Data has always been important in the commercial world. The protection of confidential information is an essential part of running a business and many of us are hesitant about “sharing” with others.
Non-disclosure, or confidentiality, agreements are used to bridge this gap with third parties but how do they work and, more importantly, how effective are they?
The who, what, when, how and why
Non-disclosure agreements (NDAs for fans of acronyms) are contractual agreements entered into by a business with any third party with which they wish to share confidential information. They can take the form of a letter or a more formal agreement and obviously are best entered into before any information is shared.
NDAs require the recipient to make certain promises to the party disclosing the information about how they will treat what is disclosed.
Common obligations include:
- keeping the information secret and confidential;
- only using the information for the purpose(s) for which it was disclosed (ie if it was provided to a competitor for a potential sale of the business, the competitor cannot then use the information to adjust their pricing to gain a competitive advantage);
- not sending the information to any person except as expressly permitted by the NDA (employees and advisers will usually be permitted persons);
- notifying the disclosing party immediately on a breach occurring, or suspecting that one may occur; and
- destroying or returning all the information provided when requested by the disclosing party at any time.
These obligations are often accompanied by non-compete and non-solicitation undertakings relating to the customers, suppliers and employees of the company disclosing the information.
The rationale behind NDAs is that they clearly establish how a recipient can use the information being disclosed and the steps that it must take to protect that information. As with any contract, if the terms of an NDA are breached, the disclosing party can claim for damages.
But how much protection does this really give you?
When the cat is out of the bag
Most people would agree that an NDA is crucial to protecting confidential information, but it is important to understand the level of this protection.
As mentioned above, the breach of an NDA allows a company to make a claim against the other party for breach of contract. However, the calculation of damages can cause complications. A company will need to prove that the breach caused a quantifiable loss to the business – for example, before the breach the business was worth £10,000,000 but, following the breach, this was reduced to £9,000,000. Clearly, it will be very difficult to prove this loss, let alone show that it was caused by a breach of confidentiality.
As an alternative to damages, the disclosing party could apply for an injunction. This is a court order that can prevent the recipient of the confidential information from disclosing it to any other person and from approaching the customers, suppliers or employees of the disclosing company (if that is/was their intention).
From the above, you will have noticed something very important, and often forgotten, about the remedies available under NDAs. They are only available after the fact. It is easy to assume that having a well drafted and negotiated NDA in place will protect confidential information. In reality, it is simply a piece of paper that allows a company to seek compensation from the other party if they misuse the information.
While this seems a little doom and gloom, it should highlight the fact that an NDA is not a replacement for effective controls and procedures being put in place when sharing confidential information.
As an example, a company could consider making information available over a password protected virtual data room. Most data room providers allow for:
- a confidential watermark to be added to documents;
- the prevention of printing or copying of information;
- the monitoring of who has accessed the information; and
- access to certain documents to be limited to certain parties (this can be useful in a bidding process).
Alternatively, a company could only make the information physically available at its premises, preventing the other party from taking documents away or making copies without permission.
Whatever steps are taken, they are what is truly protecting the confidential information. An NDA should be seen as a deterrent, nothing more. After all, in our age of developing technology, once the information is out there, it’s out there.