NDA-skyldigheter: Vad du måste veta (3)
1. Inledning
Är du redo att fördjupa dig i sekretessavtal (NDA)? Vi gick igenom grunderna och centrala delar av sekretessavtal i del 1 här, och i del 2 här förklarade vi fyra vanliga klausuler som parter, definitioner och syftet med sekretessavtal. Nu ska vi utforska de viktiga sekretesskyldigheterna som gäller för den mottagande parten enligt ett sekretessavtal.
Lär dig hur du skyddar din känsliga information under affärspartnerskap med denna artikel “NDA-skyldigheter: Vad du måste veta”.
Fyra snabba fakta om NDA
Enligt ett NDA, vanligt benämnt sekretessavtal, går parterna med på att:
- Sekretesskyldigheter: Hålla information hemlig, använda den endast för det ändamål som anges i sekretessavtalet och inte avslöja den för obehöriga parter.
- Upprätthålla informationssäkerhet: Implementera rimliga säkerhetsåtgärder för att skydda informationens konfidentialitet.
- Undantag: I vissa fall gäller inte sekretessen, som när informationen är offentligt tillgänglig eller om upplysningar krävs enligt lag.
- Förstöra information: När konfidentiell information ska återlämnas eller raderas då sekretessavtalets syfte har uppnåtts.
Även om sekretessavtal vanligtvis har företräde framför lagreglering, kan särskilda lagar och förordningar tillämpas. Exempelvis sekretesslagar av olika slag, GDPR, arbetsrättsrättsregler och regler om företagshemligheter.
2. Sekretesskyldigheter för den mottagande parten
Begränsad användning av konfidentiell information
I ett sekretessavtal har den mottagande parten huvudansvaret för att skydda sekretessen. Detta innebär vanligtvis att den konfidentiella informationen endast får användas för det angivna ”syftet” enligt avtalet. Se vår tidigare artikel här där vi förklarar varför detta är viktigt och hur man korrekt formulerar syftet. Genom att göra detta säkerställer man att den konfidentiella informationen hålls hemlig och hindrar mottagaren från att avslöja den för en tredje part.
Ett välskrivet sekretessavtal bör uttryckligen begränsa mottagande part från att inte bara direkt och medvetet missbruka eller avslöja konfidentiell information, utan också från att göra det indirekt, vårdslöst eller oavsiktligt.
Utvidgning av tillåtna mottagare
En av de viktigaste delarna av ett sekretessavtal som kräver särskild uppmärksamhet är: “Vem får ta emot den konfidentiella informationen?”
Eftersom det ofta inte bara är parterna i sekretessavtalet som behöver få den konfidentiella informationen är det viktigt att utvidga dessa sekretessskyldigheter bortom den mottagande parten själv.
Vanliga exempel på tredje parter inkluderar:
- Professionella rådgivare såsom revisorer, konsulter eller advokater,
- Agenter, direktörer, anställda och
- Filialer/bolag inom samma koncern.
Se därför till att du inkluderar mycket tydliga definitioner av tredje parter som får ta emot den konfidentiella informationen och under vilka omständigheter.
Vanligtvis är dessa omständigheter att dessa tredje parter endast får ta emot den konfidentiella informationen om de har:
- ett behov av att veta informationen i samband med syftet (som definieras i sekretessavtalet), och
- juridiska skyldigheter för sekretess och icke-användning med avseende på den konfidentiella informationen som väsentligen liknar mottagande parts skyldigheter enligt sekretessavtalet.
Upprätthålla informationssäkerhet
Det är avgörande att förstå vikten av att skydda den konfidentiella informationen som delas. Om du tar emot konfidentiell information är det viktigt att förstå och acceptera att du är skyldig att implementera rimliga säkerhetsåtgärder. Detta inkluderar tekniska, fysiska och organisatoriska åtgärder för att skydda informationens konfidentialitet och förhindra obehörig åtkomst eller avslöjande.
Undantag från sekretesskyldighet
Normalt innehåller sekretessavtal vissa undantag från de sekretessskyldigheter som åläggs den mottagande parten. När det kan bli fallet inkluderar nedan fyra olika exempelsituationer.
Allmänt känd information
Om informationen blir offentligt tillgänglig för allmänheten (utan att mottagande part brutit mot sekretessavtalet) upphör sekretessskyldigheterna för mottagaren och dess dotterbolag att gälla som bindande.
Tidigare vetskap
Om informationen införs i en offentlig domän (utan att mottagande part brutit mot sekretessavtalet) befriar också mottagaren och dess dotterbolag från sekretessskyldigheterna.
Tredje-parts avslöjande (inklusive dotterbolag)
När mottagaren får information från en tredje part som har laglig rätt att avslöja den, behöver de inte längre hålla informationen konfidentiell.
Rättsliga krav
Ett viktigt undantag tillåter mottagaren, dess dotterbolag/filialer eller tredje parter att avslöja konfidentiell information genom en domstolsorder eller myndighetsbegäran. Vanligtvis ska den avslöjande parten informeras innan informationen lämnas ut för att följa den juridiska processen.
Återlämnande/destruering av informationen
När syftet med att dela konfidentiell information är uppnått kan den avslöjande parten begära att den mottagande parten återlämnar eller förstör den konfidentiella informationen som fortfarande är i deras besittning.
Till exempel kan den avslöjande parten begära att den mottagande parten återlämnar kopior, prover och annat material som innehåller konfidentiell information samt kräva att den mottagande parten raderar/förstör digitala data som innehåller konfidentiell information.
På grund av dagens komplicerade IT-miljöer hos de flesta företag kan det vara antingen väldigt utmanande eller kostsamt att helt eliminera data. Därför råder vi att inkludera formuleringar som: ”parterna är överens om” i sekretessavtal gällande destruering av digital data.
Specifika lagar kan tillämpas
Även om sekretessavtal vanligtvis omfattar reglering av sekretesskyldigheter är det viktigt att inse att specifika lagar och förordningar kan åsidosätta eller komplettera avtalsregleringen i vissa situationer.
Exempel på sådan rättsreglering inkluderar: sekretesslagar, GDPR, arbetsrättsregler och regler om företagshemligheter.
Dessa lagar och förordningar kan ställa ytterligare krav eller medge mer vittgående undantag, så beakta dessa skyldigheter när du ingår eller tolkar ett sekretessavtal för att säkerställa fullständig efterlevnad. Dessutom, se även denna artikel från Hogan Lovells för ytterligare information om ämnet.
3. Slutsats
Medan titeln på denna artikel “Skriv inte på det där NDA:et än! Förstå dina skyldigheter först” kanske kan låta lite dramatisk, understryker den en viktig poäng: sekretessavtal underskattas ofta.
Att förstå sekretesskyldigheter enligt sekretessavtal, särskilt för den mottagande parten, är avgörande. Det är viktigt att inte förhasta sig och skriva under dessa avtal utan att helt förstå den potentiella påverkan på ditt företag och din handlingsfrihet.
Genom att noggrant granska och förstå dina skyldigheter kan du skydda dina intressen, undvika kostsamma rättsliga tvister och säkerställa ett framgångsrikt partnerskap.
Kontakta oss på +31650608964 eller lowa@amstlegal.com om du behöver mer information eller rådgivning om detta ämne.
Don’t Sign That NDA Yet! Understand Your Obligations First
Introduction
Ready to dive deeper into Non-Disclosure Agreements (NDAs)? We covered the basics and key elements of NDA’s in part 1 here and in part 2 here we covered four common clauses like Parties, Definitions and the Purpose of NDA’s . Now, let’s explore the crucial confidentiality obligations for the receiving party in an NDA.
Learn how to safeguard your sensitive information during business partnerships with this Article ‘Don’t Sign That NDA Yet! Understand Your Obligations First’.
Quick Facts
Under NDAs, also called confidentiality agreements, parties agree the following:
- Confidentiality Obligations: keep information secret, use it only for the purpose mentioned in the NDA and don’t disclose it to unauthorized parties.
- Maintain Information Security: implement reasonable security measures to safeguard the confidentiality of the information.
- Exclusions: in certain circumstances the confidentiality doesn’t apply, such as publicly available information or disclosures required by law.
- Destruction of Information: when to return or delete confidential information once the purpose is fulfilled.
Although NDAs generally take precedence over the law, specific laws & regulations may apply. Think specific secrecy laws, the GDPR, employment laws and Trade Secret Regulations.
Confidentiality Obligations of Receiving Party
Limited Usage of the Confidential Information
In an NDA, the receiving party has the main confidentiality responsibilities.
This generally includes using confidential information exclusively for the designated “purpose” in the NDA. See our previous article here where we explain why this is important and how to cover the purpose correctly. Doing so ensures safety of keeping the confidential information secret, and makes the recipient refrain from disclosing it to any third parties.
A well-drafted NDA should explicitly restrict the receiving party from not only directly and deliberately misusing or disclosing confidential information but also from doing so indirectly, negligently, or unintentionally.
Extension of allowed recipients
One of the most important parts of the NDA to pay particular attention to is:
‘Who is able to received the Confidential Information’?
As it will often not only be the parties to the NDA itself who need to receive the confidential information, it is important to extend these confidentiality obligations beyond the receiving party itself.
Most common examples of third parties:
- professional advisor like accountants, consultants or lawyers,
- agents, directors, employees, and
- affiliates
Therefore, ensure that you include very clear definitions of third parties that may receive the Confidential Information and under which circumstances.
Usually these circumstances are that these third parties can only receive the confidential information if they have:
- a need to know in connection with the Purpose (as defined in the NDA), and
- the legal obligations of confidentiality and non-use with respect to the Confidential Information substantially similar to the obligations of the Receiving Party under this Agreement.
Maintain Information Security
Realizing that it is important to also protect the security of the confidential information shared is crucial.
If you receive confidential information it is important to understand and agree that it is are required to implement reasonable security measures. This includes technical, physical and organizational measures safeguarding the confidentiality of the information and prevent unauthorized access or disclosure.
Exceptions from confidentiality obligations
Typically, NDAs include certain exceptions to the confidentiality obligations imposed on the receiving party.
Public Knowledge
If the information becomes publicly available (without breach of the NDA), the confidentiality obligations cease to bind the recipient and their affiliates.
Prior Knowledge
The entry of the information into the public domain (without a breach of the NDA) also releases the recipient and their affiliates from confidentiality obligation
Third-Party Disclosure (Including Affiliates)
When the recipient receives information from a third party who has the legal right to disclose it, they no longer need to maintain its confidentiality.
Legal Requirements
An important exception allows the recipient, affiliates, or third parties to disclose the confidential information through a court order or governmental request. Typically, the discloser should be notified before the information is disclosed to comply with the legal process.
Return/destruction of information
When the purpose of sharing confidential information is achieved, the disclosing party may request the return of the disclosed confidential information or the deletion/destruction of the confidential information if it remains in the possession of the receiving party.
For example, the disclosing party can request the receiving party to return copies, samples, and any other tangible materials containing confidential information; and to delete/destroy digital data containing confidential information.
In the current complicated IT setup of most companies, completely eliminating data can be either highly challenging or cost-prohibitive. For this reason, we advise to add wording similar to: parties agree
Specific laws might apply
Although NDAs generally cover confidentiality obligations, it is important o realize that specific laws and regulations may override or complement them in certain situations.
Examples are: secrecy laws, the GDPR, employment laws, and Trade Secret Regulations.
These laws & regulations can impose additional requirements or exceptions so do consider these obligations when agreeing or interpreting an NDA to ensure full compliance. Also see this article from Hogan Lovells on this subject.
Conclusion
While the title of this article ‘Don’t Sign That NDA Yet! Understand Your Obligations First’ might be a bit dramatic, it underscores an important point: NDAs are often underestimated.
Understanding confidentiality obligations under NDAs, particularly for the receiving party, is crucial.
It’s essential not to jump into signing these agreements without fully understanding the potential impact on your business and your ability to operate freely.
By carefully reviewing and understanding your obligations, you can protect your interests, avoid costly legal disputes, and ensure a successful partnership.
Please reach out to us via +31650608964 or lowa@amstlegal.com if you need more information or advice about this subject.
NDAs Explained – What You Need to Know (part 1)
NDAs ensure that confidential information is used solely for the specified purpose set out between the parties in a business relationship. In the world of business, where ideas, innovations, financial information and secrets are the keys to success, Non-Disclosure Agreements (NDAs) often play an important role in protecting a company’s confidential information. This article will provide a comprehensive overview of NDAs in the context of Business to Business (B2B) dealings.
What is an NDA?
An NDA, also referred to as a Confidentiality Agreement, is a legally binding contract between two or more parties to protect confidential information which may be shared during the course of their business relationship. More specifically, confidential information is non-public information of a company that could harm the company when it would be shared in public. Usually a list of the Confidential information is included in the NDA, containing for example: trade secrets, know-how, products and technology-related information, discounts, customer lists, sales and financial information, business plans, etc.
Why and when do we need an NDA?
In the B2B context, NDAs can be an essential tool for protecting proprietary knowledge, trade secrets and other confidential data that is important for a company to maintain its competitive advantages. That sensitive information, therefore, should be defined clearly and carefully in NDAs. However, be careful not to define it too narrow to ensure that you have not missed an important category. By using a properly drafted NDA, your company can secure valuable information from competitors or other third parties who may benefit from the disclosure of such information.
Primary objective
The primary objective of an NDA is to ensure the disclosed sensitive information is securely used and handled, preventing its use or disclosure without proper permission and authorization by the disclosing party. An NDA is often signed at the beginning of a business relationship or before entering into a business relationship.
Example
Common example: a technology company is planning to sell and offer specialized software solutions to an enterprise customer. The companies start by discussing how to integrate the software into the customer’s systems to ascertain the price for the integration and the use of the software. For this, the technology company might share insights about their pricing, SLA, policies and software, and the customer, in turn, might explain their challenges and share business plans. While doing so, the companies therefore plan to share documents including non-public, hence confidential information. This is why it is advised that these companies sign an NDA before sharing this confidential information to each other. Such an NDA can be terminated when the parties sign a final customer contract, which should also include confidentiality terms.
How does an NDA protect your confidential information?
Like any other legal contracts, an NDA carries important legal consequences for breach of contract. Depending on the severity of a breach, its consequence can range from lawsuits, financial penalties to – in extreme cases – criminal charges. Breaching an NDA can also harm a party’s reputation, which may lead to other long-lasting consequences to its business, especially in business relationships and industries where trust and confidentiality are crucial.
Claims and lawsuits relating to a breach of an NDA are not common, but it absolutely happens that a company needs to pay out a penalty for breach of confidentiality. We have even advised on this matter a few times in the past.
What type of NDA do you need?
There are various types of NDA that can be used based on the specific circumstances and the needs of the parties involved. Below are the three common types of NDA:
- Unilateral NDA (One-sided NDA): In a unilateral NDA, one party, typically the seller, imposes on the other party the obligation to secure the information and not to disclose or use the information for any purpose other than what is specified in the agreement. In a B2B context, unilateral NDAs are often used between buyers and sellers. For instance, a Biotech company (seller), may employ a unilateral NDA to prevent the buyer from disclosing sensitive information they have gained during the purchase of products or services, such as intellectual property and computer technology. Also common in Public Tenders and for RFI (Request for information) in RFP (Request for Price) situations.
- Mutual NDA (Two-sided or Mutual NDA): A mutual NDA involves two parties, and both parties will be sharing sensitive information with each other and agree that both sides will be bound by confidentiality obligations. Mutual NDAs are frequently used when the parties need to exchange considerable amounts of confidential information during their negotiations or business relationship. Such situations can be Joint Ventures, Vendor Contracts or Mergers and Acquisitions.
- Multilateral NDA (Three or More Parties NDA): A multilateral NDA includes three or more parties, where at least one party shares sensitive information with other parties and enforces confidentiality obligations. This type of NDA streamlines the paperwork and administration for the parties in a sense that the parties do not need to enter several unilateral or bilateral NDAs with one another. In a business relationship involving three parties, where all anticipate disclosing confidential information, a single multilateral NDA can replace the need for three different bilateral NDAs between each pair of parties. Such situations can be Partnerships, Government Contracts (like defense and aerospace contracts) and Consortium Agreements.