6 Key Issues in Mutual Non-Disclosure Agreements

Commercial transactions often involve the disclosure of proprietary and confidential information by one or both parties to an agreement. To preserve the value of such information, the disclosing party typically expects the receiving party to sign a non-disclosure (NDA) or confidentiality agreement. Although NDAs can vary considerably, when both parties to an agreement wish to protect proprietary information, a mutual NDA will be negotiated.

NDAs are legally binding agreements designed to not only protect the disclosing party’s sensitive information and restrict its use by the receiving party, but also, in many cases, to preserve the confidential nature of the underlying transaction or relationship between the parties giving rise to the need for the NDA. Below are 6 key issues to consider when entering into a mutual confidentiality agreement.

1. Defining what information is protected

A critical first step in drafting a NDA is defining what information will be protected under the agreement. In many cases, NDAs apply not only to the information given to or accessed by the receiving party, but also to all notes, analyses, materials, and summaries prepared by the receiving party that are based upon such confidential information. Ultimately, the NDA’s scope of protection will depend on each party’s relative negotiating power and which party is the primary disclosing party.

The main disclosing party often pursues a broad scope of protection that includes all information relating to its business, including both tangible and intangible information, regardless of whether such information is marked or unmarked, and any confidential information which may have been shared prior to the actual date of the confidentiality agreement. Meanwhile, the primary receiving party typically seeks to limit the scope of protection, which can be accomplished by requiring that confidential information be labeled as “confidential” or “proprietary,” and by including only information disclosed as of the date of the NDA. Most parties can find middle ground by agreeing to use a “reasonableness standard” for defining the full scope of what constitutes confidential information. In other words, the NDA will protect as confidential any information which “a reasonable person under the circumstances would consider confidential.”

2. Restricting the scope of permitted use

Another important provision concerns the receiving party’s obligations with respect to the treatment, protection and utilization of the confidential information. Specifically, the NDA should detail how the receiving party may use the protected information, as well as with whom it can share such information (both inside and outside of the receiving party’s organization).

a. Purpose. In my experience, almost every single NDA limits the use of confidential information to a specific purpose. The purpose should be drafted narrowly, without preventing the receiving party from properly utilizing the information as originally intended. For example, if the parties are exploring opportunities to collaborate on a project and enter into an agreement for that purpose, then the NDA should restrict the use of any confidential information for purposes of the underlying project only, thereby preventing the receiving party from using such information to its own advantage (ie., in a side deal with a competitor of the disclosing party).

b. Recipients. Disclosing parties will generally permit their confidential information to be shared with the receiving party’s employees and other specified representative parties, but not without limitation. In most situations, such disclosure is permitted only to the extent that such parties (i) need to know the information in connection with the purpose, (ii) are informed of its confidential nature, and (iii) are bound by confidentiality obligations no less protective than those in the NDA. In some cases, these representatives are asked to sign a written agreement to uphold these obligations. Finally, for added protection, the NDA can include a provision which holds the receiving party legally responsible for any confidentiality breaches by its representatives to whom it discloses the information.

c. Manner. In addition to restrictions on permitted uses, the receiving party should be required to safeguard the confidential information from any unauthorized use, access or disclosure in accordance with a certain degree of care. For example, some NDAs will require the receiving party to use “a commercially reasonable degree of care,” while others will mandate “a standard of care no less than the standard used by the receiving party to protect its own confidential information.” A third option is to include both standards of care in the NDA and bind the receiving party to the higher standard if that is the standard used for its own confidential information. 

3. Carving out exclusions

There are always exclusions to the definition of confidential information in NDAs, but the extent to which certain information will be excluded can be negotiated. Typically, any information that is available to the general public through no fault of the receiving party is excluded from protection, as is information obtained by the receiving party on a non-confidential basis from a third party not bound by confidentiality obligations of its own with respect to such information.

Additional exclusions may be included for information that is either already in the receiving party’s possession prior to its disclosure by disclosing party or was independently developed by the receiving party without reference to or use of the confidential information. In these situations, it is common to require the receiving party to provide documentation in order to prove the exclusionary status of such information. Finally, the compelled disclosure of confidential information by order of a court or other legal entity is usually permitted under an NDA. However, the disclosing party will often seek to require that it be notified of such orders, and that the receiving party be obligated to ensure the confidential treatment of such information when complying with a legal order.

4. Returning confidential information

Most NDAs include a provision which requires the receiving party to return the confidential information upon the disclosing party’s request at any time, whether during the term of the agreement or after. Typically, a receiving party must return such information automatically upon expiration or termination of the NDA. In some cases, the disclosing party is given the right to compel the receiving party to destroy such information at its request, in lieu of returning it, and also to require a written confirmation of such destruction.

5. Imposing time limits

NDAs can be subject to a specific term, while the confidentiality obligation itself can persevere for a longer period of time. For example, the term of the NDA may be one (1) year, but the obligation to keep certain information confidential may be three (3) years. This extended term or “tail period” may begin on the date the information is disclosed, or it may start upon termination or expiration of the NDA. Some NDAs exist in perpetuity, along with their specific confidentiality obligations. However, most parties prefer to negotiate a reasonable amount of time for both the agreement term and the time period for the confidentiality obligations to endure based upon what makes sense in the situation. An interesting point to note is that trade secrets are typically protected for so long as they are covered by trade secret protection, and some NDAs will specifically include a provision spelling that out since this type of protection often well outlasts the term of an NDA or its confidentiality obligations.

6. Allocating Liability

When dealing with a party’s most valued and proprietary information, any unauthorized disclosure of such information can have serious consequences for that party. Accordingly, NDAs should always include liability provisions; and usually, they are comprised of three specific components:

a. No obligation or liability. This provision is intended to protect the disclosing party from liability in the event the receiving party makes a claim that it has suffered damages by relying on the disclosing party’s confidential information. To do this, the NDA will include a provision which states that the disclosing party makes no representation or warranty about the accuracy or completeness of the information being disclosed, and further that it is not liable to the receiving party (or anyone else, for that matter) for how such information is used by the receiving party or its representatives or for any errors or omissions that may be found within it. 

b. No transfer of ownership. Although this clause is not standard across all NDAs, it is helpful to clarify that disclosure of confidential information does not constitute a transfer of the title or a grant of any license in or to such information. This assertion can be a simple statement that the disclosing party remains the owner of any disclosed information, retaining its entire right, title and interest in and to such confidential information. By including this clause, the disclosing party can potentially avert any claims by the receiving party to having received an implicit license or right to use the disclosing party’s information for any purposes outside the scope of the NDA.

c. Equitable Relief. In the event the receiving party breaches its confidentiality obligations, it can be difficult for the disclosing party to quantify the harm done in the form of monetary damages. Therefore, NDAs usually include a provision allowing for injunctive or equitable relief. In this provision, the disclosing party is given the right to seek and be granted an injunction or other equitable relief in addition to any other remedies available to it under the agreement, at law or in equity. For example, if the receiving party posts some of the disclosing party’s confidential information on its website, or uses it for a purpose not permitted under the NDA, a court can mandate the immediate removal of such information from the website or otherwise require the receiving party to refrain from such unauthorized use.

Since many NDAs are negotiated prior to, or even simultaneously with, the negotiation of the underlying commercial transaction between the parties, it is good practice to include a provision that absolves either party from any obligation to enter into or further negotiate with respect to any agreement, whether related to the NDA or otherwise. This caveat ensures that the parties’ expectations are on the same page. So long as the NDA achieves its main goal of preserving and protecting the confidential information of each party, the parties can then hash out the terms of their relationship in other commercial agreements that they negotiate and execute outside of the confidentiality agreement. If you have questions about a non-disclosure agreement or a commercial transaction giving rise to one, please contact Kristin Kreuder at [email protected] or 203-803-8714. 

Kristin Kreuder is a Member of our NY-area team with over 23 years of legal and business experience in both public and private corporations and in major NYC law firms. Kristin handles a wide range of legal matters, including mergers and acquisitions; commercial transactions; technology, media, licensing and sponsorship; capital markets, venture capital and private equity transactions; and a variety of general corporate and governance matters.