Nondisclosure agreements (also known as NDAs and confidentiality agreements) help companies protect their confidential information when they need to disclose the information to third parties. Businesses need nondisclosure agreements when they are entering into new business arrangements with vendors or customers, when they are hiring new employees or consultants, or when they are exploring strategic transactions, such as selling their business or expanding by buying a new company. This post explains some important background information about nondisclosure agreements and breaks down the most common provisions that they usually contain.
Nondisclosure agreement overview
Whenever a company discloses sensitive information to people outside the organization–or even to its own employees and independent contractors–it runs the risk that the people receiving the information will cause damage by disclosing the information to people they shouldn’t or even misappropriating the information to compete unfairly. Companies should have well-thought-out policies and procedures covering who has access to sensitive information and how, when, and to whom it can be disclosed. NDAs are a key part of any such program.
Nondisclosure agreements provide contractual protection for a company’s confidential information. If the recipient of the information breaches its obligations under the NDA, the party disclosing the information may pursue a breach of contract action. However, this means that nondisclosure agreements have limitations that are common to all contractual protections, namely that it can be expensive and time-consuming to enforce your rights under a contract, you must prove that the receiving party has breached its obligations, and you can only recover the damages that you can prove to a reasonable degree of certainty. Also, you can’t “unring the bell,” so unauthorized disclosure of your information can cause considerable harm to your business that can’t be undone, even if you can recover damages for the harm.
In addition to contractual protection, a business’s confidential information might also be protected by trade secret laws and privacy laws. I address trade secret laws below in the section dealing with the “period of protection.”
Key nondisclosure agreement provisions
There are a number of provisions that are common to almost all nondisclosure agreements, which I discuss below. You can see sample contract language in this simple unilateral nondisclosure agreement form contract.
Most NDAs describe the reason that the parties are disclosing confidential information and limit the use of the information by the party receiving it to that purpose. The purpose might be broad, such as “evaluating the parties’ capabilities in anticipation of pursuing one or more business opportunities.” Or it might be narrow, describing precisely the reason for the disclosure. Since the party receiving confidential information will be permitted to use the information only for the “purpose,” having a broad purpose gives the receiving party more latitude, while a more specific purpose tends to be more restrictive.
Definition of confidential information
It’s important to define what information is covered under the nondisclosure agreement. Here again, the agreement can use a general definition, such as “all information about the disclosing party and its business that the disclosing party discloses to the receiving party.” Or it can be more specific. A general definition of “Confidential Information” will usually be good for the party that is disclosing confidential information because it will bring more information under the protection of the NDA than a specific definition will.
The parties might also consider whether the method that information is disclosed should affect whether it is protected by the nondisclosure agreement. For example, if information is disclosed orally, will it be protected? Or will it only be protected if the party disclosing the information later memorializes the disclosure in writing? What if a party learns information through a tour of the disclosing party’s facilities? Should that be protected? On the spectrum of least protective of the disclosing party to most protective, NDAs might only protect information that is in writing and is marked “confidential,” or they might protect all information, no matter how it is disclosed.
Exclusions to “confidential information”
Nondisclosure agreements usually contain exclusions to the definition of “confidential information” for particular situations. Typical exclusions include (1) information that becomes public through no fault of the party receiving the confidential information, (2) information that the receiving party can legitimately obtain through a different source, (3) information that the receiving party already has on a non-confidential basis, and (4) information that the receiving party develops independently from the disclosing party’s confidential information. These exclusions reflect the practicalities of the situation (e.g., why should someone be required to protect information that the rest of the world knows?) and to avoid putting an unnecessary burden on the party receiving confidential information.
NDAs also usually permit the receiving party to disclose confidential information when compelled by subpoena or other legal process, but only after giving the disclosing party an opportunity to contest the forced disclosure.
Confidentiality obligations and use restrictions
Nondisclosure agreements universally require that the party receiving confidential information protect the information from unauthorized disclosure. NDAs also usually restrict whether and how the receiving party can disclose the information to its own personnel and downstream subcontractors and vendors. NDAs also almost always prohibit the receiving party from using the confidential information for any reason except for the “purpose” stated in the NDA. This protects the party disclosing the information from having the receiving party misappropriate the information.
Period of protection
Nondisclosure agreements usually protect confidential information for a stated period of time. Some business information becomes stale in a short amount of time so that it’s not necessary to continue treating it as confidential. Limiting the “period of protection” during which the receiving party must keep the information confidential can provide the disclosing party the protection it needs while not unnecessarily burdening the receiving party.
Some information never goes stale, however, and it should be protected in perpetuity. This is especially true of trade secrets, because trade secrets lose their value if they aren’t kept secret. In fact, disclosure of a trade secret that isn’t protected under an NDA for as long as the information constitutes a trade secret could destroy trade secret protection under law.
Return of confidential information
Nondisclosure agreements typically require the receiving party to return confidential information upon termination of the NDA or destroy it. This protects the disclosing party from having its sensitive information in the hands of someone who no longer has a legitimate need for it. Of course, electronic information proliferates in email servers, backups, and other ways and can’t truly be eradicated, as I discuss in my post Electronic Confidential Information: It’s Indestructible.
Since you can’t “unring the bell” when it comes to confidential information, it’s important for the disclosing party to be able to get an injunction when the receiving party threatens to violate a nondisclosure agreement. However, courts will order an injunction only when violation of the NDA would cause irreparable harm to the disclosing party that can’t be remedied by money damages. In order to increase the likelihood that a court will order an injunction, it’s a good idea to state in the NDA that the receiving party’s breach of the agreement would meet the requirements of an injunction.