What you need to know about NDAs – Part Two
This is the second part of Pádraig Walsh’s article on frequently asked questions about NDAs. Catch up on Part One here.
8. Are there other circumstances where a Founder should consider an NDA or confidentiality protection?
These are examples of when confidentiality protection may be needed or should be included:
- collaboration or joint development with a third party;
- discussions to sell the business or part of it;
- employment or contractor arrangements.
9. How long should the confidentiality protection last for?
Protection can be for as long as the information remains non-public. However, an NDA imposes a restriction on the other party, and could be considered a restraint of trade. The best approach is to protect the information for as long as it is valuable. This could be forever or for a long time, but in practice protection periods of between three and five years are often agreed.
10. Does an NDA prohibit all disclosures of confidential information?
A well-drafted NDA will contain permitted disclosures, such as:
- disclosures to people who “need to know” within the organisation;
- disclosures to professional advisers; and
- disclosure required by law.
11. Are NDAs enforceable?
Yes, with the usual risks and costs associated with litigation. Specific advice should be sought if there has been a breach of confidentiality to make sure evidence is properly secured, and the merits of the claim quickly assessed. The usual remedy is an injunction to prevent use of the confidential information, and an account of profits from unauthorised use of confidential information.
12. Who are the parties to an NDA?
The person disclosing the information and receiving the information are the usual persons party to the NDA. Circumstances may dictate that others are parties also.
13. Are NDA standard form documents? What should I look out for?
An NDA should be a straightforward document, but it would be wrong to call it standard. Issues to consider include:
(a) Is the definition of Confidential Information clear and practical? You should be able to easily identify the class of information to be protected. A definition that suggests all non-public information is Confidential Information could result in you needing to implement restrictions for information that has low or no value or relevance.
(b) Is there a lot of bureaucracy or administration needed to comply with the NDA? Some obligations may involve reporting requirements, information storage, training and oversight that is onerous and impractical.
(c) Who do you have to police? The obligations under an NDA will extend beyond the recipient, and the recipient will need to monitor and police other persons having access to and using the confidential information. Are those obligations sensible? Are certificates, adherence undertakings, and indemnities required?
(d) What is carved out from confidentiality obligations? Some exceptions are sensible – such as, the recipient can show he has the information already, or the information becomes publicly known. Others are more opaque or could be gamed – such as receiving the same information from a third party without restriction.
14. When are NDAs used?
Confidentiality is a hallmark of many business negotiations and arrangements. A confidentiality clause is a standard clause in virtually every commercial agreement.
Three common occasions when an NDA is used or confidentiality is critical are:
(a) in a research and development collaboration when each participant will disclose information to others, often before patents are filed.
(b) as a precursor to a corporate investment or acquisition, so that due diligence can proceed in a private environment.
(c) in the settlement of a dispute, so that the terms of settlement do not become publicly known.
15. Are there practical or administrative things I should do?
Here are some tips:
(a) Confidential information should be treated as such within an organisation. This means segregating information and restricting access to confidential information.
(b) Conduct contract reviews to make sure they contain a proper confidentiality provision. Pay particular attention to employment and contractor agreements.
(c) Use technology solutions to track who has access to highly sensitive trade secrets.
(d) Train employees.
(e) Have an electronic communications policy.
(f) Remind employees before they leave of continuing confidentiality obligations after employment termination.
(g) Act quickly to gather facts and evidence if there is a breach of confidentiality. Consider legal advice if the potential loss or risk are material to the business.