Newsletters & Blogs

The Hidden Risks of Nondisclosure Agreements

What Life Sciences and Technology Startups Need to Know

“The brands that innovate best do so with an exceptional embrace of collaboration.” ~Stephen Nowak

Innovation rarely happens in a silo. But collaboration can also be a double-edged sword.

Working with potential investors, creditors, clients, vendors, service providers, and other stakeholders to bring a new technology or service to market requires the open flow of communication and ideas. But communicate too much—without the right precautions—and your startup can lose everything.

In advising our technology and life sciences startup clients, two common mistakes we often see made in this respect are:

  1. Assuming that all NDAs are basically the same (and don’t need counsel’s review), and
  2. Thinking that a confidentiality agreement is the only thing you need to protect your intellectual property.

Here’s what you need to know.

What is a nondisclosure agreement (NDA)?

At its most basic, a nondisclosure agreement or confidentiality agreement is a contract between two parties to keep certain information secret.  It can be drafted as a standalone contract or included as a sub-part of a larger agreement, such as a master services agreement.

There are two types of NDAs; (1) unilateral; and (2) mutual.

Where only one party is sharing information, the NDA is unilateral and binds only the receiving party to restrictions on when and how the information can be shared.  This is often the case with employment agreements that restrict an employee from sharing confidential research or trade secrets.

As its name implies, a mutual agreement, which is more common in joint business ventures or collaborations, imposes obligations on both parties to keep one another’s respective information confidential.

When should you use an NDA?

NDAs are commonly used in:

  • Dealmaking between a company and investors or buyers
  • Contracts between a company and a service provider, such as a contract research organization or technology service provider
  • Employment agreements that protect the use of a company’s proprietary information from being used by an employee or contractor outside the scope and course of their employment

The types of information subject to NDA protections may include things like client lists and networks, trade secrets, intellectual property, and other proprietary information such as manufacturing processes or formulas.

Ideally, you should have an NDA in place before disclosing or receiving any confidential or proprietary information to or from an outside party. If you do share confidential information before having an NDA in place, any future NDAs should be drafted to encompass any information shared prior to the agreement.

Checklist of Key Clauses in an NDA

Every nondisclosure agreement should be tailored to the specific situation.  Still, there are several basic components that you can expect to see in most NDAs. We take each in turn below.

Parties to and purpose of the agreement

This preliminary section is fairly straightforward.  It sets out the parties to the agreement and the reason that they need to share confidential information.

This clause will often also specify associated third parties, such as employees, associates, and advisors who are covered by the agreement. For example, the agreement might specify that the information is only to be shared with the executive level of a corporate entity whereas other agreements might allow for information to be shared with professional advisors or service providers, such as insurers, lenders, or counsel.

What information is considered “confidential”

An NDA should specify what types of information are considered “confidential” by the agreement, usually by listing specific items or by defining the types of information that are covered.  Some agreements require that confidential information be explicitly marked or identified as such with a stamp or watermark.

It’s also important to specify what types of information are NOT considered confidential.  This includes information that is already known to the public or a third-party source, was known by the recipient before entering into the agreement, or is independently developed by the recipient.

Recipient obligations

The obligations that come with a confidentiality agreement seem simple enough—don’t leak the specified information.

Yet there are many situations in which the recipient could still harm your business interests without having to disclose your protected information—a contract research organization could provide your proprietary process as a service to your competitors, your employee could use client lists to build their own book behind your back, or a competitor could be tipped off to your business prerogatives just by simply knowing that you are in talks with a certain investor.

As a result, your NDA should specify exactly how and when confidential information is permitted to be used.  Including non-solicitation, non-competition, and non-use provisions can help guard against these risks.

Some agreements may also detail specific measures, like password protection or data encryption, that are required to prevent inadvertent disclosure. Similarly, they may also require that confidential information only be disclosed to agents and employees who have a need to know.

Including specific precautionary measures can be especially important for trade secrets; failing to show that you’ve taken reasonable measures to keep the information confidential can destroy its protection as a trade secret.

Duration and return of information

Confidentiality obligations can be burdensome and expose the recipient to the risks associated with an inadvertent breach.  As a result, an NDA’s duration should balance its relative utility in enabling the exchange of ideas against the burdens of keeping that information confidential for longer than necessary. In the life sciences and technology startup space, where innovations often have a limited shelf life, most NDAs range from a period of months to a few years.

Every agreement should also specify what happens to confidential information at the end of the NDA period. Must the information be returned, destroyed, or indefinitely secured?

In the case of trade secrets, it’s also important to ensure that when the NDA terminates, there is a continued obligation of the receiving party to keep information pertaining to the trade secret confidential; a trade secret is only considered so if it is kept “secret.”

What happens if the other party won’t sign an NDA?

Venture capitalists and angel investors are often reluctant to enter into NDAs because of restrictions that may impact the deal-making process.  In many instances, asking a VC to sign a disclosure agreement can show a lack of trust and understanding and may irretrievably harm your chances of securing funding. Likewise, larger companies may agree to an NDA, but on their own (and sometimes one-sided) terms.

The benefits and costs of an NDA must be considered alongside the overall benefit of the bargain with a specific party. It may be worth foregoing the NDA if other protections can be put in place to minimize unnecessary disclosures.

How else can a startup protect its intellectual property?

If you don’t have an NDA in place (and even if you do), there are some simple but important steps you can take to reduce the risk of your company’s proprietary innovations being stolen or misappropriated.

1.    Do your due diligence.

In addition to making a cursory search of any adverse information involving another party to your collaboration, you should also ask what processes and procedures they have in place to protect confidential information.

If you’re dealing with a large company that has a reputation to maintain, chances are that they have robust systems and standards in place to protect your company’s confidential information. On the other hand, if you’re dealing with a smaller entrepreneurial company that hasn’t established a track record, the risks may be higher and the need for diligence more acute.

2.    Re-evaluate whether confidential information really needs to be shared.

In working with our clients to prepare or review an NDA, we often discover that it’s not as necessary as first thought to release confidential information to continue the relevant conversation or negotiation. Similarly, we might be able to further narrow the scope of information that needs to be disclosed.

Before entering into an NDA or disclosing confidential information, take a few minutes to evaluate if the anticipated disclosure is really needed to move the relationship forward.

3.    NDAs are not a DIY Project

The internet abounds with self-help remedies.

But just because you can YouTube a “fix for your car” or “how to stitch up a flesh wound” doesn’t mean it’s always a good idea to do it yourself.

You pay your mechanic and doctor for the peace of mind that comes with hiring an experienced and competent professional.

So why would you trust your business’s most valuable asset, your intellectual property, to a template or a one-size-fits-all checklist?

While taking shortcuts with your legal can be tempting, it is inevitably more costly in the long run. Every startup should have a trusted legal advisor who can bring a holistic view to identifying important intellectual property and ensuring that the right safeguards are in place to protect it.

The Crowley Law team provides ongoing proactive legal counseling to help start-ups identify and mitigate risk at every stage of your journey. If you need assistance drafting or reviewing your organization’s NDA or have other questions regarding how best to protect your intellectual property, contact us today.



About the Author

Contact Our Firm