Businesses maintain many types of confidential information, usually stored in the form of paper or electronic documents and files.
There can be many business situations where confidential information needs to be disclosed. This can be done verbally, physically and/or electronically.
A typical example would be when a company wants to invite several vendors to submit a proposal for the provision of certain goods or services.
Depending on the type of goods or services, the company may need to disclose some amount of confidential information to those vendors to allow understanding of the scope, scale, intentions of its requirements.
The vendors in turn may need to disclose details of proprietary methods, pricing and the like as part of their proposal. In both cases, measures are needed to safeguard the secrecy and use of such confidential information.
Note: the information presented in this article is not to be construed as legal advice.
What is an NDA?
A Non-Disclosure Agreement (NDA) or Confidentiality Agreement is a document prepared or reviewed by a lawyer to protect any confidential information disclosed by one party to another, including the nature of any discussions between the parties.
It does this by:
- Requiring prevention of its loss, theft or unauthorised copying
- Permitting its further disclosure to third parties only in specified circumstances
- Disallowing its use other than for stated purposes.
There are two types of NDA:
1. One-way, where one party discloses confidential information and the recipient is obliged to protect that information
2. Mutual, where both parties disclose confidential information to each other and each is obliged to protect that information.
The basic terms of each type of NDA should be very similar and developed by lawyers, covering at a minimum:
- NDA type
- The parties to the NDA
- The purpose of the NDA
- A definition of what is considered as confidential information (including the existence and substance of the NDA itself) and what is not
- Definition of any specifically required terms
- A description of the confidential information to be disclosed by each party
- Any actions required to ensure that any confidential information disclosed verbally gets recognised as confidential
- Obligations on recipients to (i) protect the received confidential information with at least the same measures used to protect their own confidential information, (ii) be responsible for and assume liability in relation to all their employees, agents, consultants and contractors to whom received confidential information is disclosed, and (iii) ensure that they in turn protect it and otherwise comply with the NDA's obligations
- Circumstances allowing or requiring the further disclosure of any received confidential information, the permitted recipients and their confidentiality obligations
- Limitations on the use of any received confidential information, and ownership of any derivations of that confidential information
- The duration of the confidentiality obligations
- Return or destruction obligations at the expiry of the NDA
- Remedies for a confidentiality breach, including discloser's entitlement to injunctive relief
- Declaration that the NDA is not a binding obligation to enter into or negotiate an agreement
- The governing law which the NDA will operate under
When should you disclose the confidential information?
The prudent approach is to ensure that all confidential information is marked as such and not disclosed before an NDA is executed, and the NDA is signed only by duly authorised people from each party.
This is because the NDA's designated governing law may determine whether or not:
1. Disclosed information can or will be considered as confidential if it is:
a. not marked or designated as such, or
b. disclosed before execution of an NDA
2. The terms of an NDA are enforceable if it is not signed, or signed by people not authorised to bind their company in this way
Lawyers who prepare, negotiate or review each new NDA should provide appropriate advice for these circumstances - this is particularly important if negotiation of NDA terms results in assignment of a governing law other than the lawyers' preferred law.
The key is not to leave yourself or the confidential information exposed, without the necessary protection in place.
Every situation where confidential information is to be disclosed will be different. This means that there will be aspects of every NDA that will be different. The following details can be recorded in a Schedule attached to the NDA, separate from the standard terms, to capture the particulars of the situation:
- Name, address and contact details for the parties covered by the NDA
- Purpose for which the NDA is being established
- Specific nature of the confidential information to be disclosed by each party, if required
- Names of any specific people to whom the confidential information can be disclosed. If this item is left blank, then disclosure will be allowed to the types of recipient declared in the NDA
- Allowed usage of the confidential information by the recipient, and any conditions that apply
- Term of the confidentiality obligations (depends on the sensitivity of the confidential information and how long it remains current or valuable)
- Law for the NDA to be governed by.
Remember, there can be serious consequences for breaching the terms of an NDA.
Steps should be taken to ensure the adequacy of existing policies, processes and technologies used to safeguard and prevent misuse of any confidential information received.
People accessing confidential information, whether employees, consultants or contractors, should also be reminded regularly of their obligations and responsibilities under an NDA.
That said, NDAs can be a vital tool for progressing business relationships and ensuring effective vendor management.
When properly administered, NDAs can free up the different parties to have open and honest conversations, which will generally lead to better outcomes.
While you should be sure to seek legal advice when preparing and administering NDAs, we’ve taken the time to prepare a basic NDA document so you can see for yourself how they should look.