Attorney Q&A: The Nondisclosure Agreement (NDA)
One of the first agreements that many startups, businesses, or entrepreneurs encounter (whether via being asked by someone else to sign one, or employing one themselves) is the Nondisclosure Agreement (sometimes referred to as a Confidentiality Agreement or abbreviated as simply “NDA”).
At the Law Offices of Ryan Reiffert, this is one of the most common agreements that we are asked to draft or evaluate and mark up. I can’t tell you how important it is to have a competent Business Attorney who has seen many of these NDAs and knows what he or she is looking at, in your corner. Signing an overly-restrictive NDA, as the recipient, or using an overly-permissive NDA, as the discloser, can spell disaster
. But again, that’s why you bring your Business Attorney with you.
What is an NDA?
Simply put, an NDA prohibits either party from disclosing certain information shared with it by another party.
What information is covered by an NDA?
We will get to this more below, but generally the NDA will contain a definition of “Confidential Information” or a similar term, defining information that is protected from disclosure.
Does an NDA go both ways? Does it prevent disclosures from A to B as well as from B to A?
Sometimes yes, sometimes no – it certainly can, but it’s not automatic or mandatory. Mutual Nondisclosure Agreements (sometimes called “MNDAs”) are quite common, particularly in the early phases of M&A transactions. But, they don’t necessarily
carry such mutual obligations. It’s also possible to have one-way, or unilateral Nondisclosure Agreements.
In what circumstances might you use an NDA?
There are many diverse examples of circumstances where a company might employ an NDA. These include:
What’s the penalty for breaching an NDA?
- Early-stage companies or businesses with significant intellectual property, trade secrets, or proprietary information might require their employees and independent contractors to execute NDAs (as well as noncompetes and other similar agreements) to protect the company’s idea and preserve its first-mover advantage and its “stealth mode” in the market.
- Sometimes, an NDA can be required even as part of the interview process for potential employees or strategic partners, depending upon how early-stage the company is. If it’s
- Other times, when an existing employee is promoted to a new role, where the employee will come into contact with confidential information that the employee did not have reason to encounter before, an NDA is generally advisable.
- Preliminary discussions to a significant transaction, such as a Merger or Acquisition will typically rely on a Mutual NDA (and other safety precautions); also likely to require a Mutual NDA would be a contemplated business succession deal, a partial (or total) asset sale, a significant stock investment, and many others.
- Two businesses that wish to enter into a joint venture will nearly always use an NDA to protect the trade secrets and proprietary information of each of them.
- An NDA will often be used to protect critical know-how, processes, intellectual property, and other secrets when a company outsources or contracts out part of its manufacturing or production processes (such as the creation of components).
- A startup company pitching potential investors will often request that those potential investors sign an NDA as a condition of receiving the private placement memorandum, viewing the pitch deck, or being given access to any other confidential materials.
- Two parties executing a litigation settlement may execute an NDA covering the terms (and, potentially, even the existence) of the settlement.
- Any other circumstance where one party has sensitive information that it desires to keep secret.
Again, this can vary greatly from one Confidentiality Agreement to the next. Strictly speaking, the answer is “the penalty for breach is whatever the NDA says the penalty for breach is” but that’s not helpful. There are three common types of penalty for breach of an NDA.
First up is injunctive relief; this is quite common in NDAs, and the language will say something to the effect of “in addition to any other remedies available, the enforcing party may have equitable or injunctive relief from the court.” This is meant to authorize the court to issue an order prohibiting a party from breach (or further breach) of the Confidentiality Agreement. Ignoring a court order, of course, carries with it much stiffer penalties, including the possibility of jail time.
The second possible remedy is a liquidated damages provision, per breach. This remedy, usually combined with one or more others, will state that because the damages are difficult to calculate, that the breaching party will owe liquidated damages of a certain set amount per breach. Texas law contains specific rules regarding liquidated damages provisions. If a business wishes to enforce a liquidated damages provision that is part of a contract, it must prove that: (1) the harm that would result from a breach was difficult to predict; and (2) the amount specified as liquidated damages constitutes a “reasonable estimate” of such difficult-to-predict harm. Both of these elements must be viewed in light of circumstances at the time the contract was formed. However, if the breaching party can demonstrate that the actual damages were substantially lower than the liquidated damages clause, the clause will be rendered unenforceable as a penalty or punishment (penalties and punishments are not allowed under Texas contract law).
The third possible remedy is a liquidated damages provision, calculated as time in breach. Again, this remedy would usually be combined with injunctive relief and/or other remedies, but it would state that, for example, every day defendant is in breach or the Confidentiality Agreement, he or she owes $X. The same two conditions and analysis set forth above regarding reasonableness, penalty, etc. to determine the enforcement of the liquidated damages provision would apply.
Is an NDA enforceable?
Generally, yes. There are a lot of exceptions and caveats to this rule – not least of which is, if you’re talking about taking legal action against someone, do they have the money to pay your damages?
But, assuming you can get an injunctive remedy, whether by contractual provision or otherwise, maybe the breaching party’s being judgment proof doesn’t matter or maybe it’s worth the pain in the neck for some other reason.
How long does an NDA last?
This is a simple question with a few different answers – one of which is relatively simple, the other of which is very complex and we’ll only scratch the surface here. The simple answer is that the term of the confidentiality requirements under the confidentiality agreement is contractually defined, and it is whatever the agreement says it is. Obviously, for the case of a business trying to protect its ultra-sensitive proprietary data, trade secrets, or similar know-how, this not only makes sense, but is the
economic reality – the founder, CEO, or whoever, of the business would not make the disclosures but for the kind of rock-solid, ironclad, permanent nondisclosure agreement envisioned by the terms of such an NDA. But the reality may not be so simple. In Texas, there is case law holding that, if a contract’s term is of indefinite length, then either party may terminate the contract at will. While I’m not aware of, and have never heard of, any court decision holding that a permanent NDA can be terminated at will, the argument is there to be made. So, what can you do? There are many options. You could make use of a choice of law clause, you could build in a long timeframe, you could make the NDA part of a larger contract covering other things, and/or you can simply roll the dice and guess/hope that the NDA would be enforced by a Texas court.
You never answered my question of exactly what the NDA covers. Can we go back to that now?
Sure. An NDA will define the information that it covers with two mechanisms: (1) a definition of “Confidential Information” or a similar term that will most likely be quite broad and (2) a number of carveouts that exclude certain items from the definition of “Confidential Information”.
Here is a sample of a definition of “Confidential Information” from one NDA freely available online:
For purposes of this Agreement, “Confidential Information” shall include all information or material that has or could have commercial value or other utility in the business in which Disclosing Party is engaged. If Confidential Information is in written form, the Disclosing Party shall label or stamp the materials with the word “Confidential” or some similar warning. If Confidential Information is transmitted orally, the Disclosing Party shall promptly provide writing indicating that such oral communication constituted Confidential Information.
This is a very recipient-friendly definition of Confidential Information, being only limited to information with commercial value in the Disclosing Party’s line of business (what about information that could be damaging? what about information that could be valuable in a different
line of business?) You may further notice that the Disclosing Party is required to mark the materials confidential, or verbally indicate that they are confidential. If the Disclosing Party forgets to do this, then perhaps they’re not confidential.
So this definition is great for the recipient, not so great for Disclosing Party.
Let’s look at a more expansive definition of “Confidential Information”
The Parties shall (i) use reasonable efforts to maintain the confidentiality of the information and materials, whether oral, written or in any form whatsoever, of the other that may be reasonably understood, from legends, the nature of such information itself and/or the circumstances of such information’s disclosure, to be confidential and/or proprietary thereto or to third parties to which either of them owes a duty of nondisclosure (collectively, “Confidential Information”)
This is a much broader definition. Rather than information with commercial value in the Disclosing Party’s line of business, we now have “information and materials… that may be reasonably understood… to be confidential and/or proprietary.” Much broader. This definition also permits
the stamping of materials as confidential (“from legends”) but also allows enforcement based on “the nature of such information itself and/or the circumstances of such information’s disclosure” – in other words, if the recipient knew or should have known that it was confidential based on the context.
Now let’s look at the “carveouts” from the definition of Confidential Information. Here’s the definition from one free document:
Receiving Party’s obligations under this Agreement do not extend to information that is: (a) publicly known at the time of disclosure or subsequently becomes publicly known through no fault of the Receiving Party; (b) discovered or created by the Receiving Party before disclosure by Disclosing Party; (c) learned by the Receiving Party through legitimate means other than from the Disclosing Party or Disclosing Party’s representatives; or (d) is disclosed by Receiving Party with Disclosing Party’s prior written approval.
This is a relatively standard formulation of the carveouts you’ll see in any NDA, with the exception that the inclusion of (d) is sort of redundant and pointless. Of course
the parties can waive in a signed writing – that’s true whether you put that clause in the contract or not.
In a lot of cases, I’d also expect to see something here about governmentally-mandated or court-ordered disclosures. That kind of thing. But, as carveout clauses go, this is pretty middle of the lane.
Should I use an NDA?
Ah, the million-dollar question. If you have something worth protecting, yes! And if you don’t have anything worth protecting, maybe!
While there are plenty of situations where the NDA would be useless or there’s nothing to protect, etc., if you’re asking the question, it probably means that you have some kind of secret that you’re concerned about protecting.
I read an article by a Very Serious Person on the internet that he/she never signs NDAs. Does this mean people can just refuse to sign my NDA?
Like any contract, you can’t make someone sign your NDA. It’s a free country and if they don’t want to sign it, they don’t have to sign it.
But also like any other interaction or business encounter, you’re free to walk away. I’ve seen this happen many times, including during my time as in-house counsel for a tech company. Leadership had an across-the-board, no-exceptions policy that anyone who wanted to interview to consult or work on the project had to sign the NDA. A few people objected, coming back with the “I don’t sign NDAs, based on principle” line. Guess what happened? The company moved on. That person never heard from them again.
So, it really comes down to whether the person on the other side of the table presents a sufficiently compelling value proposition that you’re willing to forego the value that an NDA brings to the table (whatever that value is, to you), or whether there’s another person waiting in line who won’t
make a fuss about the NDA.