Few things are more risky in business than amateurs loosely signing NDAs.
NDAs, or non-disclosure agreements, allow parties to share sensitive information while discussing a potential transaction or commercial relationship – often defined in the NDA as the “Business Purpose.”
In a proper NDA, each party agrees to several core confidentiality protections and information use restrictions:
protect the other party’s “Confidential Information” as rigorously as it would protect its own,
do not share or disclose such information except as necessary for the Business Purpose, and
do not use such information in any way other than for the Business Purpose.
Sounds easier than it is, unfortunately. An executive's casual “I’ve got this” with an NDA can result in a third party lawfully using the company’s intellectual property to compete against it.
This is not a rare or theoretical outcome, and several types of NDA mistakes can lead to similar consequences.
Many businesspeople are simply naïve about NDAs and the willingness of others to opportunistically exploit NDA gaps or mistakes. They drop their guard, assuming reasonable intentions in others and possibly thinking all NDAs are pretty much the same.
It is folly to believe that NDAs require less care than more complex agreements or that others won't take any devious but lawful opportunity to get valuable IP.
Here are nine tips for staying out of trouble with NDAs
Tip One - Never Overshare – Even Under an NDA
NDAs are not self-enforcing and no, you can’t just call the police to report a perceived violation.
Assume that you could spend hundreds of thousands of dollars and months or years of litigation to stop someone from misusing your company’s IP, even if you feel they are violating your signed NDA.
And it will likely be difficult to even know for sure if violations are happening without full-blown litigation.
So just share what you need to and nothing more. Avoid sharing core technologies, innovations, designs, formulas, or other key trade secrets unless absolutely necessary.
This is Tip #1 by design - share cautiously, prevent problems before they start.
Tip Two - Be Wary of Unilateral NDAs
Be wary of signing any NDA that only protects the other party - a unilateral NDA. If the other Party is defined as the only "Disclosing Party," the NDA only protects them and not you.
Under a mutual NDA, each party becomes a protected Disclosing Party simply by sharing confidential information.
Large companies with dominant negotiating power frequently impose unilateral NDAs, as well as one-way confidentiality protections in other types of commercial agreements. When faced with a unilateral NDA, or other one-way confidentiality arrangement, assume the other company intends to take advantage of your interest in partnering with them in order to steal your intellectual property.
If you must sign a unilateral NDA to consider an important deal, do not share any core confidential information. If you do, the other party will be able to do anything it wants with your information. This mistake is worse than having no NDA, as it contractually undercuts any state or federal trade secret protections you might have had otherwise.
Additionally, sharing any trade secret without confidentiality protections invalidates its trade secret status, as both state and federal trade secret laws generally define trade secrets as information (1) that is secret, (2) that has commercial value because it is secret, and (3) that is subject to reasonable protections to maintain its secrecy. All three conditions must be met.
Many cases alleging theft of trade secrets have been lost due to evidence of lax NDA practices and other confidentiality weaknesses - even if those lapses have not yet been exploited to compromise the trade secret.
In signing any unilateral NDA or one-way confidentiality clause, you are effectively agreeing that no information you share is protected from disclosure or misuse, including use in direct competition against you. That is how any judge, jury, or arbitrator will read the document and apply the law. If you meant for your information to be protected, the document would have said so.
Just to drive the point home, no rules of “implied fairness" or “good faith” or other equitable principles protect companies from self-inflicted NDA mistakes.
Tip Three - Reject Narrow Definitions of Confidential Information
Cross out any language in a proposed NDA that says documents must be marked “confidential” or “proprietary” in order to be covered by the NDA and/or that information shared orally must be followed up by any kind of written memorandum or other document describing the information to be protected under the NDA.
Instead, the definition of what constitutes “Confidential Information” should be detailed and appropriately expansive, preferably culminating in a catchall clause along the lines of “as well as all other information that a reasonable person would consider to be confidential information under the circumstances.”
If you permit a confidential information marking requirement to remain in an NDA, anything shared without the required markings will not be protected. Similarly, if you allow a requirement for a written memorandum describing orally shared information, anything shared orally without a follow-up memo will also not be protected.
Because businesspeople are likely to fall short in diligently marking documents as confidential or writing legally sufficient memos detailing oral communications, you should strike these unnecessary barriers to protection.
Tip Four - Understand Agreement Duration Versus Protection Duration
Almost every NDA identifies two time frames – one is the "Term," or duration of the NDA, and the other is the period during which shared confidential information must be protected from improper use and disclosure.
Focus on each of these time frames. A typical NDA might have a one, two, or three-year Term, meaning that confidential information can be shared under it during that time frame.
Most NDAs will then also say that the non-disclosure and misuse protections will continue for a specific number of years beyond the NDA’s termination date.
This latter clause essentially means that, after the stated time frame, each party can do what it wants with whatever confidential information was shared under the NDA, including using it to compete against the party that shared the information.
If your company will be sharing important information, this time frame should be long enough that it would no longer be harmful if your information is disclosed to third parties or used to compete against you, perhaps as long as five years.
The presence of time limits in most NDAs is another reason for always carefully limiting disclosures to what is absolutely necessary.
Tip Five - Protect Trade Secrets with Specific Language
In any NDA that has a time limit after which any shared confidential information will no longer be protected, include language along these lines:
“Notwithstanding anything else herein to the contrary, the Parties agree that, as to Confidential Information that constitutes a Trade Secret, as defined by applicable state or federal law, the confidentiality and use prohibitions and restrictions herein shall continue for so long as such Confidential Information remains a Trade Secret.”
Again, a clause like this is required because confidentiality protections for a trade secret cannot be allowed to expire after an arbitrary date.
Tip Six – Carry Over Similar Confidentiality Protections and Use Restrictions to Subsequent Commercial Agreements
It is important to realize that if the parties go forward with a commercial or transaction agreement of any kind after signing an NDA, that later agreement is likely to supersede and replace the NDA. This is because virtually every commercial or transaction agreement has what is called a “Merger” clause or an “Entire Agreement” clause.
Those clauses say that the new agreement supersedes and replaces any prior agreement or understanding between the parties regarding any matter covered in the new agreement. If the new agreement has a “Confidentiality” or “Confidential Information” clause, any existing NDA will not apply to information shared after the new agreement is signed.
So it is important to include comprehensive confidential information protections and use restrictions in any commercial or transaction agreement and not to mistakenly rely on a previously signed NDA to protect subsequently shared confidential information.
Tip Seven - Strike All “Residuals” Language
If you see a clause captioned “Residuals,” know that the other party is definitely trying to steal your intellectual property. These clauses only appear in about one in every fifty NDAs you are likely to see, but the essence of a Residuals clause is that the other party can do whatever it wants with anything you share that they can simply remember.
Here’s a classic “Residuals” clause:
Residuals. Neither party is required to restrict work assignments of Representatives who have had access to Confidential Information. Neither party can control the incoming information the other will disclose in the course of working together, or what its Representatives will remember, even without notes or other aids. Use of Confidential Information in such Representatives’ unaided memories in the development or deployment of each Party’s respective products or services does not create liability under this Agreement or trade secret law.
Residuals clauses come in many forms and often have distracting language designed to lull the unsophisticated reader into believing that the other party’s concerns or intentions are legitimate. No, they are simply trying to steal your information.
Here’s an example with confusing and somewhat irreconcilable language:
Use of Residuals. Notwithstanding anything herein to the contrary, either Party may use Residuals for any purpose, including without limitation, use in the development, manufacture, promotion, sale and maintenance of its products and services; provided that this right to Residuals does not represent a license under any valid patents, copyrights or other intellectual property rights of the disclosing party. The term "Residuals" means any information retained in the unaided memories of the Receiving Party's employees who have had access to the Disclosing Party's information pursuant to the terms of this Agreement. An employee's memory is unaided if the employee has not intentionally memorized the Information for the purpose of retaining and subsequently using or disclosing it.
Tip Eight - Have Trusted Counsel Review Every NDA
No, sorry businessperson, you don’t “got this.” Have a trusted, competent lawyer review every NDA.
This article has touched on some key points, but there are other important clauses and issues to look for in NDAs where non-lawyers could stumble.
Needless to say, you can also deflect any NDA drafting tensions to counsel - "Our attorney has a few comments in the attached. Hopefully they are acceptable to your counsel."
In-house counsel should be able to review and respond to third-party NDAs within 24 hours, and the time billed by outside counsel to review an NDA probably shouldn’t exceed twenty minutes. If your lawyers can't hit these numbers, consider new counsel.
Signing a weak NDA can cause damaging intellectual property issues that are personally embarrassing and “career-limiting” – an old-school euphemism for getting fired, demoted, or not promoted.
Having competent counsel review and sign off on NDAs lowers both company risks and personal risks.
Tip Nine – Impose NDA Signing Rules
Companies should adopt several best practices for signing NDAs.
First, only a select few individuals should be able to sign NDAs – possibly only the CEO, CFO, and General Counsel in small and mid-sized companies and perhaps an Associate General Counsel or Senior Counsel in larger companies.
Second, NDA signers or a contracts administrator should be required to ensure that every NDA is signed in the complete, correct legal name of each party. Each party’s legal name generally appears in two places in NDAs and most other agreements - in the first paragraph and in the signature line.
Don’t assume that close is good enough. Binding a legal entity requires correctly naming the legal entity. Agreements signed in any name other than the entity’s correct legal name, including DBAs, may be unenforceable, depending on the jurisdiction, judge, or jury.
In one sad case, an unsophisticated executive signed an NDA in his personal name and then shared all of his company’s core trade secrets with a direct competitor. When challenged about launching competitive products incorporating the trade secrets, the competitor simply said, “Too bad, we do not have an NDA with your company.”
We took that longshot case to court and lost on summary judgment.
Third, NDA signers or a designated contracts administrator should be required to ensure that they receive and archive fully executed versions of all NDAs.
It is surprisingly common for people who sign contracts to not follow up on getting the other party's signature. This happens frequently with NDAs when there are no controls in place.
And unfortunately, half-signed NDAs or other contracts are not “almost as good” as fully executed agreements – they actually have no legal value. Arguably, a half-signed agreement is evidence that the other party was not in agreement and refused to sign it.
Fourth, someone should be designated to keep a ledger of everything shared under each NDA so the company can later demand the return of that information or an itemized list of information that has been destroyed. This is basic good hygiene for IP protection.
Summary
In summary, dabbling loosely with NDAs is the business equivalent of dabbling with high-voltage power lines - the results can be shocking.
So only share what is absolutely necessary, always ensure both parties sign correctly, keep definitions of confidential information broad, think carefully about stated timeframes, protect trade secrets with specific language, strike residuals clauses, carry confidentiality and use restrictions over to subsequent deal documents, have competent counsel review every NDA, and enforce strict NDA signing and archiving practices.
Do these things and you will likely stay out of NDA trouble.
Paul Swegle, editor of the StartupGC Blog, serves as in-house general counsel to a dozen tech companies and advises several others as outside counsel. He has completed $13+ billion of financings and M&A deals, including growing and selling startups to public companies ING, Capital One, Nortek, and Abbott. Paul teaches entrepreneurship law at Gonzaga Law and Seattle University School of Law and speaks regularly at other top law schools and MBA schools where his popular business law books are widely used in courses focused on entrepreneurship and business law.
Comments