18 May 2009
Fundamentals of Non-Disclosure Agreements
Among the nearly infinite variety of legal agreements in use today, the NDA is by far the most ubiquitous. Especially prominent among companies in technology, NDAs are signed on a daily basis. Every company has their own unique NDA template; paradoxically, most companies signs the opposite party's template more often than not. The party larger in size, reputation, market cap, or perceived importance usually wins the battle of the NDA form. This NDA ritual takes place thousands of times a day all over the world.
Fundamentally the purpose of the NDA should be simple and straightforward: protect information designated by each party from unauthorized use and disclosure. Both parties have an equal and legitimate interest in protecting their own information, and both parties usually recognize the other side's interests as well. In terms of accomplishing the ultimate objective of the document, therefore, the best NDAs are those that are short, simple, clear, and mutual. The worst are those that are needlessly complex, lengthy, and lack basic mutuality.
This article sets forth what I consider to be a model non-disclosure agreement, replicated above (right-click to open in a new window or tab in order to enlarge the view). This template is licensed under the Creative Commons Attribution 3.0 License. The article includes a summary explanation of each of the more important sections of the template. It then recites a top five list of NDA pet peeves.
Model NDA Template
The template above accomplishes the primary objective of any NDA: establish a balanced legal framework for the protection of each party's confidential information in a simple, clear and direct manner. All of the terms and obligations in this template are reciprocal. Neither side is advantaged. There are no unexpected provisions. The NDA is a modest one page in length.
The "Effective Date" in this template is the date of the last signature. The problem with leaving the date blank is that it often remains blank after both parties have signed. If the NDA protects information whether disclosed before or after the effective date, as this template does, then there's little significance to the effective date, other than clarifying when the agreement came into being.
Definition of Confidential Information
The agreement defines "Confidential Information" to include written as well as orally disclosed information. With respect to the latter, oral information is protected only if it is either (a) summarized in writing within 30 days after disclosure or (b) falls into certain specifically enumerated categories of information (here, "contemplated product or service plans, marketing or business strategies, third party relationships, or pricing or financial information").
The issue of orally disclosed information is a challenging one. Many companies, especially larger ones with active and sizable legal departments, are reluctant to tie themselves to confidentiality obligations with respect to any orally disclosed information that is not summarized in writing later. The problem of course is that such summaries are rarely completed. Without the summary, no protection applies. The template attempts to strike a balance between the two extremes. Few would argue that oral information about a company's publicly unreleased product plans or strategies, or financial information, should not be protected as confidential. For oral information that falls outside of these protected categories, the written summary requirement applies.
Yet another possible variant is to protect orally disclosed information falling into these categories only if "the information, given its nature and the details of its disclosure, should reasonably be considered as confidential in nature" or the like. This may ease the concerns of those who insist that all orally disclosed information should be protected only if summarized in writing. However, this concession may not be enough to satisfy the larger corporate legal departments that will insist on the written summary requirement. If so, then I'd recommend dropping the issue. The requirement that oral disclosures be summarized is so commonplace that to oppose it in every case would unjustifiably impede the transacting of necessary business. Educating the client to ensure that important conversations are memorialized is the best solution; refusing to sign a NDA due to opposition to this requirement is not.
One final point about orally disclosed information is that this template preserves the confidential nature of the information pending the production of the written summary. Without this clarification, the information may never be considered confidential unless and until the disclosing party produces the written summary. This may take time. Meanwhile, the receiving party could literally publish highly sensitive orally-disclosed information within hours of the parties' meeting, in the absence of a clause like this.
Duty of Confidentiality
This section of the template prohibits the disclosure of Confidential Information to anyone other than the receiving party's employees. Agents or employees of affiliates are not included here. The template can easily be modified to allow disclosure to such parties, but care should be taken to ensure that such agents and affiliates are tightly defined. Virtually any person or entity can be an agent or affiliate, including, obviously, competitors of the disclosing party.
The exceptions component of the NDA is the most important. Every NDA must exclude from the confidentiality obligation any information that is (a) known to the receiving party prior its disclosure by the disclosing party; (b) is or becomes generally known or available, or is in or becomes part of the public domain; (c) disclosed to the receiving party by a third party without any duty or breach of confidentiality; or (d) independently developed by the receiving party without use of any of the disclosing party's confidential information. All four exceptions should be included in any NDA or confidentiality section of any agreement.
One exception occasionally found in NDA forms is "disclosed by the disclosing party to a third party without restriction on disclosure. " Whichever party to the NDA has a stronger incentive to protect confidentiality will most likely object to the inclusion of such an exception, particularly if the NDA form already contains the public domain/generally known exception. If interpreted in conjunction with the latter, this exception is not logically redundant only in the situation in which the information owner's dissemination of its own information has not reached the level of being generally known, but has been selectively revealed to a certain few. While an argument can certainly be made that if the owner has been selectively disclosing the information in question to a select few, it should not be entitled to confidentiality protection at all, the sensitive information owner will argue that such intermittent disclosure may have been inadvertent, or under circumstances indicative of apparent, even if ultimately non-existent, confidentiality. Such party will argue that the public domain exception should suffice.
The model NDA form is evergreen in term; that is, it does not expire until either party, at such party's sole discretion, serves written notice of termination. Unlike other NDA forms in common use, this template does not limit the term of protection or extend protection only during a specified period. Rather, the NDA continues in force until either party elects for any reason to terminate it. Of course, confidentiality obligations survive for a period of time after such termination.
Top 5 NDA Pet Peeves
1. "Purpose" Requirement. It is unfortunately quite common for NDA templates to require that information protected under the NDA be relevant or germane to, or disclosed solely in furtherance of, a defined purpose in order to qualify for protection. Oftentimes the purpose definition is blank, requiring the business people involved in the discussions to complete what they believe the purpose should be. Business clients from either side may specify an inordinately narrow purpose, or the discussions may evolve beyond what is defined in the NDA's purpose statement. In such case, legal cycles are again consumed in order to amend the purpose statement or enter into a new NDA. Worst case, the parties will fail to realize that the discussions have evolved beyond the purpose statement set ou in the NDA, thus resulting in no confidentiality protections whatsoever.
Realistically, after the NDA is signed, it is forgotten, and it is extremely unlikely that representatives from either side will be closely monitoring the discussions to make sure they do not deviate from the expressed purpose scope. And finally, whether a given item of information is germane to the purpose may not be clear, thus inviting disputes in the future. Any information that is designated as confidential should be protected. The confidentiality exceptions are the best defense against assuming unnecessary or unrelated confidentiality obligations.
2. Documentary Proof Requirement. Variants of the confidentiality exclusions clause may require that applicability of the exceptions be proven by documentary evidence. The hidden premise behind such a requirement is that testimonial evidence is inherently untrustworthy or at least not as reliable as documentary evidence. I believe this premise is invalid. Oftentimes it may be impossible to find documentary proof of prior knowledge or independent development for a given piece of information. For example, it is easy to envision how a large company with R&D facilities all over the world could quite readily develop technology independently of any access to or use of the confidential information protected by the NDA and disclosed in a remote locale. Yet if the documentary proof requirement applies, it's not clear what type of proof would satisfy the requirement. Would documents proving the existence of the development of the same information in a far-flung R&D center be sufficient? Or would a court require documents affirmatively proving that the developers of the information specifically refused to expose themselves to the NDA-protected information?
3. Time-Limited Term. As discussed, many NDA forms contain a limited term of effectiveness. Such forms can be inconvenient if the NDA expires prior to the termination of the parties' negotiations or relationship. Such premature expiration will result in the need for a renewal amendment or for a new NDA, thus consuming inordinate legal resources. If the NDA is truly balanced and limited in scope, there's no logical reason to require that the NDA expire, particularly if either party is free, as is often the case, to terminate the NDA at will.
4. Non-Reciprocal Terms. Language granting an enhanced degree of protection for only one party's data, or securing a longer period of confidentiality protection for one party's source code, or requiring one party and not the other to bear the burden of proving the applicability of a confidentiality exceptions, are all common examples of non-reciprocal clauses that will inevitably invite negotiation and therefore delay. The rather limited legal benefit of such clauses should be balanced against the wasted cycles and delays in transacting business such provisions cause. The ultimate goal is to secure signatures on the NDA form as soon as possible, given that no business can take place until the NDA is closed.
5. Residual Rights. A residuals, or residual rights, clause clarifies that general knowledge or know how that has not been intentionally memorized is not subject to the confidentiality obligations of the agreement. Such clauses are common in source code licensing agreements. Example:
Nothing in this Agreement shall be construed to prevent the receiving party's employees who access Confidential Information from using Residuals for any purpose. The term "Residuals" means information of a general nature, such as general knowledge, professional skills, know-how, work experience or techniques, that is retained in the unaided memories (without conscious memorization or subsequent reference to the material in question) of the receiving party's employees who have had access to Confidential Information. Memory shall be considered unaided if the employee or contractor has not intentionally memorized the information contained within the Confidential Information for the purpose of retaining and subsequently using or disclosing same.
Such a clause essentially removes confidentiality protections for any information that is retained in the unaided memories of the receiving party's employees. At bottom it's a gaping hole in the non-disclosure and non-circumvention obligations of the NDA. "Anything that remains in my head" may be freely used and disclosed.
While such clauses may be appropriate in certain types of source code licensing agreements, in which the licensee wishes to preserve the ability to assign engineers to any work assignment without any implied clean room obligation, they have no legitimate place in a general-purpose non-disclosure agreement established solely in order to facilitate substantive preliminary discussions.