Best Practices for Non-Disclosure Agreements

NDA image -

It is widely accepted that the value of most companies today lies primarily in their confidential business and technical information and other intangible assets and when such assets are stolen it is almost always by employees and business partners, not unknown third parties. Yet, many companies continue to make minimal efforts to protect such assets through proper non-disclosure agreements (“NDAs”), disclosing secrets without requiring a signed NDA, relying on the same poorly-drafted NDA in all cases, or failing to follow through to ensure agreements are properly signed and filed.

Admittedly, NDAs can’t provide perfect protection. Litigation is costly, burdensome and uncertain, and companies often prefer to remain silent about embarrassing leaks of trade secrets. Consequently, the first line of defense should always be sound security precautions, such as locked doors, limited access, logbooks, security cameras, encryption, monitoring, and the like. However, in the event of a leak, the company that regularly requires signed, well-drafted NDAs is far more likely to achieve a favorable outcome than one that does not.

Wearable-device maker, Jawbone, learned that last month when the San Francisco Superior Court granted its request for an injunction against several former employees accused of loading thousands of confidential files onto thumb drives and e-mailing them to personal e-mails, before quitting their employment and going to work for Fitbit, Jawbone’s competitor. The court found the employees breached the confidentiality provisions in their employment contracts and ordered them to return all of the files. So far at least 18,000 files have been returned. The case is typical and is probably far from over, but certainly Jawbone is far better off due to the contractual obligations it imposed on its employers.

To ensure good results like that, below are some best practices to keep in mind when drafting NDAs.

Obligation. The heart of an NDA is language prohibiting unauthorized use or disclosure of certain information. The drafter should investigate what types of information may be disclosed by each party, because the discloser will want stronger protection, while the recipient will want fewer restrictions. Often the recipient is required to use “at least the same degree of care that it would use to protect its own confidential information, but at least a reasonable degree of care.” Some agreements are one-sided, but usually the obligations should be mutual.

Confidential Information. To impose conditions regarding “Confidential Information” one must first define that term. The definition sometimes includes anything that “would reasonably be deemed confidential” and may refer to “technical, financial and business information in oral, written, physical or electronic form,” but if one stops there a court may find the provision overly vague, broad and unenforceable.

Consequently, the provision may be more enforceable if “Confidential Information” is defined as anything marked “Confidential.” Of course, the trade-off is the discloser then bears an increased burden to carefully mark all materials that are disclosed, in particular because failure to consistently mark materials may be deemed a waiver of the entire confidentiality obligation. In addition, some items (and oral discussions) cannot easily be marked, so the agreement should provide that they may be identified as confidential in a subsequent writing. Confidential materials may also be identified in schedules to be attached to the agreement and updated as needed. Finally, regardless of whether required or not, it’s always good practice to mark confidential documents as confidential, because then there can be no doubt as to their status; and, if one truly wants to be careful, one can also affix a copyright notice, to provide for additional remedies under copyright law.

Restrictions on Use/Disclosure. The drafter should carefully confirm the proper names of all companies that will receive disclosures and ensure that the NDA clearly identifies them, explicitly providing that disclosure to a recipient’s subsidiaries or affiliates would be unlawful. It can require the recipient company to restrict access to only persons who have a legitimate need to know and require each individual recipient to sign an equally restrictive NDA before gaining access to the information. Or, it can restrict access to only certain persons named in the agreement and require the discloser’s prior written consent before any names are added to the list.

The NDA should state that Confidential Information may be used only for a particular purpose, such as exploring a potential business relationship, manufacturing a certain product for the discloser, or fulfilling certain terms of employment, and no other purpose. Of course, the terms of that other relationship will be set forth in a separate agreement.

Permitted Disclosures. Most NDAs identify categories of information that might otherwise qualify as confidential, which the recipient is not required to keep confidential, such as information available to the general public, previously known, independently developed, or rightfully received by the recipient through other legal means. The recipient is also typically permitted to disclose Confidential Information to its attorneys, accountants or employees who have a legitimate need to know, or in response to a court order.

Ideally the NDA will require the recipient to promptly notify the discloser if it independently develops or obtains information from another source, which might otherwise be deemed confidential, making it harder for the recipient to assert that defense falsely in the future. As for disclosure to attorneys, accountants, or in response to legal proceedings, prior notice should be required before any such disclosure and any third-party recipients should be required to sign confidentiality obligations at least as strict as those stated in the NDA before they receive any confidential information.

Non-Competition / Non-Solicitation. A non-disclosure obligation alone is generally insufficient, because often the greatest risk is not that a recipient will disclose information, but that he will use it against you. Consider the customer who shares specifications with its manufacturer, only to find the manufacturer using that information to produce unauthorized goods that it sells to third parties – including the customer’s own customers; or the corporate transaction that is aborted mid-way through due diligence, with the counter-party then poaching key employees who it learned of in the process; or the key employees who jump ship, taking valuable information in order to form a competing company.

As noted earlier, the first priority in controlling such risks should always be practical security measures, such as carefully investigating and screening potential partners, employees and subcontractors; restricting dissemination of confidential information; and other such tactics. But one may also protect against such risks by adding to the NDA non-circumvention, non-competition and non-solicitation provisions, prohibiting the recipient from contacting the discloser’s customers, suppliers or other contacts directly, using confidential information for the benefit of any party other than the discloser, or soliciting away the other party’s employees.

Check relevant laws first (e.g., most U.S. states recognize non-competition agreements, but California and a few others don’t) and don’t draft such provisions too broadly, as that may cause them to be deemed unenforceable (e.g., perhaps limit prohibitions to two years from date of disclosure). While there’s no guarantee such provisions will hold up in court, just the contractual basis for litigation may be sufficient to deter trouble.

Term. The NDA should specify a term for the entire agreement, because contracts with no stated term are generally deemed terminable at will. And it should state separate terms for the non-disclosure, non-circumvention, or other obligations, such as “for the Term of this Agreement and __ years thereafter.” The NDA should also state the recipient’s obligations upon termination, such as returning or destroying all items received from the disclosing party, as instructed by the discloser.

No Warranties/As-Is. While it has nothing to do with confidentiality, one may wish to state in the NDA that all information is disclosed “As is” and without warranties, express or implied. Such language may not ward off legitimate claims for fraud or concealment, but may give some protection against unmerited claims.

Remedies for Breach. The disclosing party might consider backing up the obligations with a liquidated damage provision. While such provisions are not always enforceable, they may stand a decent chance of success if actual damages for breach would have been difficult to ascertain when the parties entered in to the agreement, the amount of damages stated in the agreement was reasonable when the agreement was signed and still seems reasonable after a breach has occurred. Just make sure not to describe such damages as a “penalty,” as that may cause a judge to reject it. Finally, consider authorizing injunctive relief and attorney fees in the event of breach (but check relevant laws first, as injunctive relief may not be allowed in some countries, such as China).

Dispute Resolution. One should always be explicit on dispute resolution, including identifying arbitration v. litigation, venue, jurisdiction and governing law. If the agreement may need to be enforced in China, litigation may not be the best choice, because foreign judgments are generally unenforceable in China and litigation in China may raise concerns about fairness and competence. Instead, arbitration in Hong Kong or Singapore is often a good choice because most nations (including China, but not Taiwan) are signatories to the New York Convention for the Recognition and Enforcement of Arbitral Awards; additionally, Hong Kong and Singapore both have good reputations for fair, competent proceedings, in English or Chinese, and their awards are generally enforceable in China (and other countries). In any event, one should evaluate the issues carefully with respect to the particular parties and facts, before deciding upon such provisions.

Boilerplate and Language. The NDA should require written consent for any modification or assignment and may go a step further, providing that all transferees and assignees agree to be bound by the terms of the agreement. A standard severability provision is critical, because several provisions described above could potentially be ruled invalid, depending on the court and the language, so at least the remainder of the agreement may remain valid. For greatest odds of enforceability, the NDA should be written in the local language and expressly enforceable in that country.

Don’t Forget, it’s Just a Piece of Paper. Finally, as stated above, never put too much faith in the NDA. One should always require a good, signed NDA prior to disclosing sensitive, confidential information, as it may prove critical in resolving disputes and prevailing in litigation, but once your company has shared its most sensitive designs, specifications, business strategies, financial data and other trade secrets and the recipient has taken them straight to your competitor, the legal system will rarely provide swift, efficient and satisfactory relief. Therefore, following the old belt and suspenders approach, sound, practical security precautions should always be the corporate belt, while a good NDA is the suspenders.


If you have any questions or require assistance, feel free to drop me a line at chrisneumeyer (at)

Leave a Reply

Your email address will not be published. Required fields are marked *