How to craft an effective CDA – the essentials
In our earlier article, Trade secrets – the need to be systematic, we discussed the use of Confidential Disclosure Agreements (CDAs), also known as non-disclosure agreements (NDAs). These contracts play a meaningful role in safeguarding trade secrets and other confidential information by facilitating and controlling their limited distribution. Here we will discuss the relevance of CDAs, their essential components and situations in which they are used.
CDAs are generally best used for information not in the public domain, which has been shared with specific recipients that may use it for commercial gain through subsequent arrangements. In a broad sense, these contracts have two principal purposes. First, they clearly explain that the information to which they pertain must be kept confidential. Secondly, a properly drafted CDA provides a foundation for taking legal action when trade secrets or other confidential information have been misappropriated. In order to establish a successful action before a court, proof is needed that the information covered by a CDA was:
- Secret or not generally known
- Important and had a valuable economic benefit to its owners (and competitors thereof)
- Protected by the owner by taking all reasonable measures
- Ultimately used for other parties' benefit through improper means
While "improper means" must be established through other evidence and investigation, a well-crafted CDA can go a long way in determining the other three requirements.
This article aims to provide practical insights into the issues to consider when preparing a CDA and the realistic obligations derived from receiving confidential information. We have not included any draft clauses or templates for a CDA, but recommend readers take into account the principles contained herein. We also recommend that CDAs be prepared by the relevant parties' IP attorney – most likely that of the disclosing party.
In creating a CDA, there first needs to be insight and understanding into the objectives of the disclosing and receiving parties. While not mandatory, it is often best for the discloser to adopt the view of seeking obligations that they would be prepared to accept. This should facilitate more rapid execution of the CDA. With this as an underlying principle, there are essentially four elements that need to be considered when preparing the CDA:
- The definitions
- The essential components
- The situation-specific components
- The legal aspects (namely duration of obligation and jurisdictional aspects)
The definitions comprise the specification of each party to the CDA. Key questions include:
- Does the intended discloser (a party to the CDA) own the information being disclosed?
- Who is / are the intended recipient(s)?
- Is the intended recipient the correct party?
These questions might seem trivial, but in situations where the relevant parties might be subsidiaries of larger corporate organizations, such clarification is critical.
Another vital element of the definitions centers around the information being disclosed, as the other components will ultimately be based on this information. Typically, an agreement might set out that the discloser represents it has "information relating to… (the Information)." This "Information" then sets the basis of the majority of rights and obligations that follow in the CDA. The other element requiring definition is the purpose of the disclosure. This might be "to evaluate whether or not the recipient wishes to enter into negotiations to acquire commercial rights to the Information (the Purpose)." Once this is clearly defined, it must be spelled out that the recipient is only obtaining rights for the specific purpose(s) as defined — e.g., only an initial evaluation and without any commercial rights.
The essential elements focus on the disclosure and resultant obligations. A suitable analogy is that of "the black box." The discloser indicates to the recipient that it will permit looking into the black box provided the recipient is bound by non-disclosure and non-use obligations. The recipient might then comment, "I accept that, BUT what if I already know what is in the black box, or if what I see is in the public domain?" The discloser would typically respond, "I accept that, BUT only if you can prove this knowledge."
This summarized dialogue explains the basis of the key obligations in the CDA. These essential elements generally include:
- The obligation to keep confidential and not to use [the information]
- Reference to the "exceptions" where the recipient already knows the disclosed information, or it is in the public domain
- A requirement of the recipient to prove it is entitled to claim such exceptions
- The obligation of the recipient not to make any copies of the disclosed information and to return all disclosed information to the discloser (or delete if electronic) immediately upon request, and only to use the disclosed data for the defined purpose
After covering the "basics" of the disclosure, specific issues relating to it should then be considered. Such specifics will be influenced by the nature of the material being shared, the purpose of the disclosure and the recipient's characteristics. In its simplest form, a technical disclosure may be a single document labeled "provided to recipient on [specific date]." Where multiple written disclosures are made over a given period of time, the CDA must specify that any written disclosures during this period be labeled accordingly. A verbal disclosure may be made in some circumstances, and the CDA should reflect that such oral disclosures are confirmed in writing by the discloser within a specific time frame.
A CDA that merely identifies the recipient may not be sufficient when the contract pertains to a technical disclosure that enables an assessment before entering into a commercial arrangement. This is particularly relevant when the recipient is a large multi-business corporation.
In this case, a prudent approach might be to limit the disclosure to only those employees with a "need to know," specifying the employees by name if necessary. The next level might be for the recipient to provide the discloser with a list of employees who have received the confidential information. In addition, a CDA may require the recipient to ensure that every employee with access to the disclosed information signs that they have read and understood the obligations of secrecy set out in the CDA.
While not an exhaustive list, these two specific variations — format of disclosure and extent of recipient's obligations — demonstrate the need for the discloser to carefully consider technical and business considerations and not simply the fundamental legal rights and obligations.
Determining a suitable period of confidentiality calls for particular circumspection. The discloser must balance the need to complete a proper assessment with the demands such conditions will place on the recipient. Too short a period imparts unduly onerous requirements, while too long a duration may damage trust or hinder the very cooperation sought through the disclosure. Review of the technical and business issues is just as beneficial in the determination of period as well as the specification of recipients.
If the disclosure is related to a fast-moving technology field (e.g., software) or will ultimately be disclosed in a published patent application, a fixed period of five or 10 years might be appropriate. When the disclosure is an intended precursor to a more formal commercial arrangement, such as a license, a clause that sets a period as "x years, or the expiration of confidentiality obligations in a subsequent commercial agreement, whichever is later" might be more fitting.
In situations where an identifiable trade secret is at issue — for instance, the Coca-Cola formulation — the discloser may wish to make the period of confidentiality open-ended, lasting as long as the information remains a secret. Alternatively, one could separately classify some of the CDA as "confidential information" and other elements as "trade secrets," assigning a defined period of nondisclosure for the former and keeping the latter open-ended. Such a split does, however, obligate clearly and unambiguously defining these components.
The choice of governing law and jurisdiction in a CDA, while not compulsory, is a decision that should be carefully undertaken if the discloser and recipient are not domiciled in the same country. When a disclosure ultimately benefits the discloser (e.g., as a prefatory step to a licensing agreement), the choice of law and jurisdiction should be made by the disclosing party. Of course, the recipient can make a case for alternate law and / or jurisdiction, but they usually have less influence over this selection. From a practical perspective, two factors that can influence this choice are convenience and enforceability. We will cover this area in more detail in our next article of this series, when we focus on several major jurisdictions and how they enforce trade secret misappropriation.
Once the CDA is prepared and reviewed to ensure it covers all desired aspects, every party should sign it before any information is shared, and all involved must receive a signed copy. A follow-up on the terms agreed in the CDA (and the recipient's progress in analyzing the information) is recommended, especially if the CDA's period exceeds six months. When the period expires, a separate follow-up is required to guarantee that all information shared is either returned or destroyed as agreed. Alternatively, an extension can be granted, along with any new or adjusted conditions or amendments agreed upon and signed by all parties.
As stated, this article intends to provide some insights into what preparing a CDA entails. With this in mind, it should be noted that the disclosing party ordinarily prepares a CDA, as it is their information at stake. That said, there may be circumstances under which the recipient prepares the document. Either way, the principles and practices identified above should be followed before the final CDA is executed. Accordingly, while this article is not intended as legal advice, companies either disclosing or receiving confidential information should reflect on these principles and reach out to a well-established IP services provider to obtain the most relevant advice for their unique situation.
When it comes to the protection of technological innovation, many factors come into play, but the question is: to patent or to keep it as a trade secret?