Why Non-Disclosure Agreements May Not be Appropriate During Initial Discussions
Non-disclosure agreements are common between companies that share sensitive information. These agreements, typically designed to prevent ideas or technology from being copied or disclosed, have been around for years. Recently, however, companies have found themselves having to confront not just the challenge of information being shared voluntarily, but also that information being stolen by hackers, as reports of data breaches continue to make headlines.
Companies have certain obligations to protect personal information relating to consumers. These duties extend to arrangements with outside parties who are given access to this sort of information. Given the frequency with which incidents of hacking have occurred, businesses are justifiably concerned. Some have sought increased protection in the form of elaborate protocols in NDAs. While these kinds of provisions can be useful in certain situations, they don’t always make practical sense, particularly early on in the business relationship.
The NDA process can be looked at in two stages. The first comes during the discussion stage, when the two sides initially approach one another about a potential deal. The second comes later, after a relationship progresses and a definitive agreement has been signed. While contractual warranties, covenants and remedies can be essential as more information is being shared, there is often little benefit to introducing an NDA with these protocols if there is no commitment other than to discuss a proposed transaction. There are several reasons why.
For starters, including a bunch of complex provisions in the NDA involves a lot of legal work and can lead to protracted discussions between the two sides. This complicates things and can create delays in what is otherwise a fairly straightforward process. NDAs can pile up over the life of a startup. Repeated, unnecessary delays slow down the business, which can create problems in an environment where speed is often critical.
Also, it might not even be relevant. Not every business relationship involves the sharing of personal information, particularly during initial discussions. If you're worried about disclosures, the best way to keep this material secret is to not share it in the first place. This is especially true if the NDA allows, as many do, for the receiver to share the information with its advisors on a need-to-know basis. The more people that have the information, the more potential sources there are for a leak. In some instances, it might even make sense to explicitly ban the sharing of personal information if it isn’t needed to evaluate the transaction.
The party that is sharing the information must also consider the kinds of risks they are asking the other side to take early in the relationship and try to gauge whether it corresponds to the potential benefits. In the early stages it can be difficult for the receiver to determine the potential return of a proposed relationship. Agreeing to a bunch of legal commitments when there is no guarantee of a transaction, let alone a profitable one, is often unappealing.
If the parties do decide to enter into an NDA, that agreement should contain standard carve-outs from the definition of confidential information, such as information that is publicly available, through no fault of the receiving party, information that is developed independently by the receiving party without reference to the confidential information, etc. In addition, there should be no liability for the receiving party if it discloses information under court order, so long as it seeks confidential treatment (though it may not be successful). NDAs typically create a large amount of potential liability for the recipient if the recipient receives personally identifiable information about the discloser's users or other sensitive information. If such information is not necessary (and it generally would not be at the early stages of transaction discussions), a covenant should be added that no disclosure of such information will be made and, though the recipient would do its best to protect such information, no liability should arise if it was wrongly provided and the recipient's systems are hacked.
To be sure, there are times when including more elaborate protections in NDAs can be beneficial, particularly after a relationship has developed and a definitive agreement is in place. At that point, it make sense to consider putting a more comprehensive agreement in place. Another solution could also be to make disclosures of confidential information in escrow.
But in the beginning stages, a NDA with elaborate protocols often serves only to complicate the relationship and can potentially scare off a potential business partner. It's worth noting too that NDAs can also be difficult to enforce. Litigation over these kinds of disputes can be expensive and it’s often not easy to prove the actual source of the information. The best way to protect personal information and other confidential material is to keep it to yourself. Worry less about the NDA and simply share with the other side only what they need to know to evaluate the transaction. If information was shared and the transaction doesn’t go forward, include language in the agreement that requires confidential information, including that in e-mails and other online documents, be restored or destroyed.