The Why, When and How of Confidentiality Agreements (Part 1)

Nondisclosure Agreements (NDAs), a/k/a Nondisclosure Agreements (NAs), Confidentiality Agreements (CAs), Confidential Disclosure Agreements (CDAs), and Proprietary Information Agreements (PIAs), are something most business leaders and lawyers deal with from time to time.  However, few companies have implemented policies stating why, when and how NDAs should be used.  Quite often different people at the same organization take very different approaches to using NDAs, resulting in inconsistent protection of a company’s confidential or proprietary information (“CI”) — or worse, jeopardizing company trade secrets.  This two-part article provides a summary of the why, when and how of NDAs.  In Part 1, I talk about the “why” and the “when.”

WHY to use an NDA.  There are three primary, and sometimes overlapping, reasons why to use an NDA – for protectivepurposes, for strategic purposes, and for contractual purposes.

  • The most common reason for entering into an NDA is to ensure there are adequate (and binding) protections for your CI before you share sensitive information with another party.  If your company has trade secrets, failing to put confidentiality obligations in place with third parties who have access to your trade secrets can cost you your trade secret protection.
  • An NDA can also be used as a litmus test to gauge whether a party is truly interested and serious about discussions with your company.  If you’re asked to sign an NDA well before confidential information will be exchanged, this might be the reason.  An example is a requirement for potential vendors to sign an NDA before the RFP is provided to them, even if there’s nothing confidential in the RFP.  Requiring an NDA up front can also ensure that you don’t get down the road with a potential vendor or partner only to find that they are resistant to signing an NDA.
  • An existing confidential obligation to a third party may require you to put confidentiality obligations in place with any subcontractor or business partner with whom you need to share the third party’s CI for business purposes (more on this in Part 2).  If an existing agreement with your subcontractor or business partner doesn’t satisfy contractual requirements, a separate NDA may be needed.

If a third party questions why an NDA is needed, consider whether that should be a red flag in and of itself.  They may not view confidentiality as a significant concern or priority, may not be sophisticated about the importance of strong confidentiality practices, or may be trying to get you to reveal confidential information without an NDA in place.

WHEN to use an NDA.  Once you’ve determined that you need an NDA for one or more of the above purposes, you then need to determine when to use one.  Keep these questions in mind:

  • What is confidential information?In order to know when to use an NDA, you need to first know what needs to be protected.  This is often the MOST IMPORTANT question a company can ask.  What information is considered confidential or proprietary information, and what information is a trade secret?  Everything else should be considered non-confidential.  Look at your IT policies to see how data is classified at your company (many classify CI into levels) and use those classifications to determine what categories of information should be protected.  If it’s information you include in your marketing brochures or on your corporate website, it’s not confidential or proprietary information.  Use this test – if you would have a problem with the information showing up on the front page of your local paper or elsewhere for the world to see, or if it ended up in the hands of your competitors, you may want to treat it as confidential if it’s disclosed.  Educate your sales and other internal business teams as to what’s considered CI, and when an NDA is required — make sure to remind them that part of their job to protect your company’s confidential information.
  • Who is disclosing what? Not every discussion about a potential business relationship requires an NDA.  Look at what information may be disclosed and by whom.  If your company isn’t disclosing confidential information as part of the discussion, the onus should be on the other party to ask for an NDA.
  • Are there existing confidentiality terms? Sometimes an existing business partner or vendor will ask for an NDA before sharing information about a new product or service.  Before signing, check your existing agreement to see whether its confidentiality language is broad enough to cover the new information.  If it is, push back on the need for a separate NDA.  You should always try to avoid having multiple confidentiality terms governing the same confidential information (for more on this, see Part 2.)  If they insist, make sure the new NDA is limited in its purpose and does not overlap with the existing agreement.
  • When will sharing begin? Determine when in the in the sales cycle/vendor selection process you need to start sharing CI – that’s your “NDA point.”  Once you’ve determined your NDA point, make sure it’s build it into your SOPs and other business process documentation to minimize the chance that CI is shared without a valid NDA in place.
  • What is the right effective date?In business, the cart sometimes gets ahead of the horse when it comes to getting an NDA in place.  If your company gets out over its ski tips by disclosing CI without having the NDA in place first, ensure that the NDA applies retroactively to by setting the effective date as the date on which confidential information was first disclosed, not the date on which it was signed.