At least where I am sitting, for the last month it has rained nondisclosure agreements. On the one hand, these agreements have a certain cookie cutter repetitive quality. On the other hand, there seems to be no end to ingenuity in these things. The result is that something you hope would be straight forward and would not require much (any?) legal intervention, often does. So, here are some thoughts on things to think about when you read an NDA. Needless to say, this list is not comprehensive and – furthermore – I predict that the next one you look at will have something unique about it. (Parenthetically, please feel free to send me samples (redacted to eliminate anything that should not be disclosed – like the identity of the parties) of unusual provisions.) My last comments at the end of the list under the caption „Unusual Provisions“ seem like the relevant comments to me. Anyway, here goes:
Parties to the Agreement
Consider who should be a party to the agreement. Should the agreement cover „affiliates“? The answer is probably yes.
Mutual or One-way
Consider whether the agreement should be mutual (i.e. each party is obligated to keep the other’s information confidential) or one-way (only one party discloses information and the other party is obligated to keep it confidential).
How Broad is the Definition of Confidential Information
Usually it is very broad. In particular note whether or not the information has to be specifically identified as confidential or whether it merely needs to be such that a reasonable person would understand that it is confidential. Depending on the circumstances you might want to go one way or the other on this. You may also want to identify certain specific categories of information as either confidential or non-confidential.
Is the Obligation to keep Information Confidential Clearly Stated
The agreement should expressly state that the parties (or party in the case of a one-way) must keep confidential information confidential. An ancillary point is the standard of care which could be best efforts or reasonable efforts or the same level of effort used in the case of a party’s own information.
There are a number of usual and customary exceptions to the definition of „confidential information“. These include:
(1) information that is or becomes public without a breach of the NDA,
(2) information that becomes available to the recipient on a nonconfidential basis from a source not bound by an NDA that covers the relevant information,
(3) information that a party knows (and can demonstrate that it knows) before entering into the NDA,
(4) information independently developed by a party without the use of confidential information subject to the NDA, and
(5) information required to be disclosed by law (SEC disclosure obligations for example) or judicial process (discovery in a litigation for example). In this later case (legally compelled disclosure), there is usually a requirement of notice so that the party whose information is about to be disclosed can contest the required disclosure or seek some other protection.
Return or Destroy
There is (or should be) an obligation to return confidential information and destroy all copies at the end of the NDA. This requirement is often coupled with a requirement that the recipient certify compliance in writing. Also, some large companies like to retain one archival copy of whatever they get. This is usually rationalized by arguing that they need it for the record in case of a law suit.
Limitation on Use
Very important. These agreements should expressly limit the right of parties to use the confidential information they receive to the purpose for which it is delivered: for example, to decide whether or not to proceed with a particular transaction. So, the agreement should say that the confidential information may only be used for the specified purpose. If it does not say this, it may turn out that parties use the information for other purposes, such as advancing their own R&D.
The NDA should make it expressly and clear that no license or other rights to the confidential information is conveyed. In a sense, this is part of the limitation on use, but is often stated separately as well. Similarly, these agreements often state that no joint venture or other entity is formed and that neither party can act for the other in any respect.
Term and Termination
NDAs can be for a stated term (months or years) or they can be perpetual. The argument for a stated term of years is that at some point the information is old and cold and the parties should be able to stop worrying about their obligations under the agreement. In any event, the disclosing party should be concerned to make the term long enough so that the information is no longer likely to have value as a result of being confidential when the agreement expires.
With respect to termination, the termination of the agreement should not terminate the obligations of confidentiality and non-use. The termination provision should expressly state that these obligations survive an otherwise general termination of the agreement.
These agreements often state that injunctive relief (a court order prohibiting a disclosure) is an available remedy. Some companies want an agreement that such relief is automatically available, while others will only agree that the discloser has the right to seek an injunction.
Governing Law and Venue
There is a distinction between the jurisdiction whose law will govern the contract and where suits may be brought. I won’t comment on governing law, except to say that your lawyer may have an opinion about it and that in general all U.S. jurisdictions will enforce your garden variety NDA (that is plain vanilla ones). What about NDAs with odd, different or peculiar provisions – who knows, it will depend on the provision.
Venue is more interesting. At issue is where cases may be brought. If you are in Boston, having to enforce your rights in Alaska is likely to be inconvenient and expensive. Consider that when you agree to a specific venue.
The foregoing list of provisions and comments is by no means exhaustive. But, if you are presented with an NDA that raises any questions for you, consult your lawyer. Just because someone from a big company (even a household name company) says „this is our standard NDA“ does not mean that it is either standard or, even if it is their standard, that it does not have odd, different and perhaps pernicious provisions.
Just to give you a flavor, here are a couple of provisions that I consider odd, that I have recently run across:
In a supposedly mutual NDA, I found the following „XXX agrees to use YYY’s Confidential Information for the sole purpose of evaluation or as otherwise agreed upon in writing by YYY.“ This provision looks fine except that YYY never agrees to limit its use of XXX’s confidential information.
Here is another provision: „This NDA may not be assigned by either party by any means, including without limitation, by operation of law or merger, without the prior written consent of the other party.“ We all get that one can’t just transfer an NDA, but but what happens when you go to sell your business? Did you just unwittingly make the other party’s consent a precondition to a sale of your business.
Beware of limitations of liability provisions in NDAs. Some pro-recipient NDAs include a disclaimer of indirect and consequential damages. The problem is that almost all of the damages that would arise from misuse of confidential information are indirect or consequential. If the recipient breaches the NDA, it would probably argue that it can be liable only for injunctive relief, but not for damages. While I have my doubts about the enforceability of a disclaimer of this nature, there is certainly a risk that it results in a fairly toothless NDA from the discloser’s perspective.
Occasionally, an NDA will include provisions which may allow the discloser of information to claim ownership of the IP rights in any modifications that the recipient makes to that information. These provisions may be hidden in the definition of „Confidential Information“, which is one reason not to gloss over that provision, even if the beginning of the paragraph reads like a laundry list of every type of information and technology that the drafter could think of.