Data has always been important in the commercial world. The protection of confidential information is an essential part of running a business and many of us are hesitant about “sharing” with others.
Non-disclosure, or confidentiality, agreements are used to bridge this gap with third parties but how do they work and, more importantly, how effective are they?
The who, what, when, how and why
Non-disclosure agreements (NDAs for fans of acronyms) are contractual agreements entered into by a business with any third party with which they wish to share confidential information. They can take the form of a letter or a more formal agreement and obviously are best entered into before any information is shared.
NDAs require the recipient to make certain promises to the party disclosing the information about how they will treat what is disclosed.
Common obligations include:
These obligations are often accompanied by non-compete and non-solicitation undertakings relating to the customers, suppliers and employees of the company disclosing the information.
The rationale behind NDAs is that they clearly establish how a recipient can use the information being disclosed and the steps that it must take to protect that information. As with any contract, if the terms of an NDA are breached, the disclosing party can claim for damages.
But how much protection does this really give you?
When the cat is out of the bag
Most people would agree that an NDA is crucial to protecting confidential information, but it is important to understand the level of this protection.
As mentioned above, the breach of an NDA allows a company to make a claim against the other party for breach of contract. However, the calculation of damages can cause complications. A company will need to prove that the breach caused a quantifiable loss to the business – for example, before the breach the business was worth £10,000,000 but, following the breach, this was reduced to £9,000,000. Clearly, it will be very difficult to prove this loss, let alone show that it was caused by a breach of confidentiality.
As an alternative to damages, the disclosing party could apply for an injunction. This is a court order that can prevent the recipient of the confidential information from disclosing it to any other person and from approaching the customers, suppliers or employees of the disclosing company (if that is/was their intention).
From the above, you will have noticed something very important, and often forgotten, about the remedies available under NDAs. They are only available after the fact. It is easy to assume that having a well drafted and negotiated NDA in place will protect confidential information. In reality, it is simply a piece of paper that allows a company to seek compensation from the other party if they misuse the information.
While this seems a little doom and gloom, it should highlight the fact that an NDA is not a replacement for effective controls and procedures being put in place when sharing confidential information.
As an example, a company could consider making information available over a password protected virtual data room. Most data room providers allow for:
Alternatively, a company could only make the information physically available at its premises, preventing the other party from taking documents away or making copies without permission.