Businesses across the world spend an incredible amount of time and therefore money trying to get Confidentiality or NDAs in place with their numerous prospective customers or suppliers before they can even start talking to them about buying or selling their products or services. As I was reviewing yet another NDA recently, I thought there must be a simpler and better way of addressing the issue of establishing the principle of confidentiality for disclosures made during the course of routine sales negotiations for products and services.
Although I entirely accept that other transactions may very well justify an individually crafted NDA, in essence such agreements are all very similar indeed and should be relatively straightforward. Although some of the detailed wording of each NDA has historically been different, at heart they all:
- limit disclosure, generally on a ”need to know” basis;
- restrict use to discussions and evaluation related to the prospective transaction which is under consideration; and
- oblige the parties to put in place a reasonable level of security to safeguard the information they have been given.
A new approach?
Therefore it occurred to me, how much simpler and cheaper would it be to develop some sort of even-handed NDA, one that parties in negotiations could adopt to govern their discussions, without having to sign anything and without having to conduct extended (or even any) discussions about choice of law and jurisdiction, indemnities for breach etc.
This approach will not appeal to everyone. After all, every company wants to make sure their agreements are watertight and drafted to their own individual satisfaction. But is the expenditure of time and effort on each and every occasion remotely worth it? Almost certainly not, particularly considering the sums involved. Given how rarely breaches of confidentiality occur in relation to sales-related information (and query if most of the information is even really confidential at all?), surely it makes sense to use, so far as possible, a standard document that:
- has been tailored so as not to favor one party or the other;
- omits provisions that are inessential and that are likely to prove contentious; and
- achieves the essence of what both parties want from the document?
Such an approach would also avoid delay and enable the parties to get into discussions without first having to endure negative or destructive arguments that could damage the goodwill they are trying to foster before they have even got past first base.
As with most contracts, the key must be to try to make yourselves as easy to do business with as possible, while acting reasonably to protect your own interests. With that in mind, wouldn't it be great if the parties could simply agree in an exchange of e-mails, taking no more than a few minutes, that all discussions will be treated as being subject to an independently developed and widely trusted NDA? I therefore started trying to develop just such a document.
A new type of document
I checked a fairly standard NDA template to ensure it covered the three essential elements described above and modified it by removing any inessential part that was likely to prove contentious. Examples of the clauses I omitted are below - some containing more balanced wording as an alternative:
Choice of law and jurisdiction
- Although for most commercial contracts such choices are extremely important for reasons of certainty, in reality they are nearly always contentious in an international context because each party has its own preference. In other situations it is worth spending the time having the debate and reaching a definite choice, but in this context I would suggest it is not. Most, if not all, jurisdictions recognize confidentiality as a fundamental concept and the basic laws of confidentiality are very broadly the same. Therefore choice of law makes relatively little difference.
- In terms of jurisdiction, I would also argue this can be omitted. Very few NDAs end up the subject of court proceedings and where they do, the parties might very well welcome having the flexibility to bring proceedings in the most appropriate court, depending upon the circumstances.
Marking documents confidential
- Often there is a provision stating that disclosures only count as confidential if they are marked as such or, where disclosed orally, they are subsequently identified in writing as being confidential. These requirements to my mind ignore practical reality. Genuinely confidential information should not lose protection simply because it is not stamped as “confidential” (although that is always a risk).
- Equally, identifying oral disclosures and confirming that the information is confidential would be a practical administrative nightmare, likely to never be complied with when it comes down to it, with the result that genuine confidential information is again at risk if this is made a contractual obligation.
Deletion of copies
- There is frequently a requirement to delete all copies of confidential information held electronically. Let's face it, the time when confidential information was only handed over physically in hard copy form has long since passed. Most disclosures are now made electronically and then further distributed internally, electronically, by the recipient, often as e-mail attachments. That confidential information will then be reflected in many different versions of draft reports, e-mail discussions, draft contracts etc.
- It is simply impractical to expect all of those copies to be deleted. Locating each and every copy (including back-ups) would be almost impossible. Even were it to be achievable, the recipient would typically want to keep archive copies for risk/liability management purposes so that they could establish, if necessary, what had been disclosed and to whom, and what use had been made of the information.
- Much better to recognize practical reality and provide that where copies are retained they are not used other than for record-keeping purposes, and that the information must continue to be treated as strictly confidential.
Indemnities for breach
- These are becoming more and more common, and I believe this is an unwelcome development. They have a superficial attraction for disclosing parties, particularly if they are - as is typical - entirely unlimited in terms of the scale of any liability. However, not surprisingly, they are incredibly contentious for recipients of information - and query if they actually achieve what the disclosing party intends.
- Indemnities are entirely dependent upon their drafting to determine their scope. Usually they are drafted in extremely broad terms eg. “an indemnity in respect of all losses suffered as a result of a breach…”
- Those seeking the indemnity would presumably argue that it makes it much easier to establish a claim, should that be necessary, and all-inclusive wording avoids arguments about what types of losses can be claimed. I am not sure that is true. Any claimant would still have to prove the scale and validity of any particular losses claimed and that they were suffered as a result of the breach. This is the case with or without the benefit of an indemnity.
- As you would expect, information recipients do not favor such indemnities. Again, it is feared that, depending on the way they are drafted, an indemnity may have the effect of expanding the scope of potential liability - which would exist at law anyway under a simple claim for damages. Such additional liability might not be covered by insurance, depending on the terms of any policy.
- Given these issues and the fact that any injured party still has the benefit of a claim for damages in the event of a breach, I do not believe that the inclusion of an indemnity for general loss is worth the arguments that undoubtedly follow.
Guarantees of information security
- Absolute guarantees of information security (effectively, strict liability provisions) in the event of any unauthorized access can be considered by some as unduly onerous.
- NDAs generally fall into two discrete types: some seeking to impose absolute security requirements and some requiring that a party “puts in place the same security measures that they do to protect their own equivalent information but at a minimum, exercising reasonable skill and care.” The simplified draft NDA I am proposing follows the latter option.
Individual employees' obligations
- Obligations to get individual employees to sign specific confidentiality obligations in favor of the disclosing party would be extremely problematic and burdensome from an administrative point of view. In reality it almost certainly would never happen and is arguably unnecessary. Employees and others to whom confidential information can be disclosed are routinely subject to confidentiality obligations by virtue of their contract of employment or engagement terms.
- Therefore I have proposed a more sensible and acceptable middle ground whereby any recipient must make sure that any employee or representative who receives confidential information must be subject to corresponding confidentiality obligations and the receiving party must take reasonable action to enforce the same where necessary.
Accuracy of Information
- It is pretty typical for NDAs to expressly provide that the disclosing party gives no warranty whatsoever regarding the accuracy or completeness of the information disclosed. Although the basic rationale for this can be understood where the parties are simply in pre-contractual, preliminary discussions and where no money is changing hands, it has always struck me that this perhaps goes too far. The draft NDA therefore includes some limited warranties to the effect that, so far as the disclosing party is aware, the information is not materially misleading.
- It then goes on to state that the only obligation on the disclosing party is to correct the misleading impression reasonably promptly once it comes to its attention. That seems a better and more reasonable balance.
I am certainly not claiming that my draft NDA is perfect, far from it. No doubt it can be improved and refined and in that respect I would welcome discussion and feedback. In addition, to some extent I realize I have been deliberately provocative in order to illustrate the general point made above that a huge amount of time and money is wasted negotiating NDAs, when the process could be so much simpler and cost effective.
Copies of the draft NDA can be downloaded from http://www.trglaw.com/LegalUpdates.html.
Please let me know what you think (by emailing me at email@example.com) and, more importantly, whether you think your company might adopt a similar approach if a suitable “independent” NDA was available.
Tune into the IACCM 'Ask the Expert' webinar titled The European Community's proposals for a Common European Sales Law and notions of 'good faith' that occurred 19 May 2015 (open to IACCM members).
ABOUT THE AUTHOR
Paul specializes in technology, outsourcing and other types of commercial contracts. His experience encompasses IT and Business Process Outsourcing contracts, contractual joint ventures, teaming agreements, technology/IP licenses and exploitation, e-commerce related and data protection issues and regulations governing online trading and marketing.
A regular speaker at public and client conferences, for several years Paul has presented the Contract Law paper at the Commerce & Industry Group's Annual Legal Update for 200+ in-house lawyers.