When should you consider having a non-disclosure agreement (NDA)?

A non-disclosure agreement (or NDA) is a legally binding document designed to stop a business’ sensitive, confidential information and data from being shared amongst people who aren’t authorised to have access to it.

You’ll often hear it called a ‘confidentiality agreement’ as well.

Its job is to not only show that your interactions with the people involved will contain disclosures of information that aren’t and shouldn’t be publicly known, but also that you expect your confidential information to be respected and protected by those it’s being shared with.

It puts them on notice that they can’t disclose the contents of conversations or materials that you share with them without your express, prior consent.

There are a few types of NDA:

• Standard confidentiality agreement (NDA): mutual
• Standard confidentiality agreement (NDA): one way
• Simple confidentiality agreement (NDA): one way

As this is their core purpose, NDAs are usually a single solution document and aren’t a replacement for a trading, employment or shareholder contract, for example.

Contracts such as those will contain many different obligations and requirements relating to the entirety of the business relationship, not just clauses relating to the handling of confidential information.

Instead, NDAs generally belong earlier on in business relationships, usually during the exploration of an opportunity that might later transform into a contractual arrangement.

Whether it’s one-way (when only one person or business is sharing confidential information) or mutual (when both parties are sharing and receiving confidential information), a good NDA clearly describes what information is classed as confidential, why the recipient(s) needs access to it, and what exactly the recipient is allowed to do with it.

When is an NDA needed?

You might want to use an NDA in the early stages of a business relationship, whether during initial discussions or before more formal contractual documentation containing confidentiality obligations are put in place (if ever).

Those recipients of confidential information might be:

• future contractors or suppliers
• potential employees
• co-founders
• target trading or joint venture partners
• agencies you outsource to (like building your website, looking after your IT security, helping you to develop your business plan)
• a target customer who may need to understand more about how your product or service works and what you’re aspiring to before being able to commit to a manufacturing or sales deal

Those you share your confidential information with under an NDA will know they have a legal responsibility to help you protect your trade secrets from being leaked or disclosed.

And they’re legally bound to do this even if your discussions don’t get very far and you don’t end up working together.

When might you not need an NDA?

You might not want to have an NDA with investors.

They tend to see numerous business plans and funding requests, and many of them are sector or industry experts, making them particularly alive to what rival businesses may be doing or planning.

Their level of access to confidential information isn’t dissimilar to the levels of data held by banks and professional advisers, and it can provide an investor with an excellent overview of who is doing what, how well and where the opportunities lie.

And yet, while banks and professional advisers are typically governed by codes of conduct and terms of business that require appropriate levels of client confidentiality and the robust protection of client business secrets, investors are generally not subject to the same obligations.

So it’s unsurprising that cross-pollination of new ideas and dilution of a first-mover advantage are risks that many startups and small businesses fear when contemplating how much to disclose to an investor.

However, investors are notoriously resistant to signing NDAs and can be unimpressed by requests to do so.

But the dilemma is, if you can’t demonstrate how different and innovative you are, you may lose the investor’s attention and fail to secure the vital funding you need.

Why do investors take this stance, and how much of a risk is it really?

Most investors will tell you that, as they have both your business’ interests and their own reputation for acting with integrity in mind, they’d have little, if any, incentive to disclose your confidential information without your consent.

They also point out that it would also be very impractical to sign NDAs for every startup that approaches them for funding.

Some have even said that they consider requests to sign NDAs naïve.

When won’t you need an NDA?

You won’t need an NDA with lawyers.

Lawyers are governed by a strict code of professional conduct that affects their permission to act as a recognised and qualified legal adviser in Ireland.

Protection of client confidentiality is one of the absolute requirements of this code of practice.

If lawyers breach the code’s requirements, they’ll have their practising certificate revoked and they can’t lawfully provide legal advice after that.

Your lawyer-client relationship will also automatically give you legal advice privilege (protection of information shared between you and the lawyers for the purposes of gaining legal advice) and litigation privilege (protection of information shared between you, the lawyers and any third parties during court proceedings).

The advantages of these two forms of protection are that, while others may want to know what your lawyer has advised you, there are only a few exceptions where this advice would be disclosable.

So, in almost all cases, you can tell your lawyer whatever you want, and they’ll keep that information secure.

These examples aren’t exhaustive – so, as a general rule, if you’re about to share confidential information with someone who could easily share it and could benefit from doing so, it’s strongly advised that you consider asking them to sign an NDA.

6 key details to include in your NDA

1. Who the parties are: i.e. you, the receiving party (whether individuals or businesses), and also, if relevant, any specific additional parties (such as group companies or advisors) with whom the receiving party may need to show the confidential information as part of the business relationship or opportunity under discussion.

2. What’s classed as confidential: It’s important that you clearly define ‘confidential information’ in your NDA; for example, unpublished customer lists, business plans, product ‘recipes’, code or financial budgets and projections.

And don’t forget to define the confidential contexts too, e.g. documents that have ‘confidential’ written on them, information that’s shared during certain meetings, etc. (Although if you get a bit carried away and mark everything as ‘confidential’, you may actually undermine any later argument that something genuinely protectable and valuable was in fact confidential and worthy of protection. Use labels wisely and apply them consistently.)

3. Why the confidential information is being shared. For example:

• A collaboration between several businesses to create a new product and bring it to market might well require the up-front disclosure of confidential information belonging to both the collaborating businesses, so that they can both test the viability of the proposed project and decide whether or not to go ahead.
• Conversations between a supplier and a new customer about the possibility of a new distribution deal may require the up-front disclosure of information relating to the product or service owner’s normal route to market, production timeframes, capacity to meet demand, margin expectations, other customers in the market, etc.

4. What’s expected of the receiving party: A good NDA will clearly state that the receiving party is not permitted to share confidential information with others or to use the information for any reason other than permitted by the NDA. If you want to create exceptions to this, you’ll need to state them very clearly in the document.

5. When information could be excluded from the protective requirements in the NDA: For example, the information may not be expected to be kept confidential if it’s later lawfully (with consent) made known to the public, or if it’s required to be disclosed as part of a legal or regulatory investigation or court action (although the receiving party should usually inform you of any such demands for disclosure in advance).

6. For how long the NDA is valid: This depends on your own specific situation. For example, the fast-moving technology industry may mean an NDA can only practicably be valid for a short while. This is because its contents are likely to become known and/or open within a short space of time; whereas a customer database could reasonably remain confidential for much longer.

It’s fine to take a pragmatic view here.

If all goes well with your business opportunity and you know that the end result will be fully public in a predictable time frame, then you can set your NDA duration to coincide with that predicted project time frame, or shortly afterwards.

If, however, what’s being discussed concerns, for example, patented technology or processes, you’ll need the NDA to ensure the information stays confidential until the patent application is made (or risk losing the patent protection afforded to them).

If information relating to patents is in discussion, we recommend that you take legal advice, as there are other protections that you may need to consider to help you avoid damaging your IP rights.

What can be done if an NDA is breached?

Firstly, you’ll want to gather as much information and evidence as possible to prove the breach of agreement (how and where the information was used or shared, for example).

You then typically have a number of options depending on how sure you are about the breach:

You’re not sure, but you have a reasonable suspicion:

Make contact with the person or business in question, alert them to your concerns and request confirmation that they have not breached the NDA by disclosing your confidential information without your permission.

This is the least inflammatory option; and if you’re unsure, it may be the best approach to maintain amicable relations.

However, you may not want to use this approach if you’re worried that an unlawful disclosure has already been made and the discloser may start to destroy the trail of evidence.

You’re pretty sure and you think a damaging disclosure can still be avoided or substantially mitigated:

You can send what’s called a cease and desist letter.

This is best for situations where damage hasn’t yet occurred (e.g. if you’ve discovered an employee or a contractor has copied some confidential information to their own devices but probably not yet sent it on anywhere).

The letter will request that the disclosing party stop doing so immediately and/or returns any copied information to you.

You could also consider whether you’re able to gently ‘incentivise’ the relevant person/business to be more respectful of your position, e.g. can you withhold a payment that you’re due to make to the discloser or stop any further discussions or collaboration activity until you have confirmation that they have not made an unlawful disclosure? (We recommend you have a quick chat with a lawyer if you’re considering this option.)

You might also consider using a mediator.

If the cease and desist letter is ignored, a third-party mediator may be able to provide you with support and authority in resolving the situation and minimising any damage that could otherwise be caused.

Mediation relies on both parties being willing to engage with the mediator and so whilst it is a very cost-effective dispute resolution option, it will not work in situations where the disclosing party refuses to accept that they may have done something unlawful.

Also, mediation can be a slow process, so should only be used when there is no urgency.

You’re convinced there’s been an unlawful disclosure or you’ve not made progress with any of the other options and, in the circumstances, you feel nothing else is likely to stop further damage being caused to you. (This may be particularly relevant if the disclosure has been made to a rival business who may be able to use this confidential information to their competitive advantage – or indeed, who might have already started to do so):

You can apply for an injunction.

An interim injunction can stop the NDA being breached further before and during court proceedings; and, if the court rules in your favour, a permanent injunction may be granted after a full hearing.

You could also be compensated for losses or damages to your business.