When it's time to share your secrets: using an NDA

To take a promising idea, or business, to the next level, a business typically needs to share its valuable secrets with prospective strategic partners or investors. Signing an effective non-disclosure agreement (NDA) can therefore be a critical step in developing a new business relationship or opportunity by giving a growing business enough comfort to take that initial step. This article explains the reasons to consider using an NDA and summarizes some of the key issues to keep in mind when you are about to sign an NDA.

When do you need an NDA?

The NDA is likely the first legal contract you will enter into with another party to cover everything from a service provider relationship, to partnering discussions, to possible investment in your company. It outlines each party's obligations related to the other party's confidential information and defines how confidential information can be used and who can use it.

When parties are just beginning to discuss a potential arrangement or deal, an NDA may or may not be appropriate. However, as the parties dive deeper into due diligence and negotiations, they should put a formal NDA in place before any sensitive information is exchanged. The scope of an NDA depends on the type of information that is being disclosed, the purposes for which it is being disclosed and the degree to which such information needs to remain confidential in the long term.

One thing to keep in mind when talking with prospective investors is that most venture capitalists will not sign an NDA. Asking for one may be an indication of an entrepreneur's lack of sophistication. For more about the investment process, see our article on the VC investment process.

What happens if you don't use an NDA?

Without an NDA, it might not be possible for the parties to have a candid discussion of financial matters, commercial plans and intellectual property assets − something that may be a prerequisite to moving forward with a key commercial arrangement. The party disclosing confidential information may be more cautious about what is being disclosed and the party receiving the confidential information may be reluctant to review the disclosed information in detail for fear for a later claim of misappropriation. While there may be certain circumstances where an NDA is not possible (see above regarding the investment process with VCs), it is customary to have an NDA in place in order to make discussions as productive as possible.

I have an NDA, but how do I know it's a good one?

If an NDA is not properly drafted, you may find that your proprietary information could be disclosed to unauthorized parties, such as competitive affiliates or distant third-party collaborators, who are not properly bound by similar obligations of confidentiality. It is also possible for an NDA to be too restrictive, with the unanticipated consequence of stifling discussion – which could prevent a party from pursuing research, development or commercial activities in a similar or related field.

Below are some key issues to review when assessing an NDA:

  • Definition of confidential information
    • While it may seem obvious, confidential information can only include information that is already confidential. Information that is known outside a circumscribed set cannot be deemed confidential. Consider the following list of factors in determining what type of information can properly be characterized as confidential:
      • the extent to which the information is known outside the party's business
      • the extent to which it is known by employees and others involved in the party's business
      • the extent of measures taken by the party to guard the secrecy of the information
      • the value of the information to the party and its competitors and
      • the ease or difficulty with which the information could be acquired or duplicated by others through their independent effort.
Considered collectively, these factors can assist in determining whether information is confidential and the degree to which a party should attempt to protect it under an NDA.
  • Exceptions to definition of confidential information
    • Not all confidential information should be treated as confidential. For example, information that is independently developed or received by the receiving party is not typically subject to the non-use and non-disclosure obligations of an NDA.
  • Non-use and non-disclosure obligations
    • Parties should consider the level of care that must be taken to avoid disclosing confidential information. Disclosing parties should insist on an objective standard, such as the use by the receiving party of commercially reasonable efforts to protect the information. A disclosing party may want to include specific protective measures, such as a requirement that information be kept in a secure location; specific security protocols for data systems where confidential information will be stored; notification of unauthorized disclosure/misappropriation; and limits on copying information or transmitting it electronically.
  • Permitted purpose
    • One of the most important features of an NDA is a specific description of the purposes for which confidential information may be used, paired with a blanket prohibition on using it for anything other than the prescribed purpose, so as to prevent the receiving party from making inappropriate use of valuable confidential information. 
  • Permitted recipients
    • It is easy for parties to an NDA to focus solely on how they should treat the confidential information. However, care should also be taken in defining who else can receive such information in furtherance of the permitted purpose. Often, there is a reasonable need to disclose information to employees or professional advisors (or even financing sources, affiliates or limited partners) but this should be considered on a case-by-case basis. Ideally, such recipients are identified by name, but at least should be identified by class, and always on a need-to-know basis. The parties should also be clear about what confidentiality obligations must be imposed on such third parties as a prerequisite to them receiving confidential information (either through an existing employment agreement, retainer or entry into the NDA).
  • Term
    • Parties should also consider how long the covered information should remain confidential. Disclosing parties may say they would prefer to have their information held confidential forever. More typically, however, confidentiality provisions in commercial transactions survive from two to five years. Any personal information should be held in confidence indefinitely. Again, the appropriate sunset for confidentiality obligations will depend on the nature of the information. Parties should include a reasonable endpoint, failing which a court may impose one on them. The NDA should also clarify the parties' obligations upon the sunset being reached or the NDA being terminated. Usually, there will be an obligation to return confidential information, sometimes only upon receipt of written request, or to certify that all copies of same have been destroyed, sometimes in accordance with specific protocols (eg, for truly deleting information from hard discs).

What are alternatives to an NDA?

There is no alternative to a properly drafted NDA. However, if you must proceed with your discussion without this critical document, we advise that you tightly control the information you exchange with the other party.

Note that in some states, disclosure of trade secrets without a proper NDA could damage the trade secret status of such information. For more about trade secrets, see our article.

Download PDF