One of the most common agreements entered into by an emerging company is the confidentiality agreement, also known as a non-disclosure agreement (“NDA”). You are likely to routinely be involved in discussions with third parties about possible collaboration or partnering, and in these situations it is customary (and recommended) to enter into an NDA before proceeding with substantive discussions involving the disclosure of confidential information. Whenever possible, you should try to use your own form of NDA which has been provided by your attorney. However, as a startup you are likely to often be in the position of reviewing the other party’s form NDA, and if you are dealing with a much larger company, you may not have much, if any, negotiating leverage. In an effort to help you help yourself, this blog post focuses on ten key issues to consider when reviewing another party’s form NDA.
1. Consider the Context. In preparing or reviewing any NDA, it is important to understand the purpose of the discussions between the parties as well as what type of information is likely to be disclosed and by whom. Different clauses in an NDA will inevitably be more or less problematic depending on the type of information being disclosed and the nature of the potential transaction being considered.
2. One-Way vs. Mutual. When you are presented with a one-way NDA, always consider asking for a mutual NDA instead. Besides the fact that mutual NDAs are less likely to have clauses favorable to just one side, business discussions are almost always a two-way interaction. For the remainder of this blog, we will assume that the NDA in question is mutual with identical obligations imposed on each party in its role as either the discloser or the recipient of confidential information.
3. Identification of Confidential Information. Every NDA should have a clear definition of the information that must be kept confidential. NDAs often include a requirement that the recipient identify or mark every item of confidential information as “CONFIDENTIAL” in order to bring such item under the protection of the NDA. Such NDAs would typically also require that confidential information that is disclosed verbally be identified as such at the time of disclosure, and then followed up with a written notice describing the confidential information that has been verbally disclosed. An alternative provision, seen less frequently, puts the burden on the recipient by stating that all information provided, other than that which is already in the public domain should be deemed confidential information. In either case, it is important to understand and be prepared to comply with the requirements applicable to you.
4. Limited Use and Non-Disclosure. Make sure the NDA states the permitted use of the confidential information and make sure that the permitted use is limited to use only in connection with the specific business arrangement at hand. Also, although it may seem obvious, ensure that the recipient has an affirmative obligation not to disclose the discloser’s confidential information. The NDA should permit disclosure to only those employees and advisors who actually “need to know” the information to evaluate the relationship and also have confidentiality obligations with respect to your proprietary information. The NDA should also specify that the recipient of confidential information should be responsible for any breach of the NDA by its employees or advisors.
5. Treatment of Proprietary Information. The recipient should be required to take reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of confidential information, and, in any event, should be required to use no less than the same standard of care in preserving the secrecy of the discloser’s confidential information as they use for their own confidential information.
6. Residual Memory Clauses. Residual memory clauses generally provide that the receiving party has a right to use any confidential information retained in the unaided memories of their employees who had access to the information. Large technology companies often include residual memory clauses in their form NDAs, not necessarily because they plan to send “Mr. Memory” in to review your source code, but because they are concerned about getting sued if they develop technology that resembles that of a company to which they have had access. From the startup’s perspective, a residual memory clause is a red flag, and if it cannot be stricken from the NDA, then careful consideration should be given as to what information should be shared.
7. Term and Termination. Stand-alone NDAs (unlike a term sheet or letter of intent) typically do not require a party to disclose confidential information, but rather mandate confidential treatment of information that is disclosed. Accordingly, most NDAs allow either party to terminate the NDA at any time upon written notice It is very important to make sure that the confidentiality obligations extend past the termination of the NDA. How long they last past termination should be based on the sensitivity of the information being disclosed and how fast the confidential information becomes obsolete. From the discloser’s standpoint, the most protective approach is for the confidentiality obligations to continue indefinitely so long as the confidential information transmitted remains non-public – otherwise confidential trade secrets could be lost upon the expiration of a fixed term. However, in the fast moving internet and digital media sectors, anywhere from two to five years is generally the norm – the appropriate term will depend on the information being disclosed and the context.
8. Ownership. Your top priority is maintaining ownership of your confidential information. Ideally, NDAs should acknowledge that no right, title, or license to any confidential information or any other intellectual property right of either party is being conveyed under the NDA. Also, depending on the type of information or items being disclosed by you, it may make sense to ensure that there is a prohibition on reverse-engineering included, so that the other company can’t use your technology to acquire your proprietary information for itself.
9. Exceptions. NDAs generally include several standard exceptions to their obligations for information that is already known to or independently developed by the recipient or is already in the public domain. There is typically also a limited exception to confidential treatment if the recipient is compelled by a subpoena, court order, securities laws or other legal requirement, to produce the discloser’s confidential information. In these instances, the recipient should be required to notify the disclosing party in advance of the required disclosure so that the disclosing party has the opportunity to seek a protective order or confidential treatment, as applicable. If there are additional exceptions included in an NDA, they should be carefully reviewed for potentially detrimental consequences.
10. Return or Destruction of Confidential Information. Once an NDA has been terminated, the recipient will have no reason to use the discloser’s confidential information. The Agreement should require the other party to either return or destroy all of your confidential information in its possession. If destruction is required, you will want an officer of the other company to send you a written certification testifying to the destruction.
In the course of coping with confidentiality agreements, there will be times when you are confronted with a potential collaborator that refuses to revise its standard NDA, even though it raises some of the above concerns. In those instances, you will need to weigh the benefit of proceeding with the discussions under a sub-optimal NDA against the risks posed to your company’s confidential information. Consider getting legal advice to help assess these risks, and if the decision is made to proceed, pay particular attention to the specific information being disclosed.