidential information is being provided and the party providing the information (the Information Provider) wishes to record and regulate the treatment of that information. Typical examples therefore include:

  • On an investment; the company seeking the investment would ask the investor to sign an NDA relating to the confidential due diligence information about the company the investor will receive.
  • On the outsourcing of a service; the outsourcer would expect the service provider to sign an NDA relating to both the confidential information he will receive to allow him to commence providing the service, but it would also cover the information received in the course of such service provision.
  • On taking a lease; the tenant would expect the landlord to sign an NDA if the tenant needs to pass on confidential information about his business to the landlord relating to the anticipated use of the property.

NDAs are also commonplace in normal trading arrangements where customers and/or suppliers are providing or receiving confidential information.

Should you expend time, cost and effort in putting one in place?

There is no definitive answer to this tricky and well-rehearsed question. However, this article will look at the question on a legal and then commercial level.

Legally, subject to certain formal considerations that apply to any contract, NDAs do work. They create a contractual right for the Information Provider to seek a judicial remedy from the Information Recipient should he breach the terms of the agreement. The remedies available should, assuming the NDA is drafted properly, allow the Information Provider to choose between financial compensation and a court order preventing disclosure of the confidential information concerned. Legally, to enforce an NDA, the Information Provider will need to go to court and to show that there was a contract, to establish its terms, to establish that on the face of the facts there was a breach by the Information Recipient and then to establish the financial damage the breach has caused the Information Provider.

A well-drafted NDA and a properly managed and controlled information disclosure process can make it relatively simple to provide strong evidence under most of these heads. Proving damage could be harder, but the facts normally speak for themselves. If, for example, you have provided your secret recipe to a manufacturer and the manufacturer in turn provides it to a competitor who then uses it to produce a competing but cheaper product, it is a good bet that your sales will fall, while your overheads will remain the same, or, put more simply, that you have suffered provable loss.

However, here the legal points necessarily give way to the commercial reality. It is often said that you would never wish to, or can afford to, sue a more established business or wealthy individual to whom information has been provided. It is true that the evidential and costs burden will be on you and it may also be true that your financial loss might be deemed small in the court's view. Furthermore, it is true that you are not likely to have advance notice of any breach, so obtaining a court order to prevent unauthorised disclosure is not likely to be relevant. It has also been well noted that neither remedy might be what you are looking for; what you would have preferred is for there to have been no breach of confidence in the first place. In addition, suing the Information Recipient won't make the information confidential again.

Having an NDA can't be regarded as a panacea. That said though, I still believe they have their place as part of your wider approach to dealing with confidential information.

Having an NDA does have a number of irrefutable commercial advantages. The mere act of putting one together focuses the minds of the parties on what information is confidential and how it can be treated. This is beneficial and this process typically only takes place in the context of agreeing an NDA.

Having an NDA has a deterrent effect. Much like the role of criminal law, it establishes in the recipient's mind that unauthorised disclosure might land him in court and could cost him financially.

Finally, you should not forget that having an NDA, or choosing not to, is not just a decision for your business in the here and now. For example, if you are considering looking for investment in due course, you will find that your IP and confidential information is seen as a key asset and you will also find that you have to disclose it to a number of potential investors before you find the investor or investors who actually inject cash into your business. Your successful investors will want to see that it is protected and, of course, what starts off as your information will become their information too on investment. Just because you might not want to sue on an NDA, your investor may well want to in order to protect his investment. Having an NDA will be especially useful in preventing disclosure by the unsuccessful investors who performed due diligence.

How to draft or review an NDA

Before you get too bogged down with reading or amending the NDA itself, you should take the time to work out what information you are going to be disclosing, how confidential it is (certain aspects may be more confidential than others) and why you are disclosing it. You need to know this before you can draft or analyse an NDA. This will also help you understand what it will cost you if your confidential information is not kept confidential. If the cost is minimal, you might not require an NDA. If the cost is moderate, you might well choose to draft your own NDA. If the cost is high, it might be better to have a lawyer draft the NDA for you to make sure it really does protect you. Lawyers also carry insurance, so if they make an error and you suffer loss, the insurer will pay.

The first point to note about how to draft an NDA is that you should never start with a blank piece of paper. You need to start with a sensible template. To allow you to do this, we have made our own template freely available through this link: http://bit.ly/Freenda (and a copy is set out at the end of this article). As mentioned above, there are many sorts of NDA. The template we have made available is only suitable for the one-way disclosure of information as part of a corporate transaction. This is the type of NDA we are most commonly asked to provide.

You may find the other party to the deal gives you their standard document to sign. It is best to be sure you are fully comfortable with the NDA you have been given and all of its terms before you sign it. You should be aware that NDAs are normally biased in favour of the drafting party. So don't be afraid to ask why a clause is included, what it means and, if you are not satisfied, to ask to have it removed or amended. An NDA is a commercial agreement much like any other and bargaining power counts.

So, what does the document itself look like?

The NDA is likely to include the following clauses:

The parties

These are the parties to the agreement. In most cases there will be two parties: the Information Provider and the Information Recipient. Insert their full names and, if relevant, company numbers.

The definition of "Confidential Information"

The NDA will define what is meant by "Confidential Information". This is probably the most important clause in the agreement. You need to spell out what you mean by Confidential Information. A description or a list is a good way of doing this. The definition must not be too wide in scope; be aware that mixing patently non-confidential information with confidential information will cause all information to be treated as non-confidential and render the agreement useless. Similarly, it must not be too narrowly defined as this might mean key information is not caught by the obligations in the NDA. Linked to this, you need to consider whether copies, notes and secondary information created by the Information Recipient having seen the confidential information should also be included.

The definition of "Permitted Purpose"

The NDA will also use this key defined term. As the words would suggest, this sets out exactly what the Information Recipient is permitted to do with the information. For example, supposing you ran a drinks manufacturing company and you were in talks with an investor to buy half of your shares, the investor would rightly want to carry out his due diligence and this will involve you sending him a great deal of confidential information about your company. This might for example include the recipe for one of your best-selling drinks. The Permitted Purpose of the information you supply is to allow the investor to decide whether he wants to invest. An investor would therefore not only be obliged to keep the information confidential, but also would only be allowed to use the confidential information for the Permitted Purpose. The Permitted Purpose of course does not extend to the potential investor keeping the information confidential but then using it to manufacture the drink himself.

The confidentiality obligation

This is the main clause. It sets out what the Information Recipient must do and must refrain from doing. Keeping information confidential is a given. However, you should consider stating exactly how it should be kept confidential and who may access it, and add in an obligation to return or destroy it and all copies of it on request. The more specific you are, the easier it is for you to inspect for compliance and to prove a breach. For example, where the Information Recipient is a company, consider limiting access to certain named directors and requiring it to be password protected. Consider whether it can be shared with their lawyers or accountants and, if so, consider limiting this to a need-to-know basis.

Duration of the obligation

It is customary to limit the duration of the obligations to a period that reasonably reflects the shelf life of the information being provided. Anything from one year to five years would be normal, but there is no reason why it could not be longer. As a sanity check though, you should ask yourself how long it would take until you would no longer be concerned by a breach of the (now) "old" information. There would seem to be little point in asking for a longer period of protection than you need.

Other clauses

While we have not included many supplementary clauses in our template NDA, other firms may and you should know what to expect.

Briefly, you may find the following clauses also included:

Non-compete/non-solicit

This is a clause that will prevent the Information Recipient from competing with your business, and from poaching your staff or clients. It is easy to see why this might be something you ask for, but be aware that it may well not be acceptable to the Information Recipient. Investors might decline to accept such terms as they are not really relevant to their interest in your business and competitors would not wish to accept terms that restrict their existing (and proposed) business. However, they might accept an obligation not to poach your staff or clients, though they would probably seek customary limitations which, for example, allow them to hire respondents to job adverts and to deal with unsolicited customers who approach them. You should be aware that you can only lawfully protect your legitimate business interests and, therefore, any such provision will need to be limited with respect to duration and applicable geographic area.

Break clause/lock in/exclusivity

This is a clause found only in corporate deals where one party is locked in to the negotiations for a period of time during which due diligence takes place. If, at the end of the period, a deal is not then completed, one party may be required to pay the other a break fee. Such provisions are unusual, but are relevant where one party requires the other to prove he is serious about the deal at hand.

Announcements

This clause sets out who can announce what. Normally, you would expect announcements only to be permitted with the consent of both parties.

Costs

This clause would set out who will bear the costs of preparing the NDA. Remember that NDAs are contracts and it is common for both parties' lawyers to amend the NDA before the parties sign it. This of course incurs costs. Normally, each party would bear its own costs, but sometimes a party can have sufficient bargaining power to compel the other side to pay its legal costs.

Practical Points

When to sign?

There is no question that it is preferable to have the NDA in place before you disclose confidential information. However, this actually conceals another important point. What do we mean by confidential information and, so, when do you get to the stage that you should refuse to hand over any more information without an NDA? The decision will of course be yours, but be aware that an Information Recipient would expect to know why he was being asked to sign an NDA and the nature of the information he will be provided with, should he sign. To understand the reasoning behind this, ask yourself: how happy would you be if you signed an NDA and the confidential information disclosed under it turned out to be similar to something you were working on? Far from being a windfall benefit, this might actually interfere with a course of action on which you had already embarked. Accordingly, you should accept that there will have to be information you disclose before you sign an NDA, and this information should be less sensitive.

Where you might not have any choice

There will be times when you have no choice. For example, you may find that VCs won't sign an NDA and that if you are the Information Recipient and you are working with a big Information Provider, then you will be required to sign their standard NDA. You will often be confronted with decisions like this and you need to take a risk-based commercial decision as to whether to sign/whether to accept that you won't be offered an NDA.

What if you don't have an NDA?

The equitable law of confidence will apply in all cases and will offer the Information Provider some limited legal protection in so far as the Information Recipient may not take unfair advantage based on information received in confidence. Where you have a choice, it is best not to rely on this general rule of law, not least because it is hard to enforce and you will need to show that there was both a relationship of confidence in place and that the Information Recipient knew he was required to treat the information in confidence. However, you might not have a choice, in which case the equitable law of confidence will be of assistance.

There are two other factors that might assist you where you have no NDA. The first is the reputation of the Information Recipient. While VCs typically won't sign an NDA, they are not in the business of leaking your confidential information, as to do so would ruin their reputation and would undermine their ability to attract future investment opportunities. The second relates to advisors such as lawyers and accountants. Regulated advisors have a code of conduct to uphold which includes strict requirements for them to safeguard confidential information. They risk losing their ability to practise, and thus their career, should they breach this duty. Needless to say, this is strong comfort for Information Providers and explains why regulated advisors also typically will not sign NDAs.

Conclusion

The best protection is not to disclose confidential information at all. In circumstances where it is required, it is a good idea to take practical measures to ensure the information's confidentiality. By disclosing the information through only allowing inspection of hard copies at your offices or through a controlled online data room, and by keeping a log of who has seen what, you will have maximised the chance of your information staying confidential. You should also not be afraid to perform your own due diligence on the Information Recipient. Ask yourself: Do I trust them? Having an NDA is a highly advisable second stage. It is enforceable and, by not having one, you take a permanent decision not to require a contractual commitment to confidentiality, risk sending a signal that confidentiality is not important to you and you take a decision that may later be questioned by investors.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.