Author/contributor
Rebekah Opara
Associate
Key Takeaways
- NDAs are essential tools in various business and employment contexts. They are designed to protect sensitive information by outlining the terms and conditions for sharing, protecting, or destroying it.
- NDA trade secret clauses often involve debate and negotiation over the duration of confidentiality, security measures, and definitions, while PII clauses raise concerns about conflicting obligations and potential data misuse.
- Careful drafting of NDA clauses, clear definitions of sensitive information, mechanisms for addressing conflicts, and mutual compromise between parties are crucial for effective protection while ensuring fairness and compliance with relevant laws and regulations.
Non-disclosure agreements (NDAs) have become a staple in numerous business and employment contexts, serving as a tool to protect sensitive information. But how familiar are you with the challenges of some of the more controversial provisions in NDAs?
NDAs set out the terms and conditions under which information to be shared is disclosed, protected, or destroyed. They also include information on relevant laws, the duration of the confidentiality arrangement, and related issues. In this article, we look at two potentially controversial clauses: the trade secrets and personally identifiable information (PII) clause and the Trade Secrets clause.
Legal Implications of NDAs
Companies often use NDAs to protect their interests when entering business arrangements. During NDA negotiations, parties discuss and compromise with the goal of arriving at a mutually agreeable middle ground on various terms.
In this process, certain key provisions of NDAs are often the subject of extensive debate and controversy. This could be due to the sensitivity or complexity of the issues addressed in such provisions. Understanding the context of these provisions and the reasons behind their controversial nature would help navigate these provisions and appreciate the NDA process generally.
Trade Secrets
Trade Secrets are generally understood to be information that is unique, valuable, not generally known, and protected by reasonable security measures. By their nature, trade secrets are considered highly confidential by the owners of such information. Hence, disclosers of trade secrets usually require stringent protections for such information when negotiating NDAs.
These stringent requirements could include that trade secret information be treated as confidential for a longer time frame than other confidential information covered by the NDA, that trade secrets be kept safe by heightened security measures or disclosing parties could include expansive trade secret definitions.
On the other hand, parties receiving information would often resist such expansive requirements. Receiving parties may prefer trade secret information to be kept secret for a specific time frame, trade secrets to be clearly marked, to be provided only with the consent of the receiving party, or they may want to avoid broad definitions. Such opposing preferences give rise to the contentiousness of trade secret provisions.
While navigating the trade secret provision in your NDA, it is crucial to consider the potential consequences that could arise from the final trade secret clause that emerges at the end of negotiations. For instance, a time limit placed on confidentiality obligations of trade secrets would place the trade secrets covered by the NDA at risk.
Where the NDA requires trade secrets to be marked, failure to do so could negatively affect a trade secret claim. Similarly, where consent is required by the NDA, disclosure of trade secrets without obtaining receiving party consent can also negatively affect a trade secret claim.
Personally Identifiable Information
Data has arguably become one of the world’s most valuable resources and a major component of business discourse and analysis. This has led to increased concerns about data privacy, data justice, and data misuse. In the context of PII, this refers to information that can be used to infer an individual’s identity either directly or indirectly. Examples of PII include a person’s name, social security number, passport number, biometric information, etc. Like trade secrets, PII is another category of sensitive information exchanged in some NDAs.
There exist various laws and regulations that protect personal data. These include the:
- General Data Protection Regulation (GDPR) in the European Union;
- California Consumer Privacy Act (CCPA) in the United States;
- Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada;
- Data Protection Act in the United Kingdom;
- Gramm-Leach-Billey Act; and the
- Health Insurance Portability and Accountability Act (HIPAA), to name but few.
In addition to relevant laws, parties may also require contractual protections for PII in NDAs. But what if the PII requirements of one party do not align with those of the other?
One potential issue with PII clauses in NDAs is the potential for conflicting obligations. For example, an NDA may require the recipient to keep PII confidential, while at the same time, the recipient may be required by law to disclose this information to a third party, such as a regulatory authority. In such cases, the recipient may face a conflict between the obligations under the NDA and the legal requirement to disclose the information.
Another issue is the potential for the misuse of PII. If an NDA does not adequately address the protection of PII, there is a risk that the recipient may misuse this information, such as using it for marketing purposes without the consent of the data subjects.
Understanding the potential consequences of unlawfully exposing PII is also an important consideration in navigating the PII clause. These consequences include:
- Risk of Litigation: Broadly speaking, personal data controllers and processors are legally mandated to adopt adequate safeguards to protect the data they handle. Failure to do this could lead to lawsuits.
- Regulatory Violations: Violation of data protection regulations results in consequences for companies, including the attraction of hefty fines. GDPR violations could attract fines as high as €20 million, or 4% of a company’s annual global turnover (whichever is higher).
- Reputational Damage: Trust is a valuable currency for businesses, and data leaks are a fast way to lose the confidence of clients.
To address these concerns, it is essential to carefully draft the PII clause in the NDA. The clause should clearly define what constitutes PII, outline the permitted uses of this information, and provide mechanisms for addressing potential conflicts between the NDA and legal requirements to disclose PII. Additionally, the clause should include provisions for the secure handling and storage of PII, as well as procedures for addressing any unauthorized disclosure or misuse of this information.
By harnessing the power of outsourcing routine contract review, you can navigate these controversial provisions of NDAs with ease. By engaging specialists, you’ll receive guidance on navigating complex NDA clauses and make sure your NDAs are written clearly and specifically tailored to the risks they aim to mitigate.
Additionally, outsourcing can help clarify situations where some NDA restrictions will not apply, like disclosures required by law or to regulatory authorities. Overall, outsourcing NDAs can enhance their enforceability, protect sensitive information, and mitigate risks associated with controversial provisions.
Final Thoughts
NDAs will continue to serve an important role in protecting proprietary information in a competitive business environment. However, navigating controversial NDA provisions requires first, that such provisions be explicitly broken down from the drafting stage of the NDA so that parties to the NDA clearly understand the responsibilities entailed in such clauses.
Compromise by all parties to the NDA is also crucial, to arrive at a mutually agreeable middle ground. Negotiators must ensure that disclosing parties are assured by the NDA provisions that their sensitive trade secrets and PII data are secure, while avoiding protections that are unreasonable or overly cumbersome for receiving parties. Further, receiving parties must properly represent that they have adequate security measures in place to protect all sensitive information in accordance with relevant laws.
Ultimately, successful navigation of controversial NDA provisions hinges on comprehensive understanding, transparent communication, and a commitment to finding mutually beneficial solutions. If you still have any questions about specific clauses in your NDA, reach out or download our Legal Outsourcing Brochure to learn more about our unique approach to contracts management.
Disclaimer: This article is made available by Sterlington for informational purposes only. It is not intended to provide specific legal advice and should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Using this website does not establish any attorney-client relationship between Sterlington and yourself.