A non-disclosure agreement (NDA) is the best legal tool to protect your confidential information. It’s not the only legal tool available but it’s reasonably cheap compared to say, a patent, quicker and easier to create.

Getting an NDA is like buying insurance for your car.

You buy car insurance to protect you against unexpected costs arising from an accident.

However, even if you have car insurance, you still need to learn how to drive properly and safely. Car insurance is not going to protect you against criminal liability if you break the law.

Similarly, having an NDA won’t protect your confidential information if you breach certain legal principles.

Even with an NDA, you need to take certain actions to lessen the risk of someone else stealing or misusing your confidential information.

Here are the top 5 reasons why you cannot rely on a legal agreement alone to protect your confidential information.

  1. Your NDA may be invalid

Reason 1: Your NDA could be invalidated

Firstly, you have to be sure that your NDA will stand up in a court of law, if tested.

NDAs have been known to be declared invalid, or certain terms declared illegal if they contradict the law.

As an example, in California, any anti-competition contractual terms are generally illegal. As another example, a Kansas court in Augusta Medical Complex, Inc. v. Blue Cross of Kansas, Inc., did not support contracts with perpetual time durations.

If you don’t take actions to support your NDA, it can still be invalidated. For example, to prove that a particular piece of confidential information deserves trade secret status protection, you have to show evidence that you have taken reasonable steps to protect the trade secret.

If you’re reckless in protecting your trade secret and the secret gets exposed to the public because of your mistake, that particular piece of information immediately loses its trade secret status, even if you have an NDA.

This means that the other party to your NDA no longer needs to protect your secret. In the case of Convolve, Inc. And Massachusetts Institute of Technology v. Compaq Computer Corporation and Seagate Technology, LLC, the plaintiff Convolve lost protection of its confidential information because it failed to follow procedures specified in the NDA.

  1. Difficulty in proving disclosure leaks

Reason 2: It's hard to prove unauthorized disclosures

It’s hard to prove that someone has made an unauthorized disclosure of your confidential information, especially if the evidence has been destroyed. Unauthorized emails can be deleted, paper copies can be shredded and verbal disclosures are even harder to prove without a witness.

A secret’s worth depends on the people from whom it must be kept.

Carlos Ruiz Zafón

For example, imagine that your former employee discloses confidential information about your company to a friend over late Friday drinks. The friend then shares this information with another friend who is the owner of a competing company. This competitor then uses this information to produce a competing product.

How would you know that the disclosure came from your former employee if no one knew about the meeting at the bar? And even more importantly, how do you prove that this leak happened, especially if your former employee denies it?

Because of this difficulty of proof, it makes sense to be very careful with whom you allow access to your confidential information in the first place.

  1. Expense of pursuing a lawsuit

Reason 3: Lawsuits are expensive

Lawsuits cost a considerable amount of time, effort and money – often a lot more than you realize.

This is part of the reason why you should take all steps necessary to prevent a breach happening in the first place. Such steps include using the NDA in the first place, limiting disclosures and implementing necessary precautions into your workplace.

Even if the court in first instance rules in your favor, a defendant may be granted the right to appeal, which adds to more time, effort and expense. Take for example, the case of Convolve mentioned earlier which dragged on for 6 years and went all the way to the US Court of Appeals.

Worse still, after all that, Convolve still lost! The issue of expense, time and effort is an important consideration, especially if you are a startup with limited resources.

You may find that you don’t want to waste your precious resources on pursuing a lawsuit, even if you are in the right.

  1. You may not be compensated adequately

Reason 4: It's difficult to prove the monetary value of your loss

It’s one thing to win your case. It’s another to be compensated adequately for all your time, expense and effort that you spent on pursuing the lawsuit. If the party who breached your NDA is not a financially stable organization or is an individual, they may simply not have the ability to compensate you.

If so, you may find that the lawsuit was all for nothing, especially if there’s no point in protecting your confidential information anymore because it’s already been too publicly exposed. Another factor to consider is the difficulty in proving the monetary value of your loss. Your monetary loss may be future profits, which are yet intangible and unproven.

If so, even if the judge agrees with you that a breach has occurred, he or she may not agree with your valuation of your monetary loss and award you a much lower amount of damages.

  1. Results may not turn out how you expected

Reason 5: You may find unexpected results

Although it may seem like the law is on your side, there’s always an element of uncertainty when it comes to court cases. You may find out that your case ends up being heard in a jurisdiction that does not support your position.

For example, California is well-known for favoring employee creators over their employers and for supporting business competitiveness.

So if you can’t just rely on an NDA to protect your confidential information, what else can you do?

Apply for other supporting legal protection. If your confidential information qualifies for other types of intellectual property protection such as copyright, trademark or patentability, you should consider applying each of these.

The more legal protection tools you have under your belt, the stronger your ability to protect your confidential information.

Limit disclosures. Whenever possible, avoid unnecessary disclosures and keep your secrets to yourself.

If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.

Khalil Gibran

Not all confidential information is created equal – some can be figured out easily by others, some are capable of making or breaking your business and some have the potential to change the world as we know it. Keep those that are truly valuable to yourself.

Have good procedures in place. As Kevin Mitnick, famed computer hacker and computer security consultant put it:

[t]hey may know that they shouldn’t give out certain information, but the fear of not being nice, the fear of appearing ignorant, the fear of a perceived authority figure – all these are triggers, which can be used by a social engineer to convince a person to override established security procedures.

To protect your confidential information, you should have adequate procedures in place, supported by good training for those handling the confidential information.

These procedures should also be regularly reviewed and enforced. This is especially important if you have trade secrets to protect.

Good procedures could include having these things in place:<

  • Have a secure storage location, encryption and password-protected procedure for confidential information.
  • If you don’t have a secure location, hire an external third party to store your confidential information and to monitor access to it.
  • Access to confidential information should be limited to those who truly can be trusted.
  • Have a system of recording who accesses the confidential information.
  • Train staff to recognize the difference between confidential and non-confidential information.
  • Make sure that procedures listed in the NDA such as marking procedures for confidential information are fully understood and complied with by your staff.
  • Get a lawyer to check your procedures and ensure that they are adequate for legal requirements.
  • Keep a list of any third parties and affiliates that will have access to your confidential information and don’t allow confidential information to be shared with external parties without your permission.
  • Have onboarding training for new staff that includes how to recognize and deal with confidential information.
  • Regularly review confidentiality procedures with staff and encourage feedback on ways to improve the current system.
  • Have an exit interview with staff who are leaving and remind them of their obligation to keep confidentiality even after they have left your employment.

Only work with trustworthy parties. Ultimately when it comes to protecting your confidential information, apart from not disclosing your secrets at all, the next best step is to ensure that you only share confidential information with trustworthy, professional parties that have demonstrated integrity in their work practices.

When a secret is revealed, it is the fault of the man who confided it.

Jean de La Bruyère

It normally helps if the party has already demonstrated the ability to keep secrets for other parties before you. Most successful investors and venture capitalists fall into this category.

It also makes a difference if the party is unlikely ever to be a competitor and you intend to build a mutually beneficial long-term relationship.

The less reasons you have for a party to want to breach your NDA, the higher the likelihood of protection for your confidential information.

Credits. The following icons are from The Noun Project: “Document Leak” by Dan Hetteix, “expenses list” by Harsha Rai, “money loss” by Vaibhav Radhakrishnan.