Disclaimer: This is not a legal advice.Following note has been written under EU and polish law, so includes its specific.
NDA (Non-Disclosure Agreement) also known as confidentiality agreement is already a standard not only in big business but even in B2B contractor work. These agreements are especially faced by tech specialists, including programmers, but also other companies, not only from this industry. Confidentiality agreements very often affect the IT in our company – below the most important elements are the eye of an IT lawyer.
You can also watch my videvlog about NDA
What is NDA?
In simple terms, it is an agreement where we promise to keep certain information confidential – we will not tell people outside our company, including our friends or family. We may also have to keep it a secret from other employees. In this situation, you have a contractual obligation to tell you which employees will have access to confidential information and even the premises where such information may be located.
The purpose of the NDA is very simple: to protect information that is important to the Company and may or may not be. Often companies also sign the NDA because:
- the client requires it;
- the NDA is forced to do so by the regulations, e.g. the GDPR in certain situations requires such agreement to be signed, but there are also others that impose such a requirement.
Regardless of what is the reason for using the NDA (confidentiality agreement), it is always worthwhile to analyze it well and re-calculate the cost of complying with it and whether it will affect the time of project execution.
Advantages of using the NDA
The NDA does not operate in a vacuum and is not always needed because the law protects information and secrets – e.g. in the polish Labour Code (Article 100 §2 point 4) employees are obliged to keep information about the company secret:
The employee is particularly obliged: […] keep secret information the disclosure of which could expose the employer to harm;
There is also another, broader obligation in the Act on Counteraction to Unfair Competition (Article 11, Section 1):
An act of unfair competition is the disclosure, use or acquisition of information constituting a business secret of others.
And apart from that, there are other regulations, including those protecting company know-how such as patent law or copyright law. Unfortunately, the law has several disadvantages. First, not all information is protected by them, e.g. the program code is protected by copyright, but the algorithm is not. Secondly, the rules on company secrecy (the aforementioned Article 11) apply only to information that companies are trying to protect, so if they have not signed with the NDA when they submit the information, they may not be able to use this provision.
There is one more thing to take into account – in order to use the options provided for in the regulations, you have to prove and calculate the losses incurred, and it can be very different (e.g. how to estimate the loss caused by a leakage of information about a new product that caused competitors to speed up their work in order to be able to get their product in time for our premiere?).
For these reasons, it is worthwhile to use the NDA and include appropriate provisions (elements) in them.
What can the NDA impose?
One of the companies I worked with had a customer who introduced very specific requirements for the NDA:
- attaching a new employee to the project required the Client’s written consent;
- the work within the project took place only in one room selected by the Client at the company’s headquarters;
- each entry and exit from the room had to be recorded (sic!).
This is obviously an extreme case, present rather in very large projects, but does not mean that it will not happen. A confidentiality agreement may contain very different obligations, some of which are traps that we do not take into account when signing it. Legal and technical traps in the NDA work both ways.
Traps on the side of the company that gets the information
If you receive information, the NDA imposes obligations on you and you may face the following traps in such an agreement:
- Not agreeing to the use of external companies:
- subcontractors – you need to outsource a part of the task to an external company or employee to B2B? Unfortunately, you cannot do so until you sign the relevant annex.
- IT service providers – do you use G Suite, Azure, AWS, Office 365, Slack or other service? You need to move to a provider that encrypts end-2-end data, build your own IT infrastructure, encrypt data yourself or give up some of the tools.
- Obligation to destroy media with information – in practice this means not only the need to destroy the email or the card on which it was printed, but also the SSD/HDDs in computers (including laptops), phones or flash drives.
- Loss of references (or lack of entry in your CV if you work as B2B contractor) – a badly constructed confidentiality agreement will make your company unable to boast of the experience acquired, completed projects, and in an extreme situation will not even allow you to say for which client you worked.
- Uncertainty of what is covered by the agreement – sometimes it happens that you do not know which information to protect and which not. This usually happens when the contract describes very vaguely what is the so-called “confidential information” or “protected information”.
Traps on the side of the company that provides your confidential information
On the other hand, there are traps that a company disclosing its confidential information, including know-how, may come across in such a contract. The most common are
- inaccurate, overly broad or unclearly described confidential information – often companies write in their contracts that the NDA concerns ‘information that is important for a company’s operations, it takes a lot of effort to show that the information is the one that is covered by the NDA;
- no contractual penalties or vaguely described what it concerns – if you have not included a contractual penalty in your contract, you must prove and calculate the loss, if you have included it, you skip this step and can simply demand money;
- providing information in writing, without a receipt – it is a common mistake if, for example, we disclose confidential documents to our contractor in writing and we do not have a receipt of what was in them we cannot really prove that he got the information;
not thinking about what the NDA is about – we want the contractor to keep the information secret or, more broadly, we don’t want him to create his own business, competitive to ours? We need to think carefully about what the NDA is really trying to protect us from;
- no deadline – often the NDA only has a duty to protect the information without specifying how long this protection is to last, if we have written that the information is to be destroyed after the cooperation is over, then we solve only part of the problem – we have taken care to destroy a copy. And what about information that has been in the minds of employees, how long is it protected? There is one weak point in unlimited confidentiality agreements – they can be terminated, like all agreements of this type. Polish law does not provide for a lifetime (eternal) contract and has introduced a clear rule that all contracts that do not have an expiry date can be terminated.
What should a good NDA agreement contain?
If you want to write a good agreement that will allow both parties to cooperate fruitfully and effectively, remember the following:
- describe what information will be protected;
- analyze whether it is possible to carry out the project without the use of external companies – if you don’t set the rules of cooperation with them in the agreement;
- write clearly defined contractual penalties;
- specify how long the contract will last;
- clearly write down what are not allowed to do with the information and what should happen to it after the project is completed.
A well-drafted confidentiality agreement means less stress in the future for you and a better chance of not losing your know-how and clients. Therefore, take care of it and remember to consult with lawyer, preferably a techlawyer, before signing the agreement.