A non-disclosure agreement (NDA) or confidentiality agreement allows to parties to exchange confidential information. The NDA stipulates which information is confidential, for what purpose the information is supplied and what the receiving party is and is not permitted to do. For many entrepreneurs signing an NDA is a routine matter before starting negotiations. However there is no single NDA, every NDA is (regrettably) different. Which pitfalls should you look out for?
Exchanging confidential information is done for a purpose, and therefore that purpose must be recorded in the NDA. Do not simply state "parties wish to explore a business relationship" or "parties wish to share confidential information". What kind of information? What kind of relationship, and why does it need an exchange of confidential information?
A more workable purpose would be "Parties are considering a cooperation to extend the social media platform of party A with the facial recognition software of party B". This clearly stipulates the backgrounds of the parties and what kind of information will be exchanged.
Some NDAs are single-sided: only information of one party is covered. This is hardly ever fair. Always demand that NDAs are made mutual, allowing both yourself and the other side to supply confidential information.
How to recognize confidential information? Sometimes NDAs simply state that everything exchanged for the purpose is confidential. That is hardly workable. Therefore, insist on some kind of marking requirement: if it is stamped as confidential, it is covered.
If it is not practical to stamp everything, then you could add "or if the confidential nature would have been readily apparent to a casual observer" or similar wording to allow at least some kind of recognition.
By default an NDA only applies to the parties. This includes employees, but not third parties such as outside advisors or suppliers. These can be added of course, but only if they have a clear need to know. Preferably, they should explicitly agree to the contents of the NDA or at least warrant that their confidentiality obligations are at least as strict as the NDA.
Some parties insist that employees sign individually for the NDA. This makes the employee personally liable for violations of the NDA. That is hardly fair and unenforceable in many jurisdictions.
An NDA is intended for "sniffing", for getting to know each other better prior to entering in a purchase, license, cooperation or other agreement. It is therefore important to stress that nothing in the NDA can be construed as an obligation to enter into such other agreement.
A common mistake is to use language like "the parties hereby cooperate to do X and exchange confidential information for this purpose". This commits the parties to that cooperation. Instead, use "the parties hereby wish to investigate the feasibility of cooperating on X" to make it clear the cooperation itself has not started yet.
Add language to make it clear that information exchanged is owned by the supplying party. The recipient should receive a limited license for the purpose. (A common mistake is to say that the recipient gets no license, which is wrong because he needs to use the information for the purpose. Excluding any and all license for commercial exploitation is fine, however.)
If the recipient is expected to change or amend the information, e.g. by compiling it into summaries or by modifying software, separate language should be added to address this. Don't forget to add some language on IPR ownership of the results of such activities.
If software is to be exchanged, a separate license must be included for that software. This license should be explicit: what is and is not permitted.
If information is available to the public, it can no longer be patented. Thus, an NDA violation by the recipient may harm the discloser's ability to patent that information. With special clauses this harm can be contained, e.g. by adding that the recipient will compensate for the loss of a patent.
Some patent jurisdictions (e.g. Europe) allow for a filing within 6 months after the violation provided it is clear that the disclosure was a violation. By adding that the recipient shall provide a statement to that effect, this requirement can be more easily satisfied.
Information may lose its confidential status at some point, for example because it became part of the public domain or is available without restriction from some third party. In those situations it would be unreasonable to have to keep the information confidential. Therefore, a good NDA stipulates that confidentiality obligations cease if such situations arise (although the recipient will have the onus of proof).
It may happen that parts of the information become public without the entirety becoming public at once. An exception needs to be mad for that situation.
A related exception needs to be added for residual information. Information may be retained in the unaided memory of individuals who receive the information. It would be unreasonable to declare that a violation of the NDA.
Under some circumstances information must be given to courts or government agencies, e.g. if a warrant or subpoena is served or a legal procedure calls for. An example is the US discovery process. Such disclosures must of course be permitted under the NDA. One may add a clause saying the disclosing party should be informed (if permitted) so they can take legal action such as applying for a preliminary injunction to block the disclosure.
A common mistake is to put "disclosures required by law" under the list of exclusions mentioned above. This is wrong, because information does not lose its confidential status merely because a court or government agency has the right to demand access to it. That right only implies that that specific disclosure must be permitted.
An NDA is an often-used legal document, and many NDAs look the same. However each NDA is different under the hood and you should always make sure the NDA you sign has the clauses you want.
Need an NDA that meets your requirements? Create one yourself with our NDA generator.