Summary: Update Non-Disclosure Agreements (NDAs) to match the new digital reality. Businesses should be proactive to address outdated provisions in NDAs before problems occur.
Remember the olden days of fax machines? You’d receive a fax with a long disclaimer at the bottom, saying something like, “This fax may contain super-secret information which could endanger our company, our world, and even our universe, if it should fall into the wrong hands. If you receive this fax by accident, you must immediately return the fax to the sender, or we will send our goons to find and severely punish you.” The question is, how many people actually read and complied with these statements? Probably not many.
Faxes have now mostly given way to e-mail, and the “return” language has usually been replaced by “destroy” language along the lines of “If you receive this e-mail by accident, you must immediately destroy any printed copies by placing them in a safe and then dropping the safe into a volcano. Then throw your hard drive into the volcano for good measure.” But how effective is such language?
This brings me to a recent question by a company that’s been a client of this firm for many years. We had drafted a template Non-Disclosure Agreement (“NDA”) for them years ago, using language typical for that time. After the parties’ relationship ends, or within a specific timeframe, the NDA calls for the recipient of the confidential information to return it to the discloser. Now that information is generally transmitted digitally, rather than on paper, the client asked how to comply with the obligations created under these old NDAs. Good question!
The answer for existing NDAs is that the parties should desirably communicate before there are problems. My advice would be for the recipient to offer an addendum to the previous NDA, in which the parties mutually agree that it’s okay when physical copies of the confidential information have been returned by the recipient, and/or that digital copies have been destroyed, and if there are backup copies created in the recipient’s ordinary course of business, that they have not been accessed – and will never be accessed – in violation of the NDA.
Most NDAs that we currently prepare require that tangible versions of confidential information be returned, and that electronic versions be destroyed, and that the recipient certify this in writing. Some versions provide for an audit of these actions.
We also contemplate suggesting language regarding backups, so that an innocent party is not burned in the event of litigation. Imagine the exchange:
Mean Lawyer: “Didn’t you certify that you returned or destroyed this confidential information?”
Innocent Client: “Why yes, I did so right after volunteering at the homeless shelter and visiting my grandmother at the nursing home, like I always do.”
Mean Lawyer: “Then WHY did we find 1,000 copies of this super-secret confidential information scattered about on your backup drives and on 17 cloud services???”
Innocent Client: “Gulp!”
The takeaway: review your existing NDAs, to ensure that you’re not violating your obligations, and to ensure that your company’s confidential information isn’t scattered about. Contact us for advice (even by fax) before problems arise. It costs much less to prevent problems than to fix them!
Joshua D. Waterston, Esq.
Elman Technology Law, P.C.
Image credit: Topsecretsidebar.jpg, https://commons.wikimedia.org/w/index.php?title=File:Topsecretsidebar.jpg&oldid=187366443 (CC BY-SA 4.0)