Do Internet Companies Overuse Nondisclosure Agreements?
By Eric Goldman
Nondisclosure agreements (NDAs) are often called the “Silicon Valley Handshake.” In some circles, any conversation beyond pleasantries requires an NDA. However, NDAs have underappreciated and potentially strategic consequences. How did such an important agreement become so ubiquitous, and is ubiquity a good thing?
NDAs facilitate the disclosure of trade secrets. A trade secret is information that is valuable and secret. Information disclosed to third parties remains a trade secret if an NDA requires the recipient not to disclose it. Information disclosed without an NDA usually loses its trade secret status.
Thus, using an NDA permits the discloser to sue the recipient for trade secret misappropriation if the recipient breaches the NDA. Further, because the information remains a trade secret, the discloser can sue third parties who misappropriate the information. Additionally, if the disclosed information is also patentable, an NDA may help defer the deadline to file a patent application.
With these important benefits deriving from using NDAs, it’s easy to see how NDAs have become de rigueur in Internet circles. However, further analysis shows some downsides.
Companies need to manage information they receive under an NDA. Specifically, employees must segregate restricted from unrestricted information, know the applicable NDA restrictions, and manage their use and disclosure in accordance with those restrictions. Realistically, most people can’t do this.
Worse, few Internet companies have any information intake or management systems. Without a system, the company can easily inadvertently breach its NDAs.
This problem is compounded by NDAs that restrict all shared information, whether exchanged formally or casually. These NDAs assume that employees cannot properly identify what information to disclose—thus, better to govern all information disclosures under an NDA than lose possible protections. But if employees can’t properly disclose information, how can they properly manage incoming information?
Some companies avoid this problem by using one-way NDAs that protect only information they disclose (not information they receive). However, Internet professionals invariably expect equal treatment, so it’s impossible to consistently use only one-way NDAs.
An NDA is enforced through trade secret litigation, which usually involves messy disputes over what information was disclosed, when, under what terms, and how the recipient used it. For this reason, trade secret cases often require an expensive and time-consuming trial of facts and absorb significant employee and management mindshare. Plus, while money damages can be awarded in a trade secret case, money damages rarely are adequate compensation for the actual harm the discloser experienced. Finally, disclosing companies can rarely tell if a recipient has breached an NDA.
Given the undesirability of using lawsuits to enforce NDAs, companies can minimize their risk by not disclosing sensitive information in the first place. It is usually better to avoid the problem than rely on litigation after the fact. Occasionally, a company must disclose its “crown jewel” information, but these events should be noteworthy and thus handled carefully.
How Much Information Is Really Secret?
Surprisingly little information needs to be kept secret. Consider this acid test: given the expense and hassle of trade secret litigation, would the company sue to stop someone from using the information? If the answer is no, then an NDA is unnecessary. Usually a company has a few core really valuable assets that meet the acid test, but most information disclosed in day-to-day business relationships do not.
NDAs can handcuff competition. Say two indirect competitors sign an NDA while doing a deal. Company A discloses a future business or product plan to Company B under the NDA. Is Company B now foreclosed from pursuing that plan? While exceptions in the NDA may allow Company B to proceed without breaching the NDA, it has significantly more risk even if it proceeds legitimately. If Company B aborts a desired business or product plan due to the NDA, the strategic consequences can be enormous.
Many people believe NDAs are an essential part of every relationship. But given their strategic and legal consequences, signing an NDA should be anything but routine.
Some companies—notably IBM—refuse to sign NDAs unless they must receive confidential information, and only then for specifically identified information (not everything under the sun). Other companies—notably Intel and Microsoft—include “residuals” clauses that eviscerate NDAs by excluding from the NDA’s restrictions any information their employees remember.
Learning from these examples, Internet companies should teach employees to identify when truly valuable information must be disclosed, require an NDA only in those cases, and keep secret other sensitive information. Targeted information disclosure and NDA practices should speed up transactions by minimizing negotiations, reduce the overhead of managing and tracking NDAs, and reduce reliance on lawsuits to protect valuable corporate assets.
The Author: Eric Goldman (email@example.com) is General Counsel of Epinions (http://www.epinions.com) and an adjunct professor of cyberspace law at Santa Clara University School of Law. This article reflects the author’s personal perspectives, which do not necessarily reflect those of his employer.