Confidentiality agreements, also known as Non-Disclosure Agreements ("NDA"), are designed to protect crucial and commercially sensitive business information, for example, manufacturing processes, secret recipes, customer lists, know-how, ideas, business plans and technical data.
A poorly drafted NDA could result in an unauthorised use or disclosure of your valuable information. Failure to use an NDA could leave you with no legal remedies (at all) in the event that your valuable information is disclosed or used without your permission. In either case, unauthorised disclosure or use of your information could compromise the value of your business.
A well drafted template NDA should be considered as a fundamental document in any business's toolkit. Here are a few key questions to ask yourself when using an NDA:
- What is the purpose of the NDA? Ask yourself: for what purpose are you allowing the recipient to use your confidential information? The "purpose" should be carefully defined in the NDA, to make sure the recipient does not use the information for something you would not want them to (e.g. to develop a competing product/service).
- When should the NDA be entered into? Ideally, before any sensitive information is disclosed to the recipient.
- What are you disclosing? A definition which says "Confidential Information is information which is confidential to the discloser" is of little assistance. Be specific about what (or, at least, the type of) information you are going to disclose, so that it is clear what will be protected by the NDA (e.g. customer lists, prototypes, analyses, source code, etc).
- To whom are you disclosing the information? The NDA must be clear about who the authorised recipients are. For example, can the recipient disclose the confidential information to other businesses within their group, or to their employees, consultants, agents and/or advisors? If so, in what circumstances and subject to what controls? Generally, the wider the dissemination of the information, the harder it is to monitor and control its use and security.
- What must/can the recipient do with the data? At the most basic level, recipients should be under an obligation to keep the information safe, secure and confidential and only to use it for the agreed purpose. More onerous NDAs sometimes contain obligations on the recipient to keep a register of the individuals to whom the information has been made available and to keep all information password protected.
One way of controlling the disclosure of information is to use an online data room (such as Ruby Datum). Data rooms allow users to store/access confidential documents/information in a secure, password protected, and monitored environment. Data room administrators can control numerous parameters, such as who may access particular folders/documents and whether the recipient can print/download documents.
- Why do you need an NDA if the law provides protection? The common or equitable law of "breach of confidence" protects information which has the "necessary quality of confidence about it" and which has been disclosed "in circumstances importing an obligation of confidence". Inevitably, disputes arise over whether the information in question satisfies both of those requirements.
The benefit of having a well drafted, written NDA is that there is a written contract outlining the parties' rights and obligations. Thus, in the event of a breach, you can bring legal proceedings against the other party for breach of contract, which can often be an easier (and therefore less expensive) case to bring successfully than a breach of confidence claim.
The importance of NDAs and the attention to detail needed to get them right should not be under-estimated. Disclosing commercially sensitive information to a third party without an NDA in place is inherently risky and should be avoided.