Nondisclosure agreements or “NDAs” are legal agreements entered into by parties who wish to share information with one another on a confidential basis and control how that information is used. NDAs, also referred to as “confidential disclosure agreements,” may involve disclosure of confidential information by only one party or both parties.
Confidentiality Provisions vs. NDAs
Confidentiality provisions are frequently included in employment contracts and board policies, when sensitive information is expected to be disclosed frequently in the context of an ongoing relationship. The NDAs discussed here, however, are focused on time-limited disclosures between parties for a specific purpose.
Organizations might utilize an NDA, for example, when they are considering collaborating with one another and needs to review proprietary information to assess the feasibility of the collaboration. Or, an NDA might be used by an organization that is hiring a vendor and needs to be sure the vendor does not disclose any proprietary data to which it gains access.
Four Key Elements of NDAs
An NDA should …
1. Describe the type of information to be disclosed, by whom, and the purpose of the disclosure.
For example: “Organization A will disclose to Organization B its preliminary findings on the subject of XXX during calendar years 2015 through 2020, to enable the parties to evaluate the feasibility of collaborating on a funding proposal to the U.S. Department of Education.”
2. Define Confidential Information.
The definition should state both what is included (e.g. “Confidential Information means any information disclosed by Organization A that is clearly identified as ‘confidential,’ including data, documents, designs, prototypes. . . .) and what is excluded (e.g. “Confidential Information does not include information that (a) becomes available to the public other than as a result of violation of this NDA; (b) becomes available to Organization B from a source other than Organization A; (c) was in Organization B’s possession prior to receipt from Organization A. . . .”)
If you are the recipient, you’ll want to be sure you understand what information is considered confidential so that you can comply with the requirements. If the definition is broad or does not require identification of the information by the discloser, you may have a hard time determining what you need to keep confidential.
If you are the discloser, you’ll want to define confidential information broadly and may not want to require the information to be identified. Bear in mind any special confidentiality obligations you may have, such as those applicable to personal data, and state clearly that the recipient must comply with these obligations.
3. Require the recipient to:
- Keep the information confidential.
- Prevent disclosure of the information unless approved by the discloser.
- Use the information solely for the stated purpose of the NDA.
- Notify the discloser of any unauthorized disclosure.
- Permit access to the information only to those with a need to know and are bound by confidentiality obligations at least as restrictive as those contained in the NDA.
- If the information involves a device, process or software, the NDA should prohibit the recipient from reverse engineering, disassembling, or decompiling any objects that embody the information.
4. Specify the time period during which the information must be kept confidential and how tangible copies must be disposed of.
A discloser may require information to be kept confidential not only during the period the parties are working together, but for a longer time period or even indefinitely.
If you are the discloser, you’ll want to assess how long a time period your information is likely to be valuable, as well as privacy concerns and legal requirements. If the information relates to cutting edge developments in the sciences, it may not have much value five years from now; but if the information is health data, it may be sensitive for decades.
If you are the recipient, you’ll want to assess your security systems and staffing to make sure they are capable of handling either short or long-term storage of confidential information.
Disclosers may want physical copies of information to be returned, or they may direct recipients to destroy the information. Either way, the parties should keep in mind the many ways that information can be stored, manipulated or inadvertently released.
NDAs are used frequently in the business world. Familiarizing yourself with the basic elements of NDAs can put you at an advantage. If you’re having difficulty understanding an NDA you receive, you should have an attorney advise you.