When businesses negotiate potential transactions or contracts, or discuss opportunities to collaborate on a project or venture, it is likely that one or more of the parties will be sharing information that is non-public and confidential in nature.1 Maybe your business doesn’t have a ‘secret sauce’, but you may wish to protect the confidentiality of other information, such as customer or supplier lists, financial results, pricing information, employee information, code of internal software, and so on. With all the moving parts and challenges that can be involved in these discussions, the protection of confidential information may not always attract the appropriate level of attention.
If confidential information will be shared between the parties, they should consider first signing an agreement governing the treatment of such confidential information. This type of agreement is usually called a “non-disclosure agreement” or “confidentiality agreement”, and for the purposes of this article will be referred to as an “NDA” 2
What does an NDA do?
Confidentiality clauses are often included directly within commercial agreements. However, where there is a process of discussion, disclosure, and preparation to arrive at the signing of such definitive commercial agreement, an NDA should be used at the outset to protect and to clarify the obligations in respect of confidential information disclosed throughout that process. In other cases, businesses who wish to collaborate with one another on an ongoing basis (whether or not they will enter into any further contracts) may wish to have an NDA in place to protect their discussions and disclosures as they occur from time to time.
The foundation of any NDA is the definition of what will be considered “confidential information” for the purposes of the NDA. The definition is critically important, as failure to ensure that it covers all sensitive information that a party expects to disclose could result in some sensitive information not receiving confidential treatment under the NDA. While the exact language will defer from one NDA to another, the definition of confidential information will generally involve a description of information that is non-public, proprietary or confidential in nature. However, an NDA will often make other clarifications or additions to the definition of confidential information. For example, it may:
- specify that information disclosed to the recipient will be considered confidential information regardless of its form (paper or electronic) or method of transmission (delivery of paper, email, virtual data room, etc.);
- deem confidential information to include all notes, memos, reports, data and analyses (among other things) of the recipient that contain or reflect confidential information; and/or
- include as confidential the fact that parties are discussing a potential transaction or project, the terms or existence of the NDA itself, or the fact that the discloser has made confidential information available to the recipient.
There are also several common exclusions from the definition of confidential information for information that is already public or that is otherwise developed or received by the recipient (such that it should not attract confidential treatment under the NDA), including:
- information that is already in the possession of the recipient at the time of disclosure;
- information that is generally available to the public or industry participants;
- information that becomes available to the recipient on a non-confidential basis from a source other than the discloser; and
- information that has been independently acquired or developed by the recipient (or its representatives) without violating the NDA.
These inclusions and exclusions from the definition help to achieve a balance between (i) protecting the discloser’s non-public information that should reasonably attract confidential treatment, and (ii) avoiding the overreach of capturing information in respect of which the discloser should not be entitled to restrict the recipient’s usage.
The other critical component of an NDA is how it sets out what the recipient is permitted to do, and what it cannot do, with the confidential information. Often, an NDA will include a description of the prospective transaction, contract or venture the parties are discussing (the “Project”), and will authorize the recipient to use the confidential information solely in connection with the Project. While an NDA will generally prohibit disclosure of confidential information to third parties, there will usually be some exceptions. For example, an NDA may include an exception to allow the recipient to share information with its representatives (such as financial or legal advisors) who are assisting the recipient with the Project. In addition, to avoid the recipient’s breach of the NDA for disclosures of confidential information to a government, legal or regulatory authority as required by law, ruling, court order, statute, regulation or regulatory process (or similar), an NDA should expressly contemplate and permit such disclosures.
A closer look at some common NDA terms
Not all NDAs are created equal. An NDA that is appropriate for one context, such as the negotiation of a highly specialized services contract, may not be appropriate for other situations, such as discussions surrounding the proposed sale of a business. Further, a straightforward, “boilerplate” NDA may be fine in some simpler circumstances, but there will often be factors specific to the discloser, recipient, confidential information, or Project that will require special attention in the NDA.
While not an exhaustive checklist of NDA considerations, the following are some issues that you may want to consider when entering into an NDA:
- Term of the NDA – Historically, it was commonplace for an NDA to be perpetual in nature, protecting confidential information from disclosure indefinitely (or until it meets one of the exclusionary criteria discussed above). But it has now become most common for NDAs to include finite terms, with the confidentiality obligations expiring at the end of such term (for example, in NDAs concerning the potential sale of a business, a term between 12 and 24 months is common). In deciding on the term of an NDA, the parties should consider the useful life of the confidential information. For example, financial projections are not likely to be useful after some period of time, and similarly, information regarding the development of a new product may not be confidential once the product has been launched. On the other hand, trade secrets such as the recipe for the secret sauce or a crucial software algorithm will likely require perpetual protection.
- Date of disclosure – NDAs often specify that they apply only to confidential information disclosed on or after the date of the NDA. Parties that disclose information before the NDA is signed without paying sufficient attention to this term could later discover that the NDA does not apply to such disclosures. While a party could negotiate to ensure the NDA also applies to information disclosed before the date of the NDA, the best practice is to sign an NDA before disclosing any confidential information.
- Representatives – NDAs often specify the groups of personnel and representatives with whom the recipient is permitted to share the confidential information. Since representatives outside of the recipient’s organization are not directly parties to the NDA, the NDA should provide that the recipient is responsible for its representatives’ breaches of the obligations in the NDA. Usually, the recipient will be required to inform representatives of the confidential nature of the information and to direct representatives to keep it confidential (or to have representatives sign a similar NDA with the recipient containing comparable confidentiality obligations).
- Return or destruction – An NDA may require confidential information to be returned or destroyed at the end of the NDA’s term or upon request by the discloser (should the discussions break off). There are several common exceptions allowing information to be retained to allow the recipient to comply with laws, regulatory requirements, bona fide document retention policies or data backups, etc.
- Governing law and venue – Pay attention to the term that specifies which jurisdiction’s laws will apply to the NDA. It should reflect a jurisdiction that makes the most sense given the location of the parties or perhaps the location from which most of the information will be disclosed (but in practice may reflect the preference of the party with more bargaining power). Similarly, the NDA may specify where any claims relating to the NDA must be litigated. If the discloser will be the only party disclosing confidential information, it may wish to avoid a requirement to litigate disputes in another jurisdiction.
- Remedies – Apart from damages, the need to protect confidential information may mean that it is equally (if not more) important for the discloser to have the ability to obtain an injunction to prevent a recipient from continuing to breach an NDA’s terms. Most NDAs will therefore acknowledge that money damages may not be a sufficient remedy for breaches and will specify that the discloser will be entitled to seek an injunction. You may also wish to stipulate that the successful party in litigation will be entitled to its reasonable costs and expenses incurred in connection with the litigation.
- Representations and warranties – An NDA is intended to apply to the sharing of information during the process of negotiation or collaboration, and not to set out the binding terms of a commercial agreement (such as the purchase and sale of a business or a joint venture agreement). As a result, it is common to specify that a disclosing party makes no representations or warranties with respect to the confidential information (for example, regarding its accuracy or completeness). It is also standard to exclude the discloser’s liability in respect of the confidential information or the recipient’s use thereof.
- Personal information – If the information to be disclosed may contain personal information concerning identifiable individuals, the parties should consider the application of privacy laws. The discloser may wish to require the recipient to treat such information in accordance with applicable privacy laws. On the other hand, the recipient may want to require the discloser to make efforts not to disclose personal information (if not needed for the purposes of the Project).
- Non-solicitation – An NDA may include a non-solicitation covenant restricting the recipient’s solicitation of individuals or businesses identified in the confidential information (such as employees, customers or suppliers). The justification is that the recipient should not be able to use the confidential information to poach from the discloser. However, the inclusion of a broad non-solicit can be problematic if the parties are competitors. If included, this term should be carefully considered and tailored to the specific circumstances.
As mentioned above, this is only a sampling of NDA-related issues. If you have any questions about NDAs or the protection of your business’ sensitive information, please don’t hesitate to contact the author at [email protected].
1 In this article, a party disclosing confidential information is referred to as the “discloser” and a party receiving confidential information is referred to as a “recipient”.
2 There is no magic in the name, with both referring to a contract which is intended to identify certain information as confidential and impose restrictions on the use and disclosure of such information.