Non-Disclosure Agreements in the IT Sector

17
Oct 2017

Sign up for our newsletter

nda ugovor, Ugovor o poverljivosti, advokat za IT pravo

The One-Size-Fits-All Approach

Concluding a Confidentiality Agreement (or CDA, Confidential Disclosure Agreement or a Non-Disclosure Agreement, hereinafter, “NDA”) is a step that should precede not only the conclusion of a legal transaction but also the initiation of negotiations between the contracting parties. This contract should protect what is most valuable in your business and can make or break your company.

So, how is it possible that it gets so little attention in practice?

Namely, many very serious negotiations in the IT industry are often accompanied by a generic NDA that has been “downloaded” off the Internet without any professional amendment, or is made in accordance with the law of some other country (e.g. by an American attorney) but is to be applied in Serbia. Frequently, the model of a specific NDA that was originally made for another project or for another contracting party subsequently gets used for a legal transaction that is not compatible.

Such a practice often leads to a situation in which you cannot execute the contract when you need it most or cannot obtain court protection should the confidential information get into the wrong hands. Unfortunately, these are the consequences you could experience few years after concluding the contract when it will already be too late.

Would you give away that easily something you have been creating for years or something you’ve invested a lot in?

Ok, since we all want to avoid such a scenario, we have listed some of the most common “traps” in this text, traps we have seen in practice with clients from the IT sector, without entering into more complex legal issues and legal solutions.

TRAP No. 1: Do you know the other Contracting Party?

ugovor o poverljivosti i neotkrivanju informacija, Ugovor o poverljivosti podataka

It may seem trivial, but it’s incredible how many mistakes we have run into in practice regarding de-identification of parties.

If you believe this couldn’t happen to you, please answer the following question:

Have you asked the other contracting party for an Excerpt from the Business Entities Registry prior to signing the NDA or have you checked yourself at least in the electronic records with the Business Entities Registry on the day of signing the contract? In addition, are you sure that the person who is supposed to sign the NDA is indeed authorized to sign that contract on behalf of and for the account of that particular company, and if their signature solely is sufficient enough?

If the answer is negative, there’s a possibility you’ve fallen into a trap. Typical examples of such mistakes are:

  • The person who is authorized to represent the legal entity did not sign the NDA

Namely, in order for the contract to be in effect, it must be signed by a person (one or more of them) who is authorized by the law, the statute or the decision of the company. Therefore, the fact that you are negotiating with a CTO does not mean that they have the authority to sign the contract.

In order to know whether a person is authorized to sign a contract, you need to inspect the Excerpt from the registry and/or the Founding Act and Statute of that company, or any other act that proves that a person is authorized to represent it, which depends on the country where the contractor’s head office[1] is located.

  • The contract is concluded with a non-existent legal entity

In the IT sector, it’s not unusual to come across a website with a concept that is focused on showcasing services provided by one entity, while a group of independent freelancers who do not have a registered joint venture stands behind it. In such circumstances, a contract cannot be executed, as there is no legal entity to conclude the contract with. Therefore, although the use of such services may save the money you allocated for the project, but from the legal aspect, the damage that may arise is irredeemable, as the effect will be such as if you had not signed the NDA at all. In this case, you need to conclude an NDA with each of the natural persons with whom you are negotiating or who are to participate in the project.

In addition, the same mistake can occur even if the company is established, but its trade name differs from the business name[2] registered with the Business Entities Register, but you haven’t listed both or did not provide at least the full business name from the Business Entities Registry.

  • The contracting parties have not been adequately identified

The practice showed that the contracting parties often do not put all the necessary elements in order to identify the contracting parties. For example, the contracting parties do not define the exact address of the head office or do not put the number under which the company is registered with the business entities register of the country of the location of the head office.

An example of the proper identification of the contracting parties:

TRAP No. 2: Is information disclosure a one-way or two-way street?

Prior to entering into negotiations on signing an NDA, you have to determine whether disclosing confidential information will be one-way, or will both parties disclose confidential information to each other. Therefore, it is necessary to distinguish between two types of NDAs: unilateral and bilateral (mutual NDA).

To illustrate with a typical outsourcing agreement, a unilateral NDA will be signed in most cases, while bilateral (mutual) NDA will be typically signed when investing in joint projects. However, before the other contracting party offers its NDA (which will, as a rule, be unilateral), consider whether certain aspects of your business that will be disclosed in the project should also be confidential.

TRAP No. 3: the Catch-all Clause

When it becomes clear who will take the role of the “Disclosing Party” of the confidential information and the “Receiving Party” of the confidential information, the most important part of the NDA comes to place – i.e. defining what is considered under confidential information.

In the broadest sense, any confidential information that leverages competing power can be considered confidential information. Typical examples of information that may compose confidential information are product formulas, client lists, marketing strategy, algorithms, processes applied in computer programs or computer programs themselves, financial information, etc[3]. Unauthorized use of such information is considered to be unfair competition and a breach of confidential information.

A typical example of confidential information is the source code. Although the source code is protected by copyright[4], this protection is quite limited, because it weakens with technical code modifications. A confidentiality agreement should protect from a situation where the Receiving Party of confidential information, creates a program for the same purpose after inspecting your code, using the same idea, but with a somewhat different code and, ultimately, creates a product that will benefit them instead of you.

However, what will be considered confidential information in your particular case depends on the project itself and the business relationship. Understandably, if you are a Disclosing Party (for example, a contracting authority for an outsourcing contract), you will want to make the definition as broad as possible. In contrast, if you are a Receiving Party (for example, a contractor for an outsourcing contract) you should conduct negotiations so that the scope of the confidential information is limited as much as possible.

However, it is very important for the outcome of the negotiations to present an appropriate balance between a broad definition, which will virtually have the meaning of “everything is confidential” (the catch-all-clause) and a definition that does not include every aspect of the business that should be considered confidential.

A typical mistake we have encountered in practice so far is defining confidential information so broadly that a question justifiably gets raised – what is not confidential?

The problem that may arise with such contracts is that they could be unenforceable, which means that in the event of a dispute, the Court may refuse to provide protection[5] to the Disclosing Party of the confidential information.

Therefore, do not allow yourself to fall into this trap.

Furthermore, you have to define the way in which confidential information can be disclosed – it is best to explicitly state whether it can be disclosed in written, oral or electronic form, as well as information contained in physical parts, software and materials, which will depend on what is protected by the confidential information.

TRAP No. 4: You do not have established procedures

Izjava o čuvanju poslovne tajne

For instance, if you are a Disclosing Party of confidential information and have signed an NDA, you probably believe that you have been sufficiently ensured? If this is the case, you have unfortunately fallen into a new trap.

In order for a Disclosing Party of confidential information to execute an NDA, it is necessary to introduce and respect the procedures for keeping the confidential information a secret.

What does this mean exactly?

For instance, if the Disclosing Party of the confidential information provides written documentation to the Receiving Party, containing some of the information that falls under confidential information, it should contain the word “Confidential” or “Strictly confidential” on it. If the confidential information is, for instance, disclosed verbally, it should also be noted that this is confidential information. There are of course other ways, and the essence is that you do not treat confidential information the same way as other information.

Another procedure is to keep confidential information within the company premises, in folders that cannot be accessed by all the employees, but only those who have such authority. It is the same with access to electronic databases or with the cloud. Also, if it is necessary to copy the material containing confidential information, only a person who is specifically authorized to access such information can do so.

What happens if you disregard this?

It may happen during the court proceedings that the Receiving Party of confidential information emphasizes the fact they did not know that particular information they disclosed or used was deemed confidential, which was caused by a careless and negligent behaviour on behalf of the Disclosing Party of the confidential information, who did not treat the protected information as confidential. It is highly likely that disclosing confidential information that are contrary to the interests of the Disclosing Party would go with impunity in such a situation.

TRAP No. 5: You have not anticipated the permitted use

An NDA should anticipate the authorized methods of the permitted use of confidential information.

Which cases are those?

There are many such instances that are on a case-to-case basis, and we will provide two of the typical examples.

For example, a Receiving Party of confidential information must have the right to disclose the confidential information to their employees to the extent necessary for the operation of their work tasks, provided that the recipient concludes an NDA as well, which is no less stringent.

Pay attention to one more thing here. If this clause is not adequately formulated and therefore, only covers the term “an employee”, then you have restricted yourself to persons who are in a working relationship. Bearing in mind that, within the IT sector in Serbia, it is common to contract developers who own independent entrepreneurial agencies (i.e., who are not strictly employed according to the Labor Law), by incorrectly formulating this clause, you can open a space for abuse to the entire group of people. The same danger occurs in the case of volunteers or interns.

Another regular exception is the exclusion of the information that was already available to the public at the time of its disclosure to the Receiving Party of the confidential information.

What does that mean?

For example, if you have 10 contractors and you have signed an NDA Confidentiality with 9 of them, but you failed to sign it with the tenth, and that contractor has disclosed the confidential information to the public, you will not be able to execute the previously nine concluded NDAs with regards to what was disclosed to the public.

Likewise, one should bear in mind that disclosing confidential information can be inevitable in certain situations. This happens in the event that the Receiving Party of confidential information receives an order by the Court, which implies that they will have to disclose confidential information entirely or partially. These situations need to be regulated in such a way that the disclosing is performed with the necessary notification of the Disclosing Party and only to that extent that it is absolutely necessary.

TRAP No. 6: You have not realized timing is crucial

Ugovor o poverljivosti podataka primer, NDA ugovor

Timing is crucial with NDAs for three reasons:

To avoid signing the NDA too late

It is recommended not to wait for “negotiations to get a more serious tone” but to conclude the NDA immediately upon the start of negotiations. Everything after that can lead to someone “borrowing” your idea, a concept, or a business model to gain benefit for themselves, without you being able to do anything or very little. So, no matter the informal tone of the conversation you lead, always take into account the nature of the information you provide and whether it is appropriate to provide confidential information in such a situation without having previously signed the NDA.

Not to miss specifying the timeframe during which confidential information could be disclosed

A well-designed NDA will always have a specified timeframe during which confidential information could be disclosed, regardless of whether the parties agreed that this would be a specific time period (e.g., at the start of the project implementation) or during the entire duration of the work on the project.

Not to wrongfully specify the duration of protecting the confidential information

Specifically, for certain confidential information, it is natural that the protection of confidentiality lasts for an indefinite period of time. A typical example that is always cited is Coca Cola’s secret formula, which has been successfully kept a secret for 100 years[6]. However, if the subject of your NDA has nothing to do with this, but the subject is a client list or a marketing strategy, it is usually acceptable to determine the duration of the agreement to several years. After that, it is assumed that confidential information will lose value in most cases due to obsolescence.

Therefore, it is necessary to foresee a reasonable timeframe that corresponds to the nature of the confidential information[7].

However, confidentiality agreements without a timeframe are not uncommon in practice. With such contracts, it is justifiable to raise the question as to whether they would be enforceable before the court, i.e. whether the court would protect such an agreement. Therefore, carefully consider whether the confidential information you protect will have commercial value forever or will it become obsolete over time.

TRAP No. 7: You have not provided for penalty clauses

NDAs often contain a clause that the Receiving party of the confidential information will be obliged to compensate the Disclosing party of the confidential information in the event of the breach of confidentiality. If you believe you have protected yourself well with this clause, you are wrong.

It is very difficult to prove these damages in practice, while the burden of proof in the court proceedings falls onto the Disclosing party of confidential information. Therefore, it is better for the Disclosing party to negotiate penalty clauses that would facilitate the burden of proof for the occurrence of damage, which can be formulated and thus overcome the actual damage that may occur in a particular case.

The truth is, however, that such provisions may provoke disapproval on behalf of the other Contracting Party during the negotiations, as they are much more stringent in comparison to the clause that provides only for compensation of damages. However, if this is the reason for refusing to conclude an NDA, then it is up to the Disclosing party to assess whether the other Contracting Party is conscientious enough and whether they are an adequate business partner, bearing in mind that the penalty clauses apply only in cases when the confidential information has been disclosed.

TRAP No. 8: You lack methods to solve disputes and the applicable law

A well-designed NDA has to provide a clause that specifies the way for resolving disputes. This is particularly important for agreements with foreign business partners because the question is what court, i.e. in what country will be in charge if the head offices of the Disclosing and the Receiving parties are in different countries. It is very important to consider the best solution. Often, it is a great option to anticipate arbitration of a dispute instead of going to court.

Corresponding to the jurisdiction of the court, there is a clause that determines the applicable law. Now, you’re probably wondering, what is “applicable law”? This is the law that regulates the contract and the law that is to be applied in case of a gap in the contract (something that has not been regulated).

In a vast number of cases, we have encountered NDAs that provide the dispute resolution, but do not provide the applicable law, despite the fact that these clauses are of equal importance.

If you do not provide the applicable law, you are in a risk of not knowing which clauses to apply in order to find the solution in the event of a dispute over the interpretation of the agreement.

TRAP No. 9: You lost sight of termination of the agreement

With NDAs, it is customary for the Receiving party to be obliged to return and / or destroy and / or erase information deemed confidential upon termination of the business cooperation between the Contracting Parties, as well as to present the proof thereof to the Disclosing party.

However, if you are a Receiving party of confidential information, you should negotiate the right to keep information for your archive that that are deemed confidential. The reason behind this is that in the event of a court dispute, you could prove what was disclosed to you, i.e. what constituted the secret, so that you would not be inferior to the Disclosing party.

Key Takeaways

Finally, if you are sure you have not fallen into any of the nine traps, congratulations are in order! You belong to a small minority. However, bear in mind that this blog post lists only typical examples we have encountered in practice with clients from the IT industry. There are many more complex legal issues to be addressed that may occur with NDAs. Therefore, the next time you sign an NDA, make sure to pay it the attention it deserves, as it protects the most valuable part of your business.

[1] In case of a foreign business partner, you may request a copy of the “Certificate of Incumbency” or “Registrar of Directors” or another equivalent document proving the authority of a person or persons signing a contract.
[2] Trade name is the name that the business entity uses for marketing and sales purposes and which represents it in public and which does not have to be identical to the business name registered in the Business Entities Register.
[3] The Law on Protection of Confidential information regulates what can be considered a confidential information in Art. 4. According to the legal definition, it is necessary for the information to have commercial value because it is not known or available to third parties, which could gain economic benefit for its use and whose disclosure would cause damage to the Disclosing Party of the confidential information, provided that the Receiving Party of the confidential information applies the appropriate measures and respects appropriate standards for secrecy.
[4] The legal protection of software is the subject of debate by a large number of lawyers dealing with intellectual property. Opinions are divided over whether software should enjoy the patent protection in addition to copyright protection, or copyright protection exclusively.
[5] That is exactly what happened in the famous case of Lasership, Inc. v. Watson, where the court in Virginia took the stance that the NDA could not be enforced because a provision that banned an employee from sharing the employer’s information was formulated too widely, as it included information that could not be considered confidential, as well as due to the life-long duration clause of the disclosure ban. A similar case is Trailer Leasing Co. v. Associates Commercial Corp., where the court in Illinois refused to execute the NDA because the definition of what was considered confidential was too wide and there was no geographical limitation.
[6]For more information on the longest kept trade secret, visit
http://ipjournal.law.wfu.edu/2011/02/shh-its-a-secret-coca-colas-recipe-revealed/
[7] For example, in the case of Augusta Medical Complex, Inc. v. Blue Cross of Kansas, Inc., a court in Kansas made a clear statement against the Confidentiality Agreement that lasts indefinitely.

Share blog

Latest Post

CONTACT