The Beginner’s Guide to NDAs
The information, processes, strategies and data that your business owns, or has developed is valuable. This information is part of what makes your business unique and enables you to create value for your customers.
But what happens if an employee, contractor, or another business you work with takes that information and either uses it for their own gain or sells it to a competitor?
What would the damage be to your business?
Could your business survive such a move?
Physically preventing someone from holding any of your business’s private information is impractical; your employees and contractors need access to that information so that they can provide their services and help build your business. Instead, you need legal protection to discourage unwanted sharing of information. That’s where an NDA, or non-disclosure agreement, comes in.
What is an NDA?
An NDA is a legal contract between at least two parties which defines what information the parties would like to keep confidential and then how that confidential information can be used or shared. The NDA helps ensure this information is not passed to a third-party, made public, or used in any other way other than that intended by the owner of the information. It sets out how the offended party will be able to take action to protect itself in the event that the agreement is broken.
NDAs are sometimes called confidentiality agreements, proprietary information agreements, or could even refer to a set of confidentiality clauses in a larger contract. Regardless of the name, the intention is the same – to protect your information or to protect your idea.
When Are NDAs Used?
There are many situations where it is useful and appropriate to put an NDA in place. For instance:
- Approaching Investors – Potential investors will want to know about your business and how it works and how profitable it is before they commit. The same logic applies to potential business partners and vendors.
- Services – If you are providing services to another business or receiving services yourself, this may necessitate access to some of your company’s information. Don’t leave that information unprotected.
- Business Sale or Mergers & Acquisitions – A potential business sale or M&A will require you to share a large amount of information about your business, including key contracts and financial information.
- Joint Bids or entering into a Prime Contractor & Subcontractor arrangement - If your company is looking to partner with another company in a lodging a tender response (as a joint bidder or under a prime contractor/subcontractor arrangement) you should put in place an NDA before you share your financial information or information on your business methods or business processes.
What Information Can Be Protected By An NDA?
You might be surprised how much information can be protected by an NDA: the bar for determining what is confidential and what isn’t is quite low.
Any information that is neither public property nor public knowledge can be considered confidential information. Additionally, any information that has been created from public knowledge but that applies skill or thought to create the new information can be considered confidential.
Using this criteria, it is clear that most of the information or data held within your business is information you should classify as confidential, including your unique strategies, the data you hold on to your customers, and the processes you use to run your business. All of these pieces of information are valuable and worth protecting.
Unfortunately however, experience has shown that if you are like most small businesses, you will share or have shared, some of this information with partners and contractors without an NDA in place.
How Does an NDA Protect Your Business?
An NDA is a legal deterrent. In addition to setting out how you want your data to be used, it also provides details of what happens if the agreement is broken (which is called ‘breaching’ the agreement). Typically, this would involve taking the offending party to court and seeking an injunction (to force them to stop using the information) or damages (to compensate you financially for the harm your business has suffered due to the offending party breaching the agreement).
Although the NDA can set out the procedures to be taken if the agreement is breached, it is still up to the court what happens next – you can’t control everything. But, without an NDA your information is unprotected, and it is much harder to stop a business using your information or seek damages – you are much safer having one.
Types of NDA
An NDA can be unilateral (one-way) or mutual (two-way). A one-way NDA means one party (the receiver of the confidential information) agrees not to share that confidential information from the other party (the discloser). A common example is a contractor who requires access to certain information to deliver a particular service to a company.
A two-way NDA is when two parties (normally businesses) are each going to disclose information to each other (usually that information is financial in nature) and they both agree not to disclose the other’s information to anyone else. Two businesses working together to achieve a common goal might use a two-way NDA, or two businesses that are investigating a merger. In some cases, there may be more than two parties covered by the agreement.
4 Scenarios Where NDAs Are Useful
NDAs are highly useful documents. They can be used to:
1. Protect Existing Company Data
The most common reason for using NDAs is to protect the financial information, trade secrets, client information, proprietary knowledge, and strategic processes that help you run your business effectively. An NDA discourages employees and contractors from selling your information to competitors or using it to profit themselves.
Although the NDA will set out what happens if a breach occurs, the ideal scenario is that this document is never needed. The NDA should be as complete as is needed to achieve the legal protection your business needs now and in the future.
2. Fulfil Contractual Obligations
You probably work with other businesses which allow you to use some of their data – and you’ll have signed agreements with them concerning that information. What you might not realise is that many of those agreements stipulate how you protect that data, and often include clauses that necessitate you also use NDAs to ensure the data is used appropriately by your employees and contractors.
A failure to use an NDA in this situation may leave you in breach of contract and end up with your business being taken to court.
3. Gauge Buy-In
An NDA can be used as an initial step when gauging how much a contractor or another business wants to work with you. If they are unwilling to sign the NDA, it’s a sign they aren’t serious about working with your organization.
4. Protect Future Company Data
NDAs can also be sneaky, and we say sneaky because they can often be used for a purpose that is not their primary purpose - for instance they can be used to assert ownership over future work/intellectual property (IP).
We have seen this often where an NDA includes a clause about who owns any intellectual property if the parties decide to work together, or enter into some type of joint arrangement, in the future. This is not uncommon that NDAs include clauses about IP.
From your business perspective, ensuring that you own newly created IP is common practice when working with freelancers, contractors and consultants who may later try to claim ownership of the work they did for you. This is important because IP created by contractors belongs to them unless there is a written agreement with you that states otherwise. Even if you have paid for their time, you do not automatically own the rights to their work.
Imagine discovering that the logo, marketing plan, or web design you paid for was not solely owned by your company! By owning your IP, you ensure you protect your business better and increase its value in the event that you decide to sell.
Using an NDA like this can quickly weed out poor prospects and save time, and is a key reason why an NDA is one of the first things you create when exploring a new business partnership, even if no confidential data is being shared.
What Should an NDA Include?
Ideally, the NDA should be a separate document with a defined purpose (in other words, what is the purpose or reason that the parties are wishing to disclose confidential information). To avoid confusing things, an NDA should not be lumped in with another contract; it should only cover the disclosure of proprietary and confidential information. The scope should make it clear exactly what information is covered by the agreement, the purpose or reason as to why it is being shared, and how it can be used. It will be very hard to enforce and seek damages if the NDA does not make this obvious.
Additionally, the NDA should also be clear on what information is excluded from the document. For example, information that is already held in the public domain, or information shared by a 3rd party, is often excluded from an NDA. NDAs don’t (and shouldn’t) cover information the person knew before they signed the document either.
Other important information may include:
- The Time Period – Over what period does the NDA operate? When does it expire?
- Obligations – What is the receiver of the information required to do in order to meet the requirements of the NDA?
- Disputes – How are disputes resolved? Which court and laws apply? This is especially important if the other party is based in another country.
- Return or Destruction Clauses – These clauses set out the right of the disclosing party to request the return or destruction of any confidential information they have provided the other party.
- Signatures – The document should be signed by authorised persons from both companies to ensure they are binding and effective.
7 Common Problems With NDAs
Having an NDA isn’t always enough. Some NDAs are poorly written or so general that they can’t be enforced. Here are just a few of the common problems that we see:
1. Too Vague
Many businesses use a ‘one size fits all’ NDA for every situation. Don’t worry we get it, lawyers can be expensive, but having one solution often ends up being ‘one size fits none’ instead of ‘one size fits all’. In the long term this approach will cost your business more than investing the time to get it right.
Your NDA should be specific to the situation, the person or business receiving the information, and how they are going to use it. If you try to use the same NDA for a whole range of reasons, for instance with contractors, employees, potential hires, M&As and more, you may to make it vague – and that vagueness often leaves problems that make it impossible to enforce or loopholes that may leave it open to exploitation.
2. Overly Complicated
If the NDA is poorly written, overly complicated, or otherwise hard to understand, it makes it more likely that a breach will happen unintentionally. If a contractor does not understand the agreement they have signed and what it means they are going to find it hard to stick to it – and that’s a problem.
In an ideal world, you will never have to take another company or person to court over an NDA. The process is slow and expensive, and there’s no guarantee you’ll receive judgment in your favour that will make up for the cost of the original problem (although a good NDA will make it considerably more likely).
Your NDAs shouldn’t confuse the other party with overly complicated language – quite the opposite. The document should make it absolutely clear what the requirements of the document are and what actions are needed to meet them. An easy-to-understand document reduces the possibility that a breach will occur by accident.
3. Overly Restrictive
Some NDAs are overkill. Sharing information is vital for doing business, an overly restrictive NDA can frustrate and prevent this process. The document should keep in mind the value and sensitivity of the information being shared and what protections need to be put in place.
If an NDA is overly restrictive relative to the value of the data and places a large administrative burden on the recipient, you may find the NDA discourages companies and contractors from doing business with you.
4. Forget To Allow For Third-Party Use of Information
Sharing information with another business? Don’t forget the businesses they rely on to help them provide their services. Your NDA must allow for the fact that they may need to share some of your information with other parties to get the job done. This isn’t a bad thing, as long as it’s also covered by the NDA.
Your NDA should set out which information that business is allowed to share, the procedure for doing so, and what recourse you have if they don’t. Setting this out clearly will ensure the project can run smoothly, without repeated stops for clarification.
5. Understand who you are Doing Business With
An NDA with a freelancer is pretty simple: there’s just one person who’s going to access your information. But what about an international corporation? These businesses have complicated legal structures and thousands of employees who may be spread across many countries.
Clearly, not every employee needs access to your information – and you wouldn’t want them to al have access to your information – but how are the boundaries defined? Many businesses miss an opportunity to restrict the sharing of their information within the business itself.
6. Failure to Adhere to Marking Requirements
It’s not just the recipient of the confidential information conveyed under NDA that has obligations: your business may do too. Some NDAs include ‘marking’ requirements. This requires you to clearly label documents as ‘confidential’ if they are to come under the agreement. This is important because if you don’t label or mark the information as ‘confidential’ then the information is not protected by the NDA.
So as we say a clause of this type isn’t generally a problem itself as long as it is put into practice by all your staff. Unfortunately, with many businesses using a standard NDA which they shoot off to anyone and everyone, employees sometimes forget.
If this is an issue, businesses may need to change their NDAs to cover all information they share and remove the marketing requirements.
7. NDAs Are Not a Replacement For Trust
NDAs provide a strong legal incentive for the person and businesses signing them to comply, but they don’t guarantee it. The agreement is only as good as the trustworthiness of the individuals who have signed it. This makes it vitally important that the agreement is as well-written as possible – otherwise, people may attempt to find a way around it. It also means that an NDA isn’t a magic bullet – you still need to carefully vet the individuals and businesses you are working with and check that they are trustworthy.
Do You Need a Specialist Contract Lawyer?
A good NDA is one that has been tailored to the situation in which it is used by someone with the necessary knowledge to achieve a great result: a contract lawyer. Modifying or copying another business’s NDA might be cheap and easy, but could leave your business vulnerable because you are less likely to be able to enforce it the NDA when you need.
A contract lawyer will give you the specialist experience you need to protect your confidential information and prevent problems before they happen. They’ll help you negotiate a fair contract, ensure the NDA is legally binding, and help you put the procedures and policies in place to hold up your end of the agreement.