DNA of an NDA part 1

In the spirit of ensuring that your NDA does what you want and that when signing others’ you don’t give away more than you intend, some (non-exhaustive) considerations. Part 1 of a two part article focusing on defining confidential information, exceptions to confidentiality, and restrictions on use. Part 2 here.

DNA of an NDA part 1

Another day, another NDA to review. Quick print. It rolls out of the printer. 10 pages. Seriously?

Everybody wants one. Some are good, some are bad, some are downright dangerous. They can be symbolic only; but there is also a sound legal basis for them.

In the spirit of ensuring that yours does what you want and that when signing others’ you don’t give away more than you intend, some (non-exhaustive) considerations:

Before we start

If you intend or think that it is possible that will want to patent anything contained or described in your confidential information or materials, then many standard NDAs will not be for you and you need to speak to your lawyer. In any event (as with any legal agreement) you should be reading and thinking about every section and whether it (i) is applicable to the relationship you have or want to have with the other party; and (ii) achieves sufficient protection or gives sufficient rights of use of the information expected to be given or received (and then speaking to your lawyer). In a neat analysis here, Pantea F. Stevenson classifies different styles of clauses as “Disclosing Party friendly” or “Receiving Party friendly”. I don’t follow that here but the point is well made – before starting we need to consider whether we are more likely to be disclosing or receiving something of value from the other party and review the agreement in that light.

Who are we trying to protect?

Will there be an exchange of information or is only one party revealing something of value? Even if you are not revealing any particular know-how or secret, perhaps you don’t want others to know your pricing or that you are in discussions with the other party? So mutual probably ought to be the usual starting point. Even if headed “mutual” check that really you are protecting both parties equally (or sufficiently equally). Note: here we are considering NDAs between businesses – not between companies and their employees or freelancers (though some of the considerations may be similar).

What are we trying to protect?

There are really only two purposes behind an NDA: (i) the “legal” reasons: to prevent patentable ideas from losing patentable status (novelty) due to unprotected discussion, and to be seen to be consistently taking precautions to maintain information in confidence so that courts will continue to act to protect it; and (ii) the “commercial” reasons: to protect trade secrets or other information that is valuable and may give the holder a competitive advantage, and in some cases (e.g. often relevant to corporate transactions) to keep confidential the fact that the parties are talking.

In many cases, from the disclosing party’s point of view, a general description such as “any non-public information related to the business of the disclosing party” or even “information generally understood to be confidential” seems fine for practical purposes. We may not be able to describe an elephant but we know one when we see one.

If there is something specific then we should by all means say it – if you are an equipment manufacturer then equipment samples should go in there; software and code the same. Also any third party items received in confidence. Future plans, trade secrets, sure, that’s the point. The existence and content of the negotiations between the parties and the terms of the agreement: also reasonable.

If the parties (and their lawyers) know what they are trying to achieve then a half page shopping list is rarely necessary. Possibly the problem is that someone once tried to develop an agreement that really could be a standard for all. Semi-conductor topologies may be legally protectable but I’ll bet don’t apply to more than about 0.001% of people reading this.

On the other hand, notes or summaries made from the information usually should also be defined as part of the confidential information (on the basis that what we want to protect is the wine and not just the bottle it came in).

And finally, the dreaded “identified as such” clause. Normally I always encourage certainty and try to eliminate vagueness. But signing up to identifying every document containing confidential information with a specific word (including some less obvious breeds such as “proprietary” or “secret”) and worse of all to confirming in writing with x days confidential information disclosed orally (including in the bar?), just doesn’t correspond to reality. Of course if you know that you will be the receiving party and won’t provide anything of value, then this is to your advantage. If you may be the one making a series of disclosures, then this clause creates a near impossible management issue of ensuring that you and your staff don’t ever forget to use the correct wording or follow up.

When is confidential information not confidential information?

There is a popular pick and mix list of around five exceptions to confidentiality. They appear in random combinations and I am sure not many have really considered the legal necessity behind them (an overly restrictive NDA could risk being void at least in some jurisdictions; and as we are often asking for equitable remedies of injunction then we simply won’t get these if the information is not actually secret).

So do the customary exceptions make good legal and commercial sense?

  1. already publicly known (without breach of this agreement). Yes, it wouldn’t be reasonable to restrict that and you wouldn’t get an injunction to protect it.
  2. already known to the receiving party (“as shown by documentary evidence”). Yes, it wouldn’t be reasonable to restrict that and you wouldn’t get an injunction to protect it.
  3. received from a third party not under any obligation of confidentiality. In theory similar to  numbers (1) and (2) above – although this may not be so comfortable if you are the disclosing party as it begins to cover situations out of your control.
  4. independently generated (without reference to commercial information of the other party / “as shown by documentary evidence”) – I’m wary of this one – if patentable information or trade secrets are being disclosed this potentially opens a door to the receiving party using your idea which we really don’t want. In part 2 of this article we’ll come back to that topic.
  5. ordered to be disclosed by a court order etc. OK, we need it not to be a breach of contract to comply with the order. There is a conflict of interests here: the interests of the receiving party will be to keep out of trouble with the authorities and comply; the interests of the disclosing party are to limit compliance only to what is strictly necessary and to give us the opportunity to at least consider challenging it. Care is also needed with this one as the information does not cease to be confidential – it is just that complying with the order is a permitted exception to the non-disclosure obligation. Adding “disclosures required by law” is to be avoided – from the disclosing party’s point of view: if a court or regulator makes a binding order that is one thing; in the absence of any such decision then we don’t want to leave it in the receiving party’s hands to make an interpretation of what the law requires (and conversely as the receiving party we would often prefer this flexibility).

(1), (2) and (5) if carefully drafted seem ample and reasonable. Readers may tell me that there are jurisdictions where all of these need to be included in order to prevent the non-disclosure obligations becoming unenforceable (hence why changing the governing law without further review is never smart – again, we will return to this in part 2 of this article).

So what can we do with the information?

NDAs may correctly be referred to as non-disclosure and “non-use” agreements – using confidential information only for the purpose revealed is an important second arm after maintaining confidentiality. If we have a specific business purpose then we must state it clearly e.g. “evaluation of a possible acquisition of company A” or “internal testing of company B’s product X on one test server located at company A’s premises at Y place”. Otherwise, a generic purpose such as “evaluation of a potential business relationship between the parties” might be appropriate for a majority of cases (as the basic requirement is to prevent commercial use or use with third parties). Being more specific feels good and may give greater comfort e.g. “evaluation of potential use of A’s advertising service on B’s mobile products”, provided this really covers the proposed purpose and we don’t need to amend later if we were too restrictive.

If we are disclosing software or code then restrictions on reverse engineering seem entirely reasonable and appropriate. General restrictions on not making copies seem impractical and make me a little wary – but from a disclosing party’s point of view they may also be appropriate, e.g. for test software or physical documents. For physical items then restrictions on safekeeping might also be totally reasonable (in a safe, locked drawer, locked room etc. – I have had to deal with the loss of a sample left overnight on a desk – not fun for the client, the business partner, the sheepish employee or the accused cleaner). Again, without wishing to make every NDA a major legal project, it’s a question of looking at the facts – who is disclosing the information, why, what does it consist of, how valuable is it, and what would be the consequences of a leak…

In Part 2 of this article we’ll look at other key clauses including “residuals”, damages and other remedies, and governing law poker…

READ THIS NEXT: Can we charge interest on late payments?