You Signed an NDA. Now What?
Updated: Jul 15
NDAs allow parties to cooperate using information owners would be unwilling to share absent the protections they afford. The basic premise is that at least one party has confidential information it will share with the other party to further a common goal. In exchange, the receiving party agrees to keep the information secret and not take the knowledge for its own use without permission.
Like any contract, disputes may happen, particularly when the results fall short of the goal. Being accused of misusing someone else’s confidential information can be troublesome for a business. The other company is a thief in the plaintiff’s eyes – an accusation that can turn away customers or investors and generate negative publicity. Even if was a misunderstanding, others may be reluctant to share sensitive material with the company.
A potential public relations problem is one reason why attention to NDA compliance is important. Here are some steps your company can take when working under an NDA that may strengthen defenses in a litigation, or help avoid a dispute altogether.
NDA terms most directly apply to those working with the received confidential information. Many of them never actually see the document, usually signed and kept by an executive or lawyer.
This is a mistake Those with the greatest need for the information should be aware of their responsibility to protect it. Give a copy of the NDA to any employee you expect to access the received confidential information. Think about getting a written acknowledgement from they that they have seen the agreement. This could be made mandatory in the NDA itself.
This reduces unplanned disclosure by employees, who now know their obligations not to misuse or divulge confidential information. A better-informed employee more easily avoids information-sharing mistakes.
Requiring written acknowledgements may limit the number of employees exposed to the confidential information. Supervisors may decide it is not worth the effort of complying with rigid NDA formalities and shrink the pool of responsible employees to only those truly need access. Getting written acknowledgements is a way to track viewers or custodians of the confidential information. If materials need to be collected for return to the disclosing party, the signed forms become a list of employees who should be asked. You will also know exactly who your most likely witnesses are if there is a dispute.
Besides an expiration date, an NDA will typically recite a later date when confidentiality obligations end. It can also have deadlines for renewing or extending the agreement, for returning or destroying confidential information, and for submitting notices to the other side on various aspects of the agreement. There are potentially many dates to track from an NDA. If your company sees a lot them, remembering all those dates is impossible.
Setting automated reminders for as many of these dates as possible is a way to make sure your company does not miss an important milestone and expose the company. Having calendar alerts also reduces the risk of overlooking actions that need to be taken. Many NDAs end long after work on the project has stopped. Deadline actions triggered by the expiration might otherwise fall through the cracks because the NDA or the disclosing party is no longer front of mind.
Not all confidential information needs protection by special measures, but centralizing and limiting access to received materials may be useful. Accidental disclosure or misuse is more likely to happen when access is open and employees have documents lying unsecured on their desks. When possible printed documents, prototypes and samples should be kept in a single lockable cabinet. It may also be useful to have employees sign in and out when removing and returning the materials.
Digital information is trickier, but similar actions can be used to secure the material. Many companies have centralized servers or cloud-based document storage options. If the disclosing party allows, it is better to set up a folder in the server or cloud and encourage employees to store documents referencing or relating to the confidential information there. This reduces needless spread and lessens the danger of localized security breaches. It is crucial that these central locations have appropriate security safeguards to prevent unauthorized access. Many document management software programs can limit access to specific folders to select individuals or groups, and wall off others. It is easier to keep control over confidential information when it sits in one or two known and secured locations.
At least one person involved with the confidential information needs to be a good note taker. Work performed under an NDA often involves multiple meetings, telephone calls, and video conferences. It is important to document these carefully and store those notes safely. The minutes should list all of the attendees and the subject matter discussed. By tracking attendees, you can know who was at the meetings and whether follow-up is needed with them to emphasize their responsibilities under the NDA.
Some confidential information may only be communicated verbally during one of these meetings. Meeting notes help establish whether or not, when, and to whom the information was communicated. Without a document trail showing the receipt (or non-receipt) of confidential information, these notes may be the only physical evidence available regarding information exchange. If a disclosing party claims they told your company’s employees of their secret during a meeting and legitimate documentation from that meeting exists showing the contrary, your company is in a better position than engaging in a battle of employee memories. When technically possible and if all parties agree, recording a meeting means can accomplish this task as well.
Many NDAs require that information deemed confidential be marked as such. The receiving party benefits because it allows it to clearly distinguish between information that needs protection and information that does not. But NDAs are usually very forgiving for the disclosing party if they forget to label. Unmarked information must typically be treated as confidential regardless, and if specifically brought to its attention, the disclosing party has a grace period to revise labels as appropriate.
It is in your best interest to make sure a disclosing party is following the rules. If information is received that may only arguably be confidential and is not marked, bring it to the disclosing party’s attention and get the issue resolved. The disclosing party may otherwise believe the information is confidential, the receiving party may believe it is not based on the lack of marking, and now a jury is deciding who is right. Make the disclosing party be clear up front.
A disclosing party’s solution to this problem might be to mark everything confidential. This overreach can be just as difficult for a receiving party as is a lack of sufficient marking It inhibits clarity on what is permissible under the agreement. An NDA always defines the scope of confidential information. It usually excludes information previously publicly available or already known to the receiving party. To protect from overreach, search for articles, published patent applications, advertisements, or other similar publicly available information relevant to the project. Better still, get copies of that information from the disclosing party. Collect all of it, preferably before the collaboration gets deeply underway, and store it in a secure place with date stamps.
This does two things. Having it on hand during the collaboration helps those working on the project to know which received information needs protection and deters the disclosing party from over-designating. Doing the research up front shows diligence from the start, which will have better appeal to a fact-finder or jury in the event of a dispute. Third parties may see research conducted after the fact as an effort to excuse a breach. Early research can lessen the impression of wrongdoing.
Perception can have a powerful impact on a jury. When the evidence suggests one side received everything and gave nothing, the odds of successfully defending a breach suit may drop, even if – technically – that side is right under the letter of the contract. It is worthwhile to being able to show some important contribution to the project. Be sure your company is protecting its own information.
Label your company’s own confidential information appropriately when sharing it with the other side and remember to request return or destruction of any of your company’s confidential information in the other side’s possession.