{"id":198,"date":"2015-06-05T13:35:12","date_gmt":"2015-06-05T19:35:12","guid":{"rendered":"http:\/\/ericlambert.net\/blog\/?p=198"},"modified":"2015-06-05T13:35:12","modified_gmt":"2015-06-05T19:35:12","slug":"the-why-when-and-how-of-confidentiality-agreements-part-2","status":"publish","type":"post","link":"https:\/\/ericlambert.net\/blog\/2015\/06\/05\/the-why-when-and-how-of-confidentiality-agreements-part-2\/","title":{"rendered":"The Why, When and How of Confidentiality Agreements (Part 2)"},"content":{"rendered":"<p>Nondisclosure Agreements (NDAs), a\/k\/a Nondisclosure Agreements (NAs), Confidentiality Agreements (CAs), Confidential Disclosure Agreements (CDAs), and Proprietary Information Agreements (PIAs), are something most business leaders and lawyers deal with from time to time.\u00a0 However, few companies have implemented policies stating why, when and how NDAs should be used.\u00a0 In Part 1 of this article, I talked about the \u201cwhy\u201d and the \u201cwhen.\u201d\u00a0 Part 2 covers the \u201chow.\u201d<\/p>\n<p><u>HOW to use an NDA<\/u>.\u00a0 Once you\u2019ve figured out the why and the when, use the following tips and tricks as you work with NDAs:<\/p>\n<ul>\n<li><strong>Keep them fair and balanced.<\/strong> While you always want to try to avoid getting bogged down in contract negotiations, this is especially true for NDAs typically entered into at the outset of a relationship or where disclosure of specialized information is needed to further a business purpose.\u00a0 Counsel should work with business leaders to ensure the NDA template is fair and balanced. If a potential partner or vendor insists on their NDA, consider whether it is fair and balanced \u2013 if it is, it may not be the best time for a battle over whose form to use.<\/li>\n<li><strong>Make sure \u201cpurpose\u201d is defined.<\/strong> NDAs should include a description of why the parties are sharing information (a potential business relationship between them, a potential business combination, to allow your company to participate in an activity, etc.)\u00a0 This is usually defined as the \u201cPurpose.\u201d Defining the Purpose, and restricting the recipient\u2019s use of your CI to the Purpose, can help ensure contractually that information you disclose is not misused.<\/li>\n<li><strong>Avoid sharing customer records or personally identifiable information under an NDA. <\/strong>Be very careful if you want to share customer or employee records or other personally identifiable information under an NDA. You generally need other security protections that aren\u2019t in a standard NDA; your privacy policy might not allow it; you may not have the necessary permissions from the data subjects to share it; there may be specialized laws (e.g., HIPAA) that could be impacted; etc.\u00a0 If you need to share data to evaluate a new product or service, use dummy data.<\/li>\n<li><strong>Ensure \u201cConfidential Information\u201d covers what you want to share.<\/strong> Make sure the definition of \u201cConfidential Information\u201d is broad enough to cover all of the information that you\u2019re planning to share.\u00a0 Whether you are disclosing financial projections, business plans, network credentials, samples of new products, or other information, if it\u2019s not covered by the definition the recipient has no obligation to protect it.<\/li>\n<li><strong>Watch out for \u201cresiduals\u201d clauses. <\/strong>One dangerous clause to watch out for (and avoid) in NDAs is the \u201cResiduals\u201d clause.\u00a0 \u201cResiduals\u201d are what you retain in memory after you look at something (provided you don\u2019t intentionally try to memorize it).\u00a0 Residuals clauses let you use any residuals from the other party\u2019s CI retained in your unaided memory.\u00a0 However, it\u2019s next to impossible to prove that something was in someone\u2019s \u201cunaided memory.\u201d\u00a0 Residuals clauses are a very large back door to NDA requirements.<\/li>\n<li><strong>Understand the \u201cmarking requirements.\u201d<\/strong> NDAs generally require identification of confidential information so that the recipient knows that it should be kept confidential.\u00a0 For example, you generally have to mark any information in written disclosures as \u201cconfidential\u201d using a stamp, watermark, or statement in the header\/footer (don\u2019t forget to mark all pages of a document and its exhibits\/attachments in case pages get separated).\u00a0 Some NDAs require that confidential information disclosed orally has to be summarized in a written memo within a certain period of time in order to fall under the NDA \u2013 don\u2019t lose sight of this obligation, and consider steps to mitigate the risk if you have this requirement (e.g., a reminder in your lead management system to summarize when a note of a sales call is included).\u00a0 Other NDAs include a \u201ccatch-all\u201d to keep confidential any information where, from the circumstances of disclosure, the disclosing party clearly intended (or the recipient can determine) that it should be kept confidential.\u00a0 This last clause is a double-edged sword \u2013 it ensures the broadest possible protection for you, but also for the other party<\/li>\n<li><strong>Look at the \u201cnondisclosure period.\u201d<\/strong> Most NDAs have a defined period of time during which confidentiality obligations will apply to CI.\u00a0 Once the period ends, your CI is no longer considered confidential by the other party.\u00a0 If you are disclosing trade secrets, it\u2019s important that they are kept confidential forever, or until the information enters the public domain through someone else\u2019s acts or omissions. Also, consider language that requires the other party to securely dispose of your CI when there is no longer a business or legal need for them to possess it.<\/li>\n<li><strong>Control onward transfer.<\/strong> Ensure you\u2019re controlling the onward transfer of your CI.\u00a0 Generally, a recipient\u2019s onward transfer of your CI should <u>only<\/u> be permitted when (a) the receiving party is a business partner of the recipient (a contractor, subsidiary, supplier, etc.); (b) the receiving party needs to know the CI in furtherance of the Purpose; and (c) the receiving party is bound by written confidentiality obligations at least as strong as those in the NDA between you and the recipient.\u00a0 Make sure the NDA holds the recipient liable for any improper disclosure of CI by the third party so you don\u2019t have to go after the third party, and requires that data be transferred securely.<\/li>\n<li><strong>Watch out for overlapping confidentiality obligations. <\/strong>As I noted in Part 1, it\u2019s important to look out for duplicate confidentiality obligations governing the same confidential information.\u00a0 In some cases, a party may suggest that each party sign the other\u2019s NDA.\u00a0 In other cases, a party might try to keep an NDA alive after a services or other agreement has been finalized and signed.\u00a0 You should avoid having different confidentiality obligations govern the same agreement, as it can easily lead to a big fight over what contractual obligations and provisions apply in the event of a disclosure, distracting you from dealing with the actual breach of your CI.<\/li>\n<li><strong>Be mindful of your return or destruction obligations.<\/strong> In most NDAs there is a requirement for a recipient to return or destroy the discloser\u2019s CI, either upon request and\/or upon termination.\u00a0 Sometimes the discloser gets to pick between return and destruction, sometimes the recipient.\u00a0 In order to ensure compliance, make sure you limit disclosure of third party CI internally, and keep track of who has access to\/copies of it.\u00a0 Without tracking that information, it\u2019s very difficult to ensure return or deletion when the time comes.<\/li>\n<li><strong>Be careful sharing access credentials.<\/strong> If you&#8217;re sharing any network or other computer access credentials as part of the Purpose, ensure the NDA contains additional security obligations to maintain appropriate safeguards to protect access credentials, to limit use of them (no onward transfer), notification in the event the credentials are (or are suspected to have been) compromised, and an indemnity if the security obligations are breached.\u00a0 Remember, the Target breach began with the compromise of a subcontractor\u2019s network credentials.<\/li>\n<li><strong>Consider using electronic signatures.<\/strong> As I described in my earlier blog post, using an electronic signature system for NDAs can make the nondisclosure process even more quick and efficient, letting your business team get to sharing information sooner.<\/li>\n<\/ul>\n<p>There are other NDA issues as well, such as ensuring injunctive relief language is not too limiting or broad for your company\u2019s needs.\u00a0 As always, consult an attorney with expertise in NDAs (and a business-savvy approach) to ensure your company, its confidential and proprietary information and its trade secrets are properly protected.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nondisclosure Agreements (NDAs), a\/k\/a Nondisclosure Agreements (NAs), Confidentiality Agreements (CAs), Confidential Disclosure Agreements (CDAs), and Proprietary Information Agreements (PIAs), are something most business leaders and lawyers deal with from time to time.\u00a0 However, few companies have implemented policies stating why, &hellip; <a href=\"https:\/\/ericlambert.net\/blog\/2015\/06\/05\/the-why-when-and-how-of-confidentiality-agreements-part-2\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,4,7,9],"tags":[49,50,129],"class_list":["post-198","post","type-post","status-publish","format-standard","hentry","category-contracts","category-legal","category-negotiation","category-otherlegal","tag-confidential-information","tag-confidentiality","tag-nda"],"_links":{"self":[{"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/posts\/198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/comments?post=198"}],"version-history":[{"count":0,"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/posts\/198\/revisions"}],"wp:attachment":[{"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/media?parent=198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/categories?post=198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ericlambert.net\/blog\/wp-json\/wp\/v2\/tags?post=198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}