More now than ever before, knowledge is king. Accordingly, how you use that knowledge or, more correctly, confidential information, is an important decision that all businesses have to take when interacting with others. This article looks at the legal and practical aspects of disclosing confidential information to others and the use of non-disclosure agreements (NDAs).
NDAs: What are they?
An NDA, a non-disclosure agreement, a confidentiality undertaking, a confidentiality letter or a confidentiality agreement are all names for essentially the same document. There are few formal requirements as to what can constitute an NDA and it is perfectly feasible for an NDA to be wrapped up in some other type of document or agreement, for example, some Heads of Terms or an Exclusivity Agreement, both being documents commonly used to begin formalising a transaction between two or more parties.
NDAs therefore come in all shapes and sizes, but have at their core one clear purpose: to identify certain information to be provided to another and to establish how that information can and cannot be used.
NDAs regulate and record the flow of information. This flow can be one way. For example, where a software designer is going to produce some software for your business based on certain confidential information you will provide. Or they can be mutual, i.e. the party receiving the information (the Information Recipient) is also providing their information to you. Both one-way and mutual arrangements are common, but it is important to identify from the outset which of the two arrangements is to be used.
Where would you expect to come across an NDA?
The short answer is that you'd expect to encounter an NDA in any situation where confidential information is being provided and the party providing the information (the Information Provider) wishes to record and regulate the treatment of that information. Typical examples therefore include:
- On an investment; the company seeking the investment would ask the investor to sign an NDA relating to the confidential due diligence information about the company the investor will receive.
- On the outsourcing of a service; the outsourcer would expect the service provider to sign an NDA relating to both the confidential information he will receive to allow him to commence providing the service, but it would also cover the information received in the course of such service provision.
- On taking a lease; the tenant would expect the landlord to sign an NDA if the tenant needs to pass on confidential information about his business to the landlord relating to the anticipated use of the property.
NDAs are also commonplace in normal trading arrangements where customers and/or suppliers are providing or receiving confidential information.
Should you expend time, cost and effort in putting one in place?
There is no definitive answer to this tricky and well-rehearsed question. However, this article will look at the question on a legal and then commercial level.
Legally, subject to certain formal considerations that apply to any contract, NDAs do work. They create a contractual right for the Information Provider to seek a judicial remedy from the Information Recipient should he breach the terms of the agreement. The remedies available should, assuming the NDA is drafted properly, allow the Information Provider to choose between financial compensation and a court order preventing disclosure of the confidential information concerned. Legally, to enforce an NDA, the Information Provider will need to go to court and to show that there was a contract, to establish its terms, to establish that on the face of the facts there was a breach by the Information Recipient and then to establish the financial damage the breach has caused the Information Provider.
A well-drafted NDA and a properly managed and controlled information disclosure process can make it relatively simple to provide strong evidence under most of these heads. Proving damage could be harder, but the facts normally speak for themselves. If, for example, you have provided your secret recipe to a manufacturer and the manufacturer in turn provides it to a competitor who then uses it to produce a competing but cheaper product, it is a good bet that your sales will fall, while your overheads will remain the same, or, put more simply, that you have suffered provable loss.
However, here the legal points necessarily give way to the commercial reality. It is often said that you would never wish to, or can afford to, sue a more established business or wealthy individual to whom information has been provided. It is true that the evidential and costs burden will be on you and it may also be true that your financial loss might be deemed small in the court's view. Furthermore, it is true that you are not likely to have advance notice of any breach, so obtaining a court order to prevent unauthorised disclosure is not likely to be relevant. It has also been well noted that neither remedy might be what you are looking for; what you would have preferred is for there to have been no breach of confidence in the first place. In addition, suing the Information Recipient won't make the information confidential again.
Having an NDA can't be regarded as a panacea. That said though, I still believe they have their place as part of your wider approach to dealing with confidential information.
Having an NDA does have a number of irrefutable commercial advantages. The mere act of putting one together focuses the minds of the parties on what information is confidential and how it can be treated. This is beneficial and this process typically only takes place in the context of agreeing an NDA.
Having an NDA has a deterrent effect. Much like the role of criminal law, it establishes in the recipient's mind that unauthorised disclosure might land him in court and could cost him financially.
Finally, you should not forget that having an NDA, or choosing not to, is not just a decision for your business in the here and now. For example, if you are considering looking for investment in due course, you will find that your IP and confidential information is seen as a key asset and you will also find that you have to disclose it to a number of potential investors before you find the investor or investors who actually inject cash into your business. Your successful investors will want to see that it is protected and, of course, what starts off as your information will become their information too on investment. Just because you might not want to sue on an NDA, your investor may well want to in order to protect his investment. Having an NDA will be especially useful in preventing disclosure by the unsuccessful investors who performed due diligence.
How to draft or review an NDA
Before you get too bogged down with reading or amending the NDA itself, you should take the time to work out what information you are going to be disclosing, how confidential it is (certain aspects may be more confidential than others) and why you are disclosing it. You need to know this before you can draft or analyse an NDA. This will also help you understand what it will cost you if your confidential information is not kept confidential. If the cost is minimal, you might not require an NDA. If the cost is moderate, you might well choose to draft your own NDA. If the cost is high, it might be better to have a lawyer draft the NDA for you to make sure it really does protect you. Lawyers also carry insurance, so if they make an error and you suffer loss, the insurer will pay.
The first point to note about how to draft an NDA is that you should never start with a blank piece of paper. You need to start with a sensible template. To allow you to do this, we have made our own template freely available through this link: http://bit.ly/Freenda (and a copy is set out at the end of this article). As mentioned above, there are many sorts of NDA. The template we have made available is only suitable for the one-way disclosure of information as part of a corporate transaction. This is the type of NDA we are most commonly asked to provide.
You may find the other party to the deal gives you their standard document to sign. It is best to be sure you are fully comfortable with the NDA you have been given and all of its terms before you sign it. You should be aware that NDAs are normally biased in favour of the drafting party. So don't be afraid to ask why a clause is included, what it means and, if you are not satisfied, to ask to have it removed or amended. An NDA is a commercial agreement much like any other and bargaining power counts.
So, what does the document itself look like?
The NDA is likely to include the following clauses:
These are the parties to the agreement. In most cases there will be two parties: the Information Provider and the Information Recipient. Insert their full names and, if relevant, company numbers.
The definition of "Confidential Information"
The NDA will define what is meant by "Confidential Information". This is probably the most important clause in the agreement. You need to spell out what you mean by Confidential Information. A description or a list is a good way of doing this. The definition must not be too wide in scope; be aware that mixing patently non-confidential information with confidential information will cause all information to be treated as non-confidential and render the agreement useless. Similarly, it must not be too narrowly defined as this might mean key information is not caught by the obligations in the NDA. Linked to this, you need to consider whether copies, notes and secondary information created by the Information Recipient having seen the confidential information should also be included.
The definition of "Permitted Purpose"
The NDA will also use this key defined term. As the words would suggest, this sets out exactly what the Information Recipient is permitted to do with the information. For example, supposing you ran a drinks manufacturing company and you were in talks with an investor to buy half of your shares, the investor would rightly want to carry out his due diligence and this will involve you sending him a great deal of confidential information about your company. This might for example include the recipe for one of your best-selling drinks. The Permitted Purpose of the information you supply is to allow the investor to decide whether he wants to invest. An investor would therefore not only be obliged to keep the information confidential, but also would only be allowed to use the confidential information for the Permitted Purpose. The Permitted Purpose of course does not extend to the potential investor keeping the information confidential but then using it to manufacture the drink himself.
The confidentiality obligation
This is the main clause. It sets out what the Information Recipient must do and must refrain from doing. Keeping information confidential is a given. However, you should consider stating exactly how it should be kept confidential and who may access it, and add in an obligation to return or destroy it and all copies of it on request. The more specific you are, the easier it is for you to inspect for compliance and to prove a breach. For example, where the Information Recipient is a company, consider limiting access to certain named directors and requiring it to be password protected. Consider whether it can be shared with their lawyers or accountants and, if so, consider limiting this to a need-to-know basis.
Duration of the obligation
It is customary to limit the duration of the obligations to a period that reasonably reflects the shelf life of the information being provided. Anything from one year to five years would be normal, but there is no reason why it could not be longer. As a sanity check though, you should ask yourself how long it would take until you would no longer be concerned by a breach of the (now) "old" information. There would seem to be little point in asking for a longer period of protection than you need.
While we have not included many supplementary clauses in our template NDA, other firms may and you should know what to expect.
Briefly, you may find the following clauses also included:
This is a clause that will prevent the Information Recipient from competing with your business, and from poaching your staff or clients. It is easy to see why this might be something you ask for, but be aware that it may well not be acceptable to the Information Recipient. Investors might decline to accept such terms as they are not really relevant to their interest in your business and competitors would not wish to accept terms that restrict their existing (and proposed) business. However, they might accept an obligation not to poach your staff or clients, though they would probably seek customary limitations which, for example, allow them to hire respondents to job adverts and to deal with unsolicited customers who approach them. You should be aware that you can only lawfully protect your legitimate business interests and, therefore, any such provision will need to be limited with respect to duration and applicable geographic area.
Break clause/lock in/exclusivity
This is a clause found only in corporate deals where one party is locked in to the negotiations for a period of time during which due diligence takes place. If, at the end of the period, a deal is not then completed, one party may be required to pay the other a break fee. Such provisions are unusual, but are relevant where one party requires the other to prove he is serious about the deal at hand.
This clause sets out who can announce what. Normally, you would expect announcements only to be permitted with the consent of both parties.
This clause would set out who will bear the costs of preparing the NDA. Remember that NDAs are contracts and it is common for both parties' lawyers to amend the NDA before the parties sign it. This of course incurs costs. Normally, each party would bear its own costs, but sometimes a party can have sufficient bargaining power to compel the other side to pay its legal costs.
When to sign?
There is no question that it is preferable to have the NDA in place before you disclose confidential information. However, this actually conceals another important point. What do we mean by confidential information and, so, when do you get to the stage that you should refuse to hand over any more information without an NDA? The decision will of course be yours, but be aware that an Information Recipient would expect to know why he was being asked to sign an NDA and the nature of the information he will be provided with, should he sign. To understand the reasoning behind this, ask yourself: how happy would you be if you signed an NDA and the confidential information disclosed under it turned out to be similar to something you were working on? Far from being a windfall benefit, this might actually interfere with a course of action on which you had already embarked. Accordingly, you should accept that there will have to be information you disclose before you sign an NDA, and this information should be less sensitive.
Where you might not have any choice
There will be times when you have no choice. For example, you may find that VCs won't sign an NDA and that if you are the Information Recipient and you are working with a big Information Provider, then you will be required to sign their standard NDA. You will often be confronted with decisions like this and you need to take a risk-based commercial decision as to whether to sign/whether to accept that you won't be offered an NDA.
What if you don't have an NDA?
The equitable law of confidence will apply in all cases and will offer the Information Provider some limited legal protection in so far as the Information Recipient may not take unfair advantage based on information received in confidence. Where you have a choice, it is best not to rely on this general rule of law, not least because it is hard to enforce and you will need to show that there was both a relationship of confidence in place and that the Information Recipient knew he was required to treat the information in confidence. However, you might not have a choice, in which case the equitable law of confidence will be of assistance.
There are two other factors that might assist you where you have no NDA. The first is the reputation of the Information Recipient. While VCs typically won't sign an NDA, they are not in the business of leaking your confidential information, as to do so would ruin their reputation and would undermine their ability to attract future investment opportunities. The second relates to advisors such as lawyers and accountants. Regulated advisors have a code of conduct to uphold which includes strict requirements for them to safeguard confidential information. They risk losing their ability to practise, and thus their career, should they breach this duty. Needless to say, this is strong comfort for Information Providers and explains why regulated advisors also typically will not sign NDAs.
The best protection is not to disclose confidential information at all. In circumstances where it is required, it is a good idea to take practical measures to ensure the information's confidentiality. By disclosing the information through only allowing inspection of hard copies at your offices or through a controlled online data room, and by keeping a log of who has seen what, you will have maximised the chance of your information staying confidential. You should also not be afraid to perform your own due diligence on the Information Recipient. Ask yourself: Do I trust them? Having an NDA is a highly advisable second stage. It is enforceable and, by not having one, you take a permanent decision not to require a contractual commitment to confidentiality, risk sending a signal that confidentiality is not important to you and you take a decision that may later be questioned by investors.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.