Technical editor Dr Mike McDonagh introduces the importance of NDAs from personal experience before US attorney Michael Ross elaborates on the detail of such agreements, when they are necessary and what they should, and should not, contain.
The following article by Michael Ross is essential reading for anyone involved in the convoluted relationships between individuals/small companies, and larger organisations, when entering into a co-operation, technology transfer, or licensing agreement. In my personal case, I have always been an individual or part of a smaller company wanting to confidentially and securely expose R&D results. My perspective, therefore, has usually been from the position of the underdog. From this point of view, my experiences have been less than ideal.
To be objective, however, both sides have to be considered. If you are trying to sell some technology to a commercial organisation, it is only right and fair that your claims have to be verified and your technology subjected to some sort of scrutiny. A buyer-beware mentality is a difficult hurdle to jump. No one wants to give away years of hair-greying R&D effort that could be used by the receiving company with no contractual obligation to recompense you. Equally, no organisation will take a blind leap of faith and buy technology without making sure it works.
It is important to be sure you have as many aspects of the exchange of information covered in the event of your technology being hijacked. But on the gloomy side, there is little that can be done if even small modifications are made by the receiving company to claim it was, in fact, theirs and not your technology that ended up going to market. I had one incidence where a receiving company claimed that their own technology, (which naturally preceded the date of the NDA) was coincidentally similar to mine. And of course, it was not until they had access to my technology information via the NDA, that this fact was realised. If I had tried to deal with another company, it would not have been possible because the NDA was valid for five years. I was prevented from disclosing any confidential information to another party. In other words, gotcha, gotcha and… gotcha.
There are other scenarios: one such is to use an NDA agreement as a gagging order. This can work in two ways: if you discover that there are some serious flaws in the technology of a development company, you cannot disclose this to anyone outside of that organisation. The reverse case is where you have a contribution to make via personal knowledge or know-how, but that knowledge is not being used, perhaps because the receiving party sees it as a threat to its existing products, and you are not being remunerated. In this scenario, you can be prevented from passing that on to another company and be stuck with no prospect of reaping the rewards of all your hard work.
There are in fact many pitfalls, and what seems like an attractive offer to a disclosing party based on an NDA has to be very carefully scrutinised and the true motives of the receiving party need to be evaluated before signing on that fateful dotted line. The only advice to give here is— if it’s technology hardware, firmware or software you are touting— you need to find a way to physically or digitally protect it. In my case, I have done both. I have supplied charging equipment for testing with encrypted software and set the CPU in resin to prevent access. Whatever measures you take to protect your hard-earned inventions; it is vital to thoroughly understand the NDA on offer and the implications for you if the receiving company has ulterior motives. Never assume that a contract is made on the basis of good intentions and try to cover as many of the aspects as possible, which are highlighted by Michael Ross in the following cautionary article.
US attorney Michael Ross on the detail of NDAs
Non-disclosure agreements (NDAs) are an important tool used by battery and energy storage companies to share sensitive information when working with R&D partners, vendors, customers, and potential investors.
Although NDAs are typically only a few pages in length, they are deceptively complicated and carry a significant risk of potential legal liability.
Unlike most agreements, the legal obligations under an NDA can last for years after the parties end their working relationship and can impair a company’s commercial and R&D activities.
Below I will give a brief overview of the main sections of an NDA and common issues organisations might encounter if an NDA is not properly drafted.
What is a non-disclosure agreement or ‘NDA’?
An NDA allows two or more parties to exchange proprietary information.
The party receiving proprietary information is contractually bound:
- To maintain the information in confidence for some defined time period
- Only use the information for a predetermined purpose.
It is important to note NDAs are typically limited to confidential information. Restrictions placed on a receiving party relating to the handling of physical goods, such as a battery or chemical sample, are usually managed using other agreements, such as a non-analysis agreement.
If only one party is disclosing confidential information, this is known as a ‘one-way NDA’. If each party is disclosing information to the other party, this is known as a ‘two-way NDA’.
Is an NDA necessary?
In my experience, NDAs are often unnecessary.
Too many organisations treat NDAs as a check-the-box prerequisite to working with an outside party. This is not a good policy. Instead, before an NDA is negotiated and signed, ask the following questions.
- Is an NDA necessary? Is the information so sensitive one party would be willing to sue the other party in the event of a breach of confidentiality?
- Is the disclosing party able and willing to police and enforce the agreement?
A contract is only as valuable as a party’s
(1) ability and willingness to
(2) police and enforce its terms. To police an NDA means to ensure the other party is complying with its contractual confidentiality and restricted use obligations.
- Is the receiving party willing and able to properly manage and use the information provided by the other party? This is a real challenge for large organisations.
- Can the parties engage in discussions without disclosing sensitive information? Can sensitive information be exchanged after the parties know a project is viable?
The definition of the ‘parties’ and ‘control group’
The parties’ definition names the persons or legal entities bound by the NDA.
The party giving over confidential information is the disclosing party. The party taking possession of confidential information is the receiving party.
A control group is the collection of individuals within the receiving party designated to receive and use the disclosing party’s information (e.g. a research group within a company).
Not all NDAs define a control group, which means contractually the confidential information could be accessible by the receiving party’s entire organisation (not a good result for either party).
In practice, the disclosing party should want the control group to be small, while also having the deepest pockets responsible for any breach of the NDA (think parent company vs a mere paper subsidiary with no assets).
The entire control party must fall within the umbrella of the receiving party. The most common issue I have observed is having members of the controlling party fall outside the umbrella of the defined receiving party and therefore are not bound by the NDA.
For example, the receiving party may bring in outside consultants who are not a party to the NDA. Perhaps the named receiving party is one subsidiary of a large corporation, but some members of the control group are employed by another subsidiary.
The definition of ‘confidential information’
What is to be deemed confidential information is usually defined by:
- category (e.g. business, technical, financial)
- delivery method (directly, indirectly, orally, visually, electronically, in hardcopy form)
- sometimes by specifically naming the technology.
Most NDAs define this term so overly broad it is impossible to discern what information is sensitive and what information is not.
If this term is defined narrowly at the outset, and discussions between the parties broaden or pivot after the NDA is fully executed, information disclosed during those additional discussions might not be covered by the existing NDA. This is a very common issue.
For example, suppose company B wishes to explore acquiring company A’s new battery manufacturing technology. However, at this point, company B is only interested in understanding the economics of the technology. A signed NDA covers discussions relating to financial data.
Satisfied with the financials around the technology, the parties decide to have their technical people talk to each other to see if the technology could be integrated into company B’s factory. No one circles back to broaden the NDA. All the discussions between the parties’ technical people would not fall within the scope of the NDA.
The definition of the ‘purpose’
The defined purpose should only allow the receiving party to use the confidential information to further its relationship with the disclosing party. For example, the receiving party may wish to evaluate the disclosing party’s technical data to discern whether their technology is a good fit for their operations.
I have reviewed NDAs where the purpose is completely absent. Not defining a purpose has frequently resulted in a receiving party using the confidential information for its own benefit (e.g. use in internal operations unrelated to the project with the disclosing party).
Another scenario is where the parties have competing business units, and confidential information (without any use restrictions) migrates into the receiving party’s competing business unit and is used to somehow undercut the disclosing party in the marketplace.
The ‘exchange period’ and ‘confidentiality period’
NDAs can be drafted to ensure the receiving party’s confidentiality and restricted use obligations last long after the relationship between the parties has ended.
The exchange period defines how long the parties will work together and exchange confidential information.
I have seen many instances where the parties exchange information before the start of the exchange period or continue exchanging information after the expiration of the exchange period. Confidential information exchanged outside the exchange period will not be subject to the terms of the NDA.
The confidentiality period defines how long the receiving party is obligated to maintain the confidential information in confidence and restrict its use. The disclosing party always wants the longest term; the receiving party always wants the shortest.
Issues arise on the disclosing party side when the confidentiality period is shorter than the shelf life of the underlying technology. Issues on the receiving party side occur when the disclosing party abandons the underlying technology before the confidentiality period expires, and the receiving party would like to use the confidential information for research or otherwise.
Another issue that arises on the receiving party side is when members of the control group become tainted by the confidential information, limiting their ability to conduct independent research long after the parties have stopped working together but before the confidentiality period has expired.
Marking clauses identify how confidential information is identified for record-keeping purposes.
For example, if the information is disclosed orally, the marking clause may require the disclosing party to send a follow-up written note specifically identifying the confidential information orally disclosed. On the other end, the NDA may state information can be delivered orally or in writing and need not be marked at all.
Below is an example of a marking notice for a document.
This document contains confidential information that is subject to confidentiality and restricted use terms outlined in the NDA signed between company A and company B dated 1/1/2020.
The disclosing party never wants to be obligated to mark anything; the receiving party usually always wants everything in a tangible form and marked.
From a practical standpoint, whenever I am brought in after the fact to sort out a dispute involving an NDA, the hardest part is figuring out what information was exchanged, by whom and when. If I am lucky, someone kept meeting minutes or followed-up meetings with emails containing copies of documents shared by the parties.
Management of NDAs
Each receiving party is obligated to exercise some level of care to control the use and storage of confidential information. Every aspect of the received confidential information must be controlled.
Who will have access (control group, IT, management, etc.)? How will you avoid your employees who are not involved in the project from being tainted by the information received?
Where will the information be stored?
How will the information be shared?
How will the information be disposed of?
After an NDA is signed, nearly 100% of companies lack a compliance program for managing the NDA. This could result in a breach of contract claim if the receiving party does not comply with the terms of the NDA. Therefore, I always counsel having an NDA management plan in place before receiving the confidential information.
Disclosing parties rarely police the terms of their NDAs. To police an NDA means to ensure the other party is complying with their legal obligations. This is a significant gap because, after all, NDAs are only as good as a party’s ability to police and enforce the terms in the NDA.
NDAs are deceptively complicated. NDAs must be carefully drafted and fit-for-purpose to ensure information is appropriately protected and used.
Because NDAs can have a lasting impact on an organisation’s operations and place it at risk of being held liable for significant damages in the event of a breach of contract. Therefore, it is critical for anyone responsible for negotiating or managing NDAs to have a basic understanding of its terms.