The Lifecycle of a Business – Talking Non-Disclosure Agreements
Setting up and running your own business is an amazing achievement. It requires vision, creativity, motivation and stamina. On occasion, it can even bring you fame, riches and fortune. But it can also result in reams of paperwork and cause sleepless nights. And as someone once said to me about children “It doesn’t get easier, it just changes”, so the same can be said for your business throughout its lifecycle. From setting up to exit, it will force you to consider issues that you might not previously have known anything about and it will need you to make many decisions, sometimes very quickly. What it certainly is not is mundane.
With this in mind, the corporate team at Forsters, together with some of our specialist colleagues, has written a series of articles about the various issues and some of the key points that it may help you to know about at each stage of a business’s life. Not all of these will be relevant to you or your business endeavours, but we hope that you will find at least some of these guides interesting and useful, whether you just have the glimmer of an idea, are a start-up, a well-established enterprise or are considering your exit options. Do feel free to drop us a line or pick up the phone if you would like to discuss any of the issues raised further.
We’ve already discussed various topics, such as, set up, directors, funding, employment and shareholder-related matters, but now let’s concentrate on Commercial Contracts.
Talking Non-Disclosure Agreements
The use of confidentiality or non-disclosure agreements (an NDA) has come under press scrutiny over recent months, largely because of their abuse in relation to sexual harassment cases. Their use in the commercial and corporate world is, thankfully, far less sinister, but it is nonetheless important to understand how NDAs operate, when you might be asked to sign one and what you should look out for before signing one.
Why have an NDA?
In the corporate/commercial context, parties to a prospective transaction or commercial arrangement may need to disclose commercially sensitive business information to one another for the purposes of evaluating whether to enter into the transaction/arrangement. For example, a prospective investor who is considering providing funds to a tech company may insist on seeing ‘proof of concept’ or reviewing other competitive information prior to agreeing to invest. The tech company would of course be looking to protect itself against the prospective investor running off with its billion-pound idea. In a commercial scenario, a service contract will in all likelihood contain confidentiality provisions, but during the contract negotiations, a SaaS provider, for example, may need details about the prospective customer’s technical infrastructure or business processes in order to be able to tailor its service or evaluate whether it can in fact provide the service. In such a situation, it would be highly advisable for the prospective customer to seek the protection of an NDA.
An NDA aims to provide a level of protection for the party disclosing the confidential information (the Discloser) who is at risk of the information being:
- used on an unauthorised basis;
- misused to obtain a commercial advantage; or
- accessed by unauthorised parties due to a failure to protect it.
At what stage is an NDA required?
A Discloser should ideally ensure that the party receiving the confidential information (the Recipient) is bound by adequate confidentiality obligations prior to its disclosing the sensitive information. Although making a disclosure prior to such obligations being in place is not necessarily fatal from a protection point of view, an NDA executed after a disclosure has already been made will need to expressly apply to any such disclosures; this could require jumping through some additional contract law hoops relating to ‘consideration’ and so should be avoided if at all possible.
What should an NDA include?
The structure and level of detail included in an NDA are generally driven by the type and sensitivity of information being disclosed (e.g. trade secrets or sensitive personal data), the reason for the disclosure, the identity of the Recipient (e.g. is it a large company with multiple employees and advisors or a single individual?), the Recipient’s standing in the market (e.g. is it a potential competitor of the Discloser?) and the timing of the exchange of information.
Some NDAs may be structured as full form agreements whereas others might take the form of a shorter form letter agreement but either way, the NDA should deal with the following elements:
What is classified as “confidential information”?
A Discloser is likely to prefer a broad, catch-all definition which identifies illustrative categories of confidential information, rather than an exhaustive or more precise definition which could result in loopholes.
However, information will not necessarily be deemed to be “confidential information” simply because it is defined as such in the NDA and attempting to capture non-sensitive information may result in the courts ruling that the NDA is unenforceable. The information in question must be worthy of some protection, for example because the Discloser may suffer damage if the information were to become commercially available to its competitors.
The parties will also need to clarify what is excluded from the definition. This will usually include information already in the public domain or developed independently by the Recipient.
What is the term or duration of the NDA?
This will depend on the particular transaction, but an NDA may endure indefinitely, for a specific term or it could terminate upon the occurrence of a particular event (such as completion of the Recipient’s acquisition of the Discloser’s company).
An indefinite term shouldn’t be included as a matter of course; the sensitivity of most confidential information will decrease over a period of time and in such a case, the courts may deem an ever-lasting NDA to be unreasonable. The parties should instead consider what would be a reasonable term in the context of their transaction/arrangement, taking into account the type of information, how long it is likely to retain its commercial significance and any security measures that the Discloser requires to be put in place.
How may the confidential information be used?
An NDA will likely detail the purpose for which the confidential information may be used, for example in the Recipient’s evaluation of a transaction.
It is also likely to include certain other circumstances when disclosure of the confidential information will not be deemed a breach of the NDA. For example, a Recipient should be permitted to disclose the confidential information if ordered to do so by a court or regulatory authority.
The Recipient’s treatment of the confidential information?
A Discloser may require the Recipient to implement certain security measures to safeguard the confidential information, which could include record-keeping obligations, protective software, restrictions on the number of physical copies that may be made and so on. The parties should try to strike a balance between the sensitivity of the information, the term of the NDA and the security measures the Recipient is required to implement, as it may be too onerous for the Recipient to be obliged to maintain costly security measures in respect of information that isn’t particularly sensitive.
The NDA may also provide that the Recipient must return or destroy the confidential information upon request by the Discloser or upon termination of the NDA. Again, the parties will need to strike a balance as the Discloser may want this requirement to be unconditional, whereas the Recipient may have a legitimate need to retain the information in case it is required to disclose it to a regulatory or other authority, or it may be impractical to destroy the information or guarantee to erase every last piece of data from all of its systems which may be stored on historic encrypted back-ups.
Consideration should be given to the treatment of information which the Recipient creates itself, but which derives from the disclosed confidential information, such as internal reports, notes, analyses and so on. This is likely to be a particular issue where the Discloser and Recipient operate within similar industries or even compete with one another. In the context of acquisition discussions which break down, the Discloser will want to ensure that these derivative materials are destroyed, lest they be used by the Recipient to develop a similar product or otherwise compete against the Discloser.
What are the remedies for breach?
When an NDA is breached, the Discloser faces the challenging task of proving the loss incurred, often complicated by questions of remoteness, foreseeability and mitigation. To address these challenges and ensure adequate protection, NDAs may include various remedies. For example, liquidated damages provisions set predetermined amounts which are payable upon breach. While, on the plus side, this enables complex evidentiary issues to be bypassed, the Discloser should take care that the agreed amount is not disproportionate to its legitimate interest, otherwise a court may rule that it is an unenforceable penalty.
Additionally, NDAs often expressly reserve the right for the Discloser to pursue equitable remedies, such as an injunction to stop the breach. In reality, it is these types of remedies which a Discloser is likely to want to pursue to prevent the confidential information from being circulated more widely, although once a breach has occurred, the damage has often already been done.
Restrictive covenants
Sometimes the Discloser requires an added layer of protection in the form of restrictive covenants to prevent, for example, the Recipient from soliciting the Discloser’s customers, employees and suppliers, particularly if they are an existing or potential competitor.
Health warning
In the main, Recipients have no intention of acting dishonourably, understand the need to enter into an NDA and are happy to comply with their confidentiality obligations. However, it is important to bear in mind that while NDAs serve as important legal tools in focusing the parties’ minds and deterring breaches through the threat of legal consequences, they are not absolute barriers against the unauthorised use or disclosure of confidential information and cannot physically prevent a determined Recipient from misappropriating your sensitive data.
Enforcement relies on the ability to detect the breach and pursue prompt legal action using the remedies provided for in the NDA. As such, it is recommended to seek legal advice to ensure that your NDA is tailored for your transaction/arrangement and includes remedies relevant to your particular circumstances, while also using those tried and tested terms that the courts have ruminated over time and time again. Using such terms helps to create certainty between the parties and their legal advisors as to what is meant by the provisions and also assists the courts, in the event of a dispute, to correctly interpret the terms of the NDA and make an appropriate order.
If you have any queries about the above or wish to discuss your NDA requirements in more detail, please get in touch with your usual Forsters’ contact or any member of the Forsters’ Corporate team.
Disclaimer
This note reflects the law as at 24 May 2024. The circumstances of each case vary and this note should not be relied upon in place of specific legal advice.