by Sage M. Friedman, Associate
Non-disclosure agreements (a.k.a. “NDAs”) have recently received extensive coverage in the national press. Although most real world NDAs lack the salacious and sordid details that have captured the public imagination of late, NDAs can be a useful tool to protect your business’s sensitive information during deal-making and in everyday operations. Essentially, an NDA is a contract to protect information from unauthorized use or disclosure.
As a business owner, you may want to use an NDA to limit access to critical company information – such as customer lists, trade secrets, programming code, or financial results. You may seek to execute an NDA with a vendor, an employee, or a potential investor to put them on notice about the proper treatment of the valuable information you must share with them in the course of conducting your business. Conversely, an acquisition target, client, or vendor may require an NDA from you to protect their trade secrets or proprietary information.
An NDA acts as a prophylactic – a well-crafted NDA encourages the parties to prevent unauthorized disclosure from happening in the first place. But there are provisions that can be added to strengthen or streamline enforcement in the event the NDA is breached. If you are asking someone else to sign an NDA, you may want to include provisions that specify a jurisdiction for enforcement or set a dollar value in liquidated damages if the other party should use or share your information. Similarly, you may want to set the term of the NDA as being from now until the end of time, or require that all of the information provided be returned or destroyed at your request or at some future decision point.
While it’s understandable that you want to protect your business, overreaching in an NDA may have consequences. If the provisions of an NDA are too onerous or overly broad, more sophisticated parties (e.g., venture capitalists, private equity buyers, large vendors) will likely refuse to sign them. This could spike your emerging deal at a critical moment. Moreover, in the event of a breach, the enforceability of the NDA may be determined by how reasonable its provisions are. For example, if you use an inflated liquidated damages provision that is several multiples of your company’s annual revenue, a court could invalidate the NDA for having an unenforceable penalty. Also keep in mind that enforcement will require you to invest the time and money required to bring a lawsuit, possibly at a time when your company has other more pressing concerns.
Looking at the situation from the other side, if you are asked to sign someone else’s NDA you may have concerns that the information it claims to protect is not actually secret, or that it is part of your existing knowledge. It may be information that you believe you would eventually learn from some other source, and so you worry that by signing the NDA you may be limiting your ability to ever put that future knowledge to work. If that is the case, signing a poorly thought out NDA may not only inconvenience you, but could potentially bring existing plans to a precipitous halt.
Fundamentally, each NDA is a balancing act of enforceability, scope, and time frame. So before deploying an NDA or signing someone else’s, know your purpose. Take the time to work with your attorney to ensure that the NDA is appropriate to the task at hand and the parties involved. Start by asking yourself some critical questions:
- What are the key information assets that this NDA is trying to protect and why?
- Do you need to share this information to achieve your business goals? If the answer is no, and the risk of misuse or disclosure is high, consider not sharing the information at this stage.
- If you did not share this information now, how long would it otherwise remain a secret?
- Is there a way to value the damage to your company if this information is disclosed or exploited? Would a disinterested third party consider that valuation reasonable?
- Does the other party need to share the information with someone else in order to do what you want/need them to do? Is that activity covered by the signing party or do you need those additional people to sign an NDA in their own right?
Finally, it is also important to think through the mundane practicalities of how and when you are sharing information. If you are sending your client list to a potential buyer in an email, regardless of what the NDA says regarding the destruction or return of the information, you’ve released that data into the wild. There is simply no way for the other party to really ever delete it or return it, let alone prove to you that they deleted or returned the only copies of it.
So the more concerned you are about maintaining control over your information, the tighter you should hold it. If you don’t want something copied, don’t make it easy to copy – only allow your counterpart to review a paper document, in your presence, such that they cannot copy or keep it.
Put simply, when evaluating an NDA be thorough but practical, vigilant but reasonable, and remember that while an NDA does not provide ironclad assurances that your secret will remain secure, it can still be a very useful tool to help protect your business.