A non-disclosure agreement (NDA) is often the first legal document signed by parties intending to proceed with a transaction. It is generally perceived as a plain vanilla standard form document that should be signed quickly in order to proceed with more substantive legal and commercial issues.

But what considerations should you make before you start drafting your NDA?

Ideally, an NDA should not require much legal review.  A standard form used by a party normally would have already been vetted by the party’s in-house counsel.

However, one party’s standard form often may vary from the other party’s standard form.  Also, an NDA used for one situation may not necessarily be the best fit for another situation.  Hence, the recipient party generally wants counsel to review.

Broadly, these are the issues we consider when asked to review an NDA:

1. Do the non-disclosure provisions apply to both parties (either party may be a disclosing party) or just to one party (i.e., only one party discloses information, and the other party is solely a recipient party)? It may be that a standard one-party form is not appropriate for the nature of a transaction where both parties will be sharing information.

2. To whom can confidential information be disclosed without liability? In other words, using standard NDA language, who are the recipient’s authorized “representatives”?  As a rule, any NDA provides exceptions to non-disclosure (court order, for example).  Standard exceptions (or authorized disclosures) include recipient company officers, directors, certain employees and consultants (often on a “need to know” basis), and certain outside consultants (lawyers, accountants, auditors).  Consider whether this circle of representatives is sufficient.  Will the recipient need to disclose certain information to other parties, such as its bank or potential financing parties?  Will the recipient need to disclose such information to its customers or clients?

The above consideration often then leads to a consideration of the purpose of the transaction or the disclosure.

3. Is the recipient acting as an intermediary (as a broker or distributor or even an advertiser)? In such cases, the recipient will need to disclose information to a potential buyer (or seller) or to new customers.  The parties then need to consider to what particular information the nondisclosure requirement should apply.

4. Will you need to set up a separate limited pool of authorized company recipients? As to the above-mentioned “need to know basis” – consider whether this is feasible in your company if the information is routinely saved on your standard document retention system open to any and all employees.  You may need to speak with your IT specialist.

5. In respect of authorized disclosures, does the NDA state that any such authorized recipients should be subject to non-disclosure agreements no less strict than the terms of the present NDA? Can the recipient’s current existing confidentiality agreements meet this requirement?

6. Does the NDA require unreasonable record-keeping as to whom the information was disclosed?

7. What is the Term of the NDA? Does it expire if not terminated? The parties should not mistake a limited contractual term during which the disclosing party has agreed to provide information with an ongoing obligation to keep confidential information confidential whether or not the parties proceed to close a transaction.

8. Is the Indemnity clause adequate? Unauthorized disclosure often needs immediate action to mitigate or prevent damages.  This means that the disclosing party needs the right to seek injunctions.

9. And that goes to the governing law and dispute resolution clauses. If the Recipient is in California and the Disclosing Party is in New York, an injunction in New York may not be immediately actionable.  What if the recipient is in another country?  The disclosing party may want to act against the recipient in the recipient’s jurisdiction.  Arbitration may not be desirable.

10. Lastly, upon the termination of any NDA, can the recipient meet the disclosing party’s requirement to “return” the confidential information? Often information is simply destroyed.  However, document retention systems often automatically retain copies.  You may wish to include such a clause in your documents.