Signing an NDA can saddle you with a huge responsibility, one that could end up costing you money and even jail time in the event of a slip-up.
Before you put pen to paper (or digital pen to esignature), you have to review the NDA closely. These 10 tips will help guide you through the process with a simple series of questions you can ask yourself as you read the contract.
But what are NDAs? Before we get into the nitty-gritty, let’s talk about exactly what an NDA is.
An NDA is a “nondisclosure agreement,” which is a legally binding contract restricting access to or dissemination of confidential data or trade secrets.
NDAs can go by other names in different countries or regions. They can be known as Secrecy Agreements, Confidential Disclosure Agreements, or Confidentiality Agreements. And while there may be minor regional differences, they’re all the same, in that they bind one or multiple parties to secrecy to protect trade secrets.
NDA’s differ from noncompete clauses. For instance, a sales rep could be under an NDA and a noncompete clause. The rep can’t disclose what they learned while working for their previous company and can’t compete with that employer for a set period of time (two years, for example).
Now that we know what an NDA is or isn’t, we have to find out what type of NDA it is.
There is no single, uniform NDA: the circumstances of both what you must keep secret and what punishment you would receive for violation will change from document to document. Which is why it’s important for you to understand exactly what kind of agreement you’re signing before you sign.
These are the NDAs you’re going to see and sign most.
Basic NDA: A basic NDA is what you would sign when dealing with a contractor, an investor, or a business partner. These NDAs generally use boilerplate (read generic) language and simply state that the party will not share any personal, financial, or trade information during the period of collaboration. You usually won’t find extra clauses or tricky language here — but that doesn’t mean you shouldn’t look for it.
Employee NDA: Many employees, especially in tech industries, are required to sign NDAs to protect the company’s trade secrets. These are also generally boilerplate, though they frequently come with noncompete clauses (sometimes called a covenant not to compete) and/or nondisparagement clauses that should be examined closely.
Financial NDA: These are most common when a third party is receiving financial information that is, by nature, confidential. These are frequently encountered when working with accountants, tax preparers, and financial consultants. They bind the third party to keep all financial information confidential, usually indefinitely. This is one of the few times when an indefinite length for an NDA is completely acceptable: no amount of lapsed time makes it okay to share someone’s bank account numbers, for instance.
A Merger/Sale NDA: This version of an NDA is most often used for mergers, acquisitions, and other business sales. The NDA usually comes before the sale, obviously, as information uncovered during negotiations and due diligence must still be protected in the event the merger or sale doesn’t go through.
These nondisclosure agreements are more niche in nature and are likely to be encountered only in specialized fields.
HIPAA: An NDA required by law for all health care workers, HIPAA is a series of regulations protecting patient medical information. If you’re not a health care worker, or you’re not working in the field of medical data or medical technology, you’re unlikely to run into HIPAA.
Guest or Visitor NDA: This NDA is usually signed by guests invited to tour a facility in which privileged information may be exposed simply by walking through the area.
Job Interview NDA: An extremely uncommon version of the nondisclosure agreement, these NDAs only show up during job interviews for highly sensitive or confidential positions, when even knowing who works for the company or organization could be considered privileged information.
The next (and possibly most important) question to ask when reviewing an NDA: how much will a violation cost you?
Before you even consider signing a nondisclosure agreement, the very first thing you should look for in the document is the cost of violation.
Is there a defined dollar amount? Some NDAs will define an amount of money an NDA breach will cost the signatory, literally saying “$2,000” or “$15,000” or another specific amount. However, it’s important to remember that this kind of clause is referred to as “liquidated damages,” which are not always enforceable in many areas.
When are liquidated damages enforceable? Obviously, region and/or national law will be the best thing to look up, but a good rule of thumb is that a liquidated damages clause is enforceable only if the potential damage of a breach has a real, quantifiable cost, and that cost is in line with the penalty cost in the NDA. So there has to be real math backing up such a damage forecast.
There is a second proviso: a liquidated damages clause is also enforceable if the damage of a breach can’t possibly be calculated, perhaps as a cost to reputation or other nebulous damage.
They may seem contradictory because the basic premise is that the monetary penalty either has to be enforced by realistic math or has to penalize damage that can’t be quantified. This is to prevent overly harsh violation fees — if the math points to damages of $5,000, and the NDA says $100,000, that’s unenforceable and likely to be struck down.
Avoid unlimited liability NDAs. If at all possible, try not to sign an NDA that doesn’t specify liability. Unlimited liability puts you on the hook for an unknown amount of damage, which means any litigators will try to get as much money as humanly possible. Instead, insist on an enforceable liquidated damage clause, outlined above, with a realistic and calculated maximum liability.
Are their different costs for different levels of misappropriation? NDAs sometimes outline levels of misappropriation and how the injured party will react to each level. Know your levels; they will both warn you of the harshness of a violation and help guide you to find acceptable, nonbreaching behavior.
A threatened misappropriation generally implies intent to breach without having done so — taking a USB key home that has confidential information on it, for instance, but not necessarily leaking anything. A completed misappropriation is exactly what it sounds like: the data on the USB key was given to someone else or leaked online.
A continuing misappropriation is levied after a completed misappropriation — the employee with the USB key has been revealed, has been enjoined in some way, and continues to leak information or to use said information to, say, create their own competing software program.
These levels often come with different penalties, sometimes outlined in the NDA itself. Look for them, and understand the penalties before dropping your wet or electronic signature on the contract.
The next most important aspect of any nondisclosure agreement is the document’s definition of what information is confidential or privileged. In essence, what information is free to share, and what information absolutely is not?
Look for clear definitions of what is and isn’t confidential. The trade secrets or confidential data should be defined with concrete language, such as “any and all information having to do with Project X, including technology, software processes, internal project structure, and team composition.”
Avoid unclear definitions. If the confidential information to be protected by the NDA is defined as something like “any and all potentially sensitive data,” that’s a red flag. You have no idea what the rules are, essentially, or even what you can and can’t share (even accidentally!). If you mention on Instagram that you had lunch with Pete and the team, and Pete’s involvement in the project is a secret, you may have committed a breach.
If your NDA contains this kind of language, ask for the confidential data to be more clearly outlined before you sign.
An NDA should clearly define how long the agreement lasts. Basically, how long are you on the hook?
How long does the NDA last? Remember that the longer the period of time you’re under an NDA, the greater the chance that you’ll be involved in a breach. You don’t want to put yourself in a situation where you have to censor all of your business language and stress about a possible slip up for the rest of your life.
The amount of time considered “acceptable” for an NDA will change, depending on what type of NDA you’re signing. As discussed earlier, a financial NDA with an unlimited term is probably fine.
Similarly, “trade secrets” are said by some laws to have no expiration date — a company’s processes don’t automatically become fair use or public domain after a certain time frame. However, the NDA should still contain language such as “until the trade secret is common knowledge” or “is no longer considered a trade secret.”
For someone buying a business, an NDA of two to three years is fairly normal. When leaving a place of employment, a 6-month NDA after departure might be typical (depending on the nature of the business and its level of secrecy).
If you have access to confidential equipment or materials, when is it supposed to be returned? If you have to sign an NDA about an employee training manual, the NDA should say when you’re supposed to return that manual to the organization. If you’re beta-testing a company’s new phone or another device, and you’re under an NDA for that equipment, how long is your trial period? When does the device come home?
Make sure the NDA you’re about to sign answers these questions clearly.
Lastly, check for a termination clause. It’s always beneficial to have an “out.” Ideally, an NDA should have a termination clause that specifies that both parties can cancel the agreement in writing.
The next section of the NDA to closely peruse is the definition of your obligations, or what is considered a violation of the NDA.
How strict is the NDA, and how easily can it be violated? The NDA should define in clear terms what a breach is. Things like sharing documents with outside parties, taking photos in the building, or even photocopying work material might be directly referenced as breaches.
If it involves confidential/sensitive equipment, how can that equipment be used? If you’re being given sensitive equipment or materials, the NDA should tell you where and when it can or can’t be used. For instance, using a sensitive device in a public area could breach a trade secret — the NDA should define this. It should tell you whether you can take it home or not, whether you have to lock the device or shut it off after each use, whether you’re allowed to attach the device to an off-site wireless network, etc.
Does the NDA define the grounds for litigation? The NDA should let you know what kind of breaches or behaviors would force them to take you to court. Typical grounds for litigation defined in an NDA include trespassing, conversion (accidental theft or loss), copyright violation, patent infringement, or even just “misappropriation of trade secrets.”
Now that the most frequent issues have been thoroughly examined, let’s take a look at the kind of situation-specific clauses you may run into when reading an NDA.
Some nondisclosure agreements contain additional clauses, which you should check for, read thoroughly, and even send to legal counsel for further explanation:
When examining an NDA, your next step is to take a look at what both parties will do in the event of a breach.
What steps can or will the injured party take? The NDA should outline those steps so you know how to proceed if you are accused of a breach (and prepare yourself for how they will proceed). These include the following:
Send a cease and desist letter: This is the most common “first step” an injured party will take. This is a simple missive, informing you that you may be violating your NDA and that you must immediately stop it/return the material, etc. If you comply, that’s usually the end of it.
Settle out of court: A settlement may be a cash value (outlined in the NDA) or even ongoing royalties taken from the breaching party/company, if they’ve already gone through with copying trade secrets.
Many businesses and organizations don’t want an NDA to go to court, because it introduces more chances for breach of confidential intel. Think about every lawyer, paralegal, assistant, messenger, jury member, or court officer now having access to your trade secrets — hardly ideal.
Injunctions and temporary restraining orders: This is a court order to stop using all relevant trade secrets or data. An injunction is a serious matter and could prevent you from using or interacting with trade secrets, data, or even a business forever.
If you’ve violated an NDA and have received notification, you should immediately seek legal counsel. Then, you should check and notify any liability insurance you or your company may be under. You should also check the original NDA and review the accusation and facts against your obligations.
Now is the time to look up the local laws in your city, state, province, or country, because NDAs are enforced differently depending on where you live (and where the NDA says legal matters will be settled).
Does violating an NDA open you up for criminal prosecution in your area? Some states and countries can actually arrest the violator of an NDA and prosecute them on criminal charges (in addition to the civil case the injured party may also bring). That means both jail time AND a painful lawsuit could be on the table. Find out as soon as possible whether that’s the case.
Research the laws that pertain to the location where the NDA litigation may occur. If you’re dealing with an American company, and the NDA stipulates legal matters will be handled in the United States, you need to bone up on the Uniform Trade Secrets Act.
If you or the company will be litigating in the EU, the TRIPS Agreement will detail how the contract and the penalties will be handled.
If you live somewhere else (or the NDA is enforced somewhere else), make sure the drafter of the NDA includes what regional laws apply to the NDA in the body of the NDA itself. There should be no confusion on this matter.
If you’re signing an NDA in person, will a notary be present when you sign? If you’re signing digitally, how is your esignature protected? You should ask the drafting party these questions as soon as you’ve agreed to sign the document.
Signing an NDA in person: Does the signature require in-person witnesses, such as a notary? The NDA should outline that. Social distancing measures may affect the viability of in-person signing, of course. In-person signatures are as protected as the person who carries them, so make sure your NDA is being secured.
Signing an NDA with an electronic signature: The tech and the required laws have advanced to the point where esignatures can be just as valid as a normal signature — they can even be notarized online. You can check your local esignature laws to find out if it’s possible and legally recognized in your area.
An electronic signature is surprisingly secure — another benefit of going digital. And everyone involved gets digital copies as soon as the documents are signed, which means you’re less likely to misplace the documents or lose them in a file cabinet somewhere.
It may even be possible to sign via a “digital wet signature,” which is a hybrid process where a normal signature is digitized via an image or touch-screen signature.
Like any legal contract, an NDA can be torn apart, interpreted strangely, or held to iron-clad definitions, depending on the court, the attorneys, and the arbiter or judge involved in the case.
Not All NDA breaches involve stealing secrets. Recently, ZeniMax Media Inc. was awarded $500 million dollars by a jury after suing Facebook’s Oculus VR for an NDA breach. However, Oculus VR was found not guilty of stealing trade secrets. However, Oculus VR was found by the jury to have breached their NDA with ZeniMax through copyright infringement and false designation.
The copyright infringement was expected — they made a VR device very similar to ZeniMax’s. However, the more interesting charge was “false designation.” Basically, Oculus was found to have used ZeniMax promotional material during Oculus demonstrations, implying that ZeniMax in someway endorsed Oculus. And Oculus VR obtained these promotional materials while under an NDA.
Being protected by law doesn’t protect you from breaching an NDA. For instance, a legally protected whistleblower was still sued for reporting security breaches at AT&T. Mark Klein blew the whistle on AT&T after discovering that the U.S. National Security Agency was accessing AT&T customer data. However, even though he was legally justified in reporting this, he was still sued by AT&T for breaching the NDA.
Confused intentions can trump an NDA. Confused intentions and muddy contract language recently overturned an NDA breach judgment that favored one party. Two companies involved in specialized farming equipment, Loftness and Twistmeyer and Associates Inc (TAI), entered into an agreement in which Loftness would manufacture grain-bagging equipment based on TAI’s input. The NDA tried to define TAI’s confidential information, but it did so in an extremely vague way, which allowed the NDA to be essentially voided in regards to the lawsuit.
The text of the NDA defines confidential information as “[s]uch information that [TAI] considers to be proprietary and/or confidential.”
When Loftness ended up developing farming equipment with a third party, Brandt Industries, potentially using TAI’s designs. Unfortunately for TAI, the language of the NDA was unclear, and their lawsuit was remanded back to a lower court.
The indemnification clause in an NDA specifies who is responsible for paying for damages or losses in case of a breach. It is important to review this clause carefully to understand your obligations and the potential financial implications. You should seek legal advice to ensure that the clause is clear, fair, and provides adequate protection. Here are some key things to consider:
By understanding your potential liabilities, you can take necessary measures to mitigate risks and protect your interests.
When personal data is involved in a non-disclosure agreement (NDA), it is important to comply with data protection laws. Here are some key points to consider:
Keeping good records is essential for non-disclosure agreements (NDAs). This means keeping copies of the signed NDA and any relevant communications, such as emails, letters, or meeting notes. These records can be used as evidence in the event of a dispute or legal action, providing a clear account of the agreed-upon terms and obligations. By organizing and storing NDA-related documents, parties can demonstrate compliance with the NDA, protect their rights, and facilitate the resolution of conflicts.
Here are some specific tips for good record keeping for NDAs:
By following these tips, you can help to ensure that your NDAs are properly documented and that you have the evidence you need to protect your interests in the event of a dispute.
Yes, It is important to regularly review NDAs to ensure that they remain effective and relevant over time. When reviewing an NDA, it is important to consider factors such as changes in the relationship between the parties, legal and regulatory changes, duration and termination provisions, parties’ responsibilities, and best practices. By conducting regular reviews and consulting with legal professionals, parties can help to ensure that their NDAs remain robust and protective of their interests.
These questions should guide you safely through understanding your NDA and, hopefully, give you pause if you see something fishy in the contract. But there’s no internet advice that beats a good lawyer.
So if you see any tricky-looking language or clauses that ask for infinite liability, it may be time to retain a contract-law attorney to protect you.
That’s why it’s important to know about NDAs and your local laws before you tangle with anything even related to trade secrets.