When NDAs Go Bad: Proactive and Timely Steps to Protecting Your Company Against NDA-Related Disputes
Non-disclosure agreements (“NDAs”) serve a pivotal role in advancing research and development. NDAs enable parties to collaborate using information that its owners would otherwise be unwilling to share absent the protections NDAs afford. While NDAs can take many forms and be individually tailored to each situation, the basic premise is typically the same: at least one party possesses confidential information (for example, a new product, valuable research, special know-how, etc.) that it will share with the other party in furtherance of a common goal (producing the product, using the research, performing a task requiring the know-how, etc.). In exchange, the receiving party agrees to keep that information secret and not otherwise take the knowledge for its own use without permission. Sometimes the collaboration is successful; but other times, despite the parties’ best efforts, the project stalls and the sides part ways – amicably or not.
As with any contract, disputes may occur, particularly when the results fall short of the goal. Litigation is sure to arise when, a year or two later, a company announces a product that its former collaborator finds a bit too similar to the aborted joint project. No one likes to be sued, but being accused of (and possibly found liable for) misusing someone else’s confidential information can be especially troublesome for a business. The other company is a thief in the plaintiff’s eyes (and pleadings) – an accusation that can turn away customers or investors, and generate negative public opinion. Even if the breach resulted from a misunderstanding, others may now be reluctant to share sensitive material with the accused company for fear of being its next “victim,” which can harm sales, development, and more.
The potential for this public relations headache is why extra care and attention should be paid to ensuring compliance with an NDA. Unfortunately, various factors can make this task difficult, particularly in larger companies that handle numerous NDAs or where a great number of people may be involved. Below are some suggestions your company can take when entering and working under an NDA that may strengthen certain defenses in a later litigation, or hopefully help avoid a dispute altogether.
1. Make Employees Aware
An NDA’s terms most directly apply to the engineers, scientists, technicians, or others actually working with the received confidential information. But many of them never actually see the document, which is often signed and retained by an executive or general counsel. This is a critical mistake – those with the greatest need for the information should be aware of their responsibilities in protecting it. Provide a copy of the NDA to any employee you expect will access the received confidential information and get at least a written acknowledgement from those employees that they have received and reviewed the agreement. This can even be made mandatory within the NDA itself. For example, a form to be executed by the receiving employee may be included as an Appendix to the agreement. The employee can sign and return the form upon receipt. Copies of such acknowledgements can also be exchanged among the parties.
This practice serves several purposes. First and foremost, it lessens inadvertent disclosure by employees, who are now explicitly aware of their obligations not to misuse or divulge confidential information. A better-informed employee can more easily avoid information-sharing mistakes. Second, requiring written acknowledgements may limit the number of employees exposed to the confidential information. Employees (or their supervisors) with only a tangential or trifling need to see the material may decide it is not worth the effort of complying with the rigid formalities of the NDA, thereby shrinking the potential pool of responsible employees to only those truly requiring access. Finally, obtaining written acknowledgements is a great way to track viewers or custodians of the confidential information. For example, if materials need to be collected for return to the disclosing party, the signed forms provide a self-contained list of employees who should be asked for such documents to return. You will also know exactly who your most likely witnesses are should a dispute arise.
2. Set Automatic Calendar Reminders
An NDA seldom includes only a single date or deadline. In addition to an expiration date for the agreement, the NDA will typically recite another (usually later) date when confidentiality obligations cease. For example, although the NDA’s basic terms could expire (or be cancelled) tomorrow, the parties may still have to avoid disclosing or using confidential information for another three years. An NDA can also have deadlines for renewing or extending the agreement (e.g., thirty days before expiration), for returning or destroying confidential information in the receiving party’s possession (e.g., ten days after expiration), and for submitting notices to the other side regarding various aspects of the agreement, among other things. So, there are potentially many dates to track from a particular NDA, and if your company sees hundreds of agreements a year, remembering all those dates is impossible.
Every company has a computerized calendar in some form, but people do not often think to input contract dates in their calendars, particularly for NDAs. Setting automated reminders for as many of these dates as possible is a great way to make sure your company does not miss an important milestone and potentially expose the company to litigation. Having calendar alerts also minimizes the possibility of entirely overlooking actions that need to be performed. Many agreements expire long after work on the project has already ceased, so deadline actions triggered by the expiration date might otherwise slip through the cracks because the NDA or the disclosing party is no longer front of mind. For example, forgetting to return confidential material to the disclosing party can create long term issues for potential dispute, either by creating implications that your company used the information still in its possession or by providing an opportunity to mistakenly use it contrary to the agreement. Rather than simply executing the NDA and filing it away, automated reminders should be set for your company’s protection.
3. Centralize Storage
Not all confidential information warrants protection by armed security guards and simultaneous key turning (although the disclosing party may believe differently), but the concept of centralizing and limiting access to the received materials is instructive. Accidental disclosure or misuse is more likely to occur when access is unfettered and employees have documents lying unsecured on their desks. When possible, physical embodiments of the confidential information (e.g., printed documents, prototypes, samples) should be kept in a single, preferably securable location, such as a lockable cabinet. It may also be advisable to have employees sign in and out when removing and returning the materials. That way, it can be easier to track who has what and where.
Digital information is trickier, but comparable procedures can be implemented to secure the material. Many companies (particularly after COVID-19 accelerated the transformation to remote work) now have centralized servers or cloud-based document storage options. If the disclosing party allows, it is preferable to set up a folder or other similar structure in the server or cloud and encourage employees to store documents referencing or relating to the confidential information in that location, rather than on their local hard drives. This reduces unnecessary and uncontrolled proliferation and lessens the danger from localized security breaches; it is, however, crucial that these central locations have appropriate security safeguards to prevent unauthorized outside access – so it is ideal to have the folders containing confidential information password protected or restricted to particular internal users. Many document management software programs can limit access to specified folders to select individuals or groups, and wall off others. In some of these programs, the very existence of the file or folder may be invisible to employees without proper credentials. In short, it is much easier to maintain control over confidential information when it resides in one or two known and secured locations, as opposed to being scattered between offices or individual personal computers.
4. Document Interaction
Make sure at least one person involved with the confidential information is a good note taker. Work performed under an NDA often involves multiple meetings, telephone calls, and/or video conferences, both internally and with the disclosing party. It is important to document these calls/meetings carefully and contemporaneously, and then store those notes safely. The minutes should ideally list all of the attendees and the subject matter discussed. For instance, issues may arise when it is discovered for the first time during a deposition years later that Bob, an employee unaware of the NDA, showed up at just one of many meetings about the confidential information and then started using what he learned there in his own work. By tracking attendees, your company can know who was at the meetings and whether follow-up is needed with them to emphasize their responsibilities under the NDA (and obtain a signed acknowledgement, as discussed above).
Moreover, some confidential information may only be communicated verbally during one of these meetings, rather than in a document or physical manifestation. Meeting notes help establish whether (or not), when, and to whom such information was communicated. Without a document trail showing the receipt (or non-receipt) of confidential information, these notes may be the only physical evidence available regarding information exchange. If a disclosing party claims they told your company’s employees of their special widget during a meeting and legitimate documentation from that meeting exists indicating the contrary, your company is already in a better position than engaging solely in a battle of employee memories. Of course, when technically possible and if all parties agree, recording a meeting via audio/visual means can accomplish this task as well.
5. Demand Clarity
Many NDAs require that information deemed confidential be marked as such – for example, by placing a “Confidential” or similar label on appropriate documents. The receiving party benefits from this requirement because it allows the receiving party to clearly distinguish between information that needs protection and information that does not. But these NDAs are usually very forgiving for the disclosing party if they forget to label – unmarked information must typically be treated as confidential regardless, and if specifically brought to its attention, the disclosing party has a grace period to revise labels as appropriate.
It is in your company’s own best interest to make sure a disclosing party is following the rules. If information is received that may only arguably be confidential and is not marked, bring it to the disclosing party’s attention and get the issue resolved right away. The disclosing party may otherwise believe the information is confidential, the receiving party may believe it is not based on the lack of marking, and now a fact-finder or jury is deciding who is right. Avoid that later dispute and make the disclosing party be clear up front.
6. Proactively Limit Overreach
A disclosing party’s solution to the above problem might be to mark everything confidential and save themselves the trouble. But this overreach can be just as difficult for a receiving party as a lack of sufficient marking, since it inhibits clarity on what is permissible under the agreement. An NDA always defines the scope of confidential information, and usually excludes information previously publicly available or already known to the receiving party. To protect your company from overreach, search for articles, published patent applications, advertisements, or other similar publicly available information relevant to the project. Better still, request copies of that information from the disclosing party. Collect all of it, preferably before the collaboration gets heavily underway, and store it in a secure place with date stamps.
This research serves two primary purposes. First, having it on hand during the collaboration helps those working on the project to know, at the time, which received information needs protection and dissuades the disclosing party from over-designating. Second, doing the research up front shows diligence from the start, which will have better appeal to a fact-finder or jury in the event of a dispute. Third parties (judges, arbitrators, jurors) may perceive research conducted after the fact as an effort to excuse a breach, whereas early research can lessen the impression of wrongdoing.
7. Exercise Your Rights
Perception can have a powerful impact on a fact-finder or jury. When the evidence suggests one side received everything and gave nothing, the odds of successfully defending a breach suit may drop, even if – technically – that side is right under the letter of the contract. There is a worthwhile benefit in being able to show some important contribution to the project. Accordingly, particularly when the NDA is mutual, be sure your company is protecting its own information. For example, conspicuously label your company’s own confidential information appropriately when sharing it with the other side, and remember to request return or destruction of any of your company’s confidential information in the other side’s possession. Even when the NDA is not mutual, be sure to contemporaneously document everything your company gives to, or shares with, the other side during development to establish that the flow of information is not a one-way street. Juries are more willing to side with a party that actively collaborated in the process than a party that sat back and raked in the other side’s content.
There are no guarantees when it comes to litigation. But by following these steps before, during, and after an NDA’s term, your company can reduce the opportunities for breach (or perceived breach) and bolster its defenses with diligence.