Confidentiality agreements may not provide the security that you think
If you have started your business, you have no doubt been confronted with the ubiquitous non-disclosure agreements (NDAs). These agreements are not all created equal and you should review the NDA carefully and consult your small business lawyer to understand what they protect and what they don’t.
NDAs or sometimes known as confidentiality agreements can arise in numerous contexts. Maybe you are trying to keep an employee from disclosing proprietary information about your small business. Maybe you are creating a custom software solution for your customer, who doesn’t want to share any of its information without an NDA. Or possibly you are in the process of selling your small business to a competitor or large company, and you think that the NDA will provide a modicum of assurance that your precious list of customers will not get out.
Each context implicates different concerns and of course the biggest difference is whether you are the receiving party or the disclosing party. In this article, we will discuss some of the major points as you are reviewing a non-disclosure agreement.
Mutual or unilateral.
When I review a NDA that is mutual and applies to both parties equally, my antennae are much less sensitive. A mutual NDA (MNDA) covers both parties, regardless of whether they are receiving and disclosing confidential information. In general, what is good for the goose is good for the gander.
Usually a party is not going to insert obnoxious provisions in a MNDA, because that party will be equally bound by the MNDA. If the NDA is very broad, then it is equally broad with respect to both parties.
When I review a unilateral NDA, and my small business client is the receiving party of information from a large company, I try to be extra vigilant for “gotcha” provisions. I have seen large companies inserting some sneaky provisions, such as non-competes shrouded under the guise of a confidentiality agreement. To add insult to injury, the large company says that the agreement is “standard” and that if the small business wants to do business with the large company-disclosing party, the receiving party has to sign.
What the NDA protects.
One of the most important provisions is what is protected. There are generally two extremes. The most restrictive provision is that only certain specific documents are protected as confidential, usually if they are marked “Confidential.”
And on the other hand, there are the very broad NDAs which say to the effect anything that is exchanged between the parties is protected as confidential. These include even oral communications. If you are receiving party, then you may be disheartened to have one of these broad clauses such as all information reasonably be known as of a confidential natures will be treated as confidential.
Who has access to confidential information.
The party receiving confidential information would want to know with whom if anyone it can share the information, such as accountants, lawyers or other outside consultants? If you are allowed to share the information with a third party, there usually will be a provision that you as the receiving party must have a confidentiality agreement or confidential relationship with the third party to assure the confidentiality of the information.
A party disclosing confidential information will want to make this group as narrow as possible, such as only those persons with a “need to know.” If you are the disclosing party, you want to make sure you know who is responsible if there is a breach.
Who is bound by a confidentiality agreement.
A corollary concern is who is bound by the confidentiality agreement. Don’t assume that if a member of the board of directors signs a NDA, that the company will be bound. This was precisely the issue in Protégé Biomedical v. Z-Medica (D. Minn. 2019), in which the plaintiff was a company that wanted to place itself on the market. The point person for an interested buyer was one of the prospective buyer’s board members who signed an NDA. The plaintiff and prospective buyer participated in a conference call during which the plaintiff disclosed nonpublic information based on the NDA. The prospective buyer believed that it was not bound by the NDA and used the information learned during the discussions to create its own competing product.
The question was whether the board member signed the NDA in his personal capacity or on behalf of the prospective purchaser. Eventually the prospective purchaser settled, but not before the court criticized the plaintiff for relying on the board member’s status as a board member, without citing any “facts showing that the [prospective buyer] granted its board members authority to enter contracts on behalf of the organization.”
Obligation to destroy or return information.
In many agreements there is a requirement that the receiving parties destroy or return the confidential information. If there is a broad definition of confidential information such as “anything exchanged,” it may be difficult to return or destroy all of the electronic mail messages between the parties and this should be specifically addressed in the agreement.
Limitations on use.
There are almost always limitations on use of the information received, usually in connection with a certain purpose such as to explore business opportunities. In some agreements, especially where technical information is being exchanged, the receiving party should not be allowed to decompile, disassemble or reverse engineer any part of the information.
Standard of care.
There are varying standards for care of the confidential information. In some agreement, probably a minority, there is an absolute prohibition on disclosure. In most agreements, the receiving party has to comply with a certain standard such as a reasonable standard of care or the same care that the receiving party uses for its own confidential information.
There are usually certain standard exclusions to the definition of confidential information, such as information generally known to the public; information independently developed by the receiving party without use of the disclosing party’s confidential information; or information received from a third party without breach of duty to the disclosure.
Term of the agreement.
Usually the term of confidentiality lasts for a period of 1-5 years, although for proprietary information, the term may be indefinite. The obligation to ensure confidentiality should survives any prior termination or expiration of the agreement.
Choice of law and forum.
The choice of law, which state’s law applies, may be important as some jurisdictions strictly construe NDAs and other don’t. But possibly even more important is the choice of venue if a dispute arises.
If you are a small business in Maryland, and you sign a NDA with a company in Texas, the Texas company may require Texas law and a Texas forum. Unless you have a very good case and lots of financial resources to defend a lawsuit in Texas, you will be inclined to try to resolve the matter short of litigation. For this reason, choice of forum can be a major subject of negotiations for a NDA because litigation is a major undertaking and costly.
For this reason, you don’t see these agreements being litigated very frequently unless you find one of two conditions is present. Either there is a lot of money in dispute or one of the parties has considerable resources to litigate, or both of these conditions. In the Protégé case, the sales price for the company was $23 million and the plaintiff had considerable resources, so it satisfied both of these conditions. For a small company, there is probably a third factor that may militate in favor of litigation. You have to be confident that you will win, usually because the other party has blatantly breached the NDA.
Small business attorney review of NDAs.
Even though they may not be heavily litigated, NDAs deserve considerable attention. Some clients especially those with especially sensitive proprietary information may ask their business attorney to review every NDA to assure that they are not signing something that may risk giving up their confidential information. Other small businesses may almost never contact their attorney to review a NDA. In either case, every business owner must treat NDAs as if their entire company depended on them, because sometimes they do.