What Risks are Associated with Signing a Non-Disclosure Agreement?
Non-disclosure agreements (NDA) are often used in the technology world as a form of legal control. Many organizations even exchange NDAs amongst themselves; however, an NDA is never risk-free. When looking at an NDA from the perspective of an organization that is asked to sign an NDA that favors another party, that organization is being asked to agree to the following:
- Agree that another organization is giving them some sort of sensitive information
- Agree that they won’t disclose that sensitive information to unauthorized people
- Agree that they are not going to use that sensitive information in their organization without authority
Although these stipulations may appear to be cut-and-dry, they are not. These conditions can often be hard to comply with, regardless of the size of your organization, and it is typically recommended that an organization who has been asked to sign an NDA seek the advice of legal counsel. In most cases, legal counsel will be able to assist you in negotiating the terms of an NDA to avoid any potential breaches of contract and reduce the risks of signing an NDA.
For example, many NDAs have a clause that defines the amount of time that you are not to disclose the sensitive information. If an organization asks that you won’t disclose their information forever, that places you at a greater risk of violating the NDA. You might instead offer that you would be willing to sign a limited NDA, and request that the obligation for disclosure be only six months. You might also include a clause that limits your liability so that you aren’t exposed to unlimited liability if you breach the NDA.
Ultimately, before you agree to sign an NDA, we recommend that you pause and think carefully about it, seek legal counsel, and think about how you can negotiate a narrower scope for various obligations.
In the technology world, a common form of legal control is a non-disclosure agreement. It’s very common that organizations will exchange non-disclosure agreements among themselves. It’s common, for example, that a vendor might come to a corporate customer and say, “I want you to take a look at my technology because you might want to license it, but first I want you to sign a non-disclosure agreement.”
From the point of view of an enterprise that is asked to sign a non-disclosure agreement that favors another party, the enterprise is wise to stop and think about this carefully. A non-disclosure agreement does not come along risk-free. When any kind of organization signs a non-disclosure agreement, they’re typically saying that they agree that another organization is going to give them some sensitive information, they’re going to make sure that it’s not disclosed to unauthorized people, and they’re not going to use it in their organization without authority. The non-disclosure agreement could go on to say that the organization will secure the information on.
All of these obligations can be actually very hard for any kind of organization – large or small – to fully comply with. Therefore, I commonly recommend to enterprises that when somebody else comes to you, and they ask you to sign a non-disclosure agreement, read that agreement carefully. Very possibly, you’re wise to get counsel to evaluate that agreement. Also, recognize that there can be significant risks associated with signing that non-disclosure agreement if you are the party that is going to be receiving that sensitive or confidential information.
Very commonly, if you read the agreement carefully, and maybe if you work with counsel, you can tailor the agreement to scale back the risks. For example, you could say that an organization is asking you to sign a non-disclosure agreement that I won’t disclose their information forever. Well, forever is a very long time. You, as an organization, may agree that you’re okay with signing a limited non-disclosure agreement, but you want to cut down the obligation to just six months. You may also include a limitation on the overall liability so that you’re not exposed to unlimited liability if you make a mistake. You might say that your maximum liability is $5,000 or something like that. The bottom line is that when someone asks your organization to sign some kind of a confidentiality agreement or clause, you’re wise to pause, think carefully about it, and think about how you can negotiate a narrower scope for that obligation.
In order to learn more about the course that I teach at the SANS Institute, you can click the link below. Also, another link below provides more information about me and my work in private practice.