iven their strategic and legal consequences, signing nondisclosure agreements should be anything but routine.
Nondisclosure agreements (NDAs) are often called the "Silicon Valley Handshake." In some circles, any conversation beyond pleasantries requires an NDA. However, NDAs have underappreciated and potentially strategic consequences. How did such an important agreement become so ubiquitous? And is ubiquity a good thing?
NDAs facilitate the disclosure of trade secrets. A trade secret is information that is valuable and secret. Information disclosed to third parties remains a trade secret if an NDA requires the recipient not to disclose it. Information disclosed without an NDA usually loses its trade secret status.
As a result, using an NDA permits the discloser to sue the recipient for trade secret misappropriation if the recipient breaches the NDA. Further, because the information remains a trade secret, the discloser can sue third parties that misappropriate the information. Additionally, if the disclosed information is also patentable, an NDA may help defer the deadline to file a patent application.
Given the important benefits that are derived from using NDAs, it's easy to see how the agreements have become de rigeuer in Internet circles. However, further analysis shows some downsides.
Information Management
Companies need to manage information they receive under an NDA. Specifically, employees must segregate restricted information from that which is unrestricted. Also, they need to know the applicable NDA restrictions, and manage their use and disclosure of information in accordance with those restrictions. Realistically, most people can't do this.
Worse, few Internet companies have any information intake or management systems. Without such systems, it is very easy for a company to inadvertently breach its NDAs.
This problem is compounded by NDAs that restrict all shared information, whether exchanged formally or casually. These NDAs assume that employees cannot properly identify what information to disclose - thus, better to govern all information disclosures under an NDA than lose possible protections. But if employees can't properly disclose information, how can they properly manage incoming information?
Some companies avoid this problem by using one-way NDAs that protect only information they disclose rather than information they receive. However, Internet professionals invariably expect equal treatment, so it's impossible to consistently use only one-way NDAs.
The Limits of Litigation
An NDA is enforced through trade secret litigation, which usually involves messy disputes over what information was disclosed, when it was disclosed, under what terms, and how the recipient used it. For this reason, trade secret cases often require an expensive and time-consuming trial of facts and absorb significant employee and management attention. Plus, while money damages can be awarded in a trade secret case, they rarely provide adequate compensation for the actual harm caused by the unlawful disclosure. Finally, disclosing companies can rarely tell if a recipient has breached an NDA.
Given the undesirability of using lawsuits to enforce NDAs, companies can minimize their risk by not disclosing sensitive information in the first place. It is usually better to avoid the problem than rely on litigation after the fact. Occasionally, a company must disclose its "crown jewel" information, but such circumstances should be noteworthy and handled carefully.
Surprisingly little information needs to be kept secret. Consider this acid test: Given the expense and hassle of trade secret litigation, would the company sue to stop someone from using the information? If the answer is no, then an NDA is unnecessary. Usually a company has a few core assets that meet the acid test, but most information disclosed in day-to-day business relationships does not.
NDAs also can handcuff competition. Suppose that two indirect competitors sign an NDA while doing a deal. Company A discloses a future business or product plan to Company B under the NDA. Is Company B now foreclosed from pursuing that plan? While exceptions in the NDA may allow Company B to proceed without breaching the NDA, it has significantly more risk even if it proceeds legitimately. If Company B aborts a desired business or product plan due to the NDA, the strategic consequences can be enormous.
Many people believe NDAs are an essential part of every relationship. But given their strategic and legal consequences, signing such agreements should be anything but routine.
Some companies -- notably IBM -- refuse to sign NDAs unless they must receive confidential information, and only then for specifically identified information. Other companies -- Intel and Microsoft, for example -- include "residuals" clauses that eviscerate NDAs by excluding from the NDA's restrictions any information their employees remember.
Learning from these examples, Internet companies should teach employees to identify when truly valuable information must be disclosed, require an NDA only in those cases, and keep secret other sensitive information. Targeted information disclosure and NDA practices should speed up transactions by minimizing negotiations, reduce the overhead of managing and tracking NDAs, and reduce reliance on lawsuits to protect valuable corporate assets.
Eric Goldman is general counsel of Epinions (www.epinions.com) and an adjunct professor of cyberspace law at Santa Clara University School of Law. His email address is eric@epinions-inc.com.
