Full Disclosure on Non Disclosure Agreements

ZeniMax was just awarded a $500,000,000 judgement against Oculus co-founder, Palmer Luckey, and Oculus for failure to comply with a non-disclosure agreement. The case revolved around consistent and intentional use of ZeniMax’s research, code, and trade secrets in violation of the non-disclosure agreement. While this judgment is certainly notable, it fails to reflect how common non-disclosure agreements are in the games industry. Most do not result in high profile cases or multimillion dollar judgments but are part of the process of doing business day to day. Companies interested in working together, hiring new employees, releasing test versions of games, or discussing new projects all employ, or should employ, non-disclosure agreements to protect their interests.

The non-disclosure agreement at issue in the ZeniMax case is available online. It is relatively straightforward; it contains no transfer of any property or rights, and seeks to ensure that any shared information remains confidential. But, in some cases, Non-disclosure agreements generally can be much more complex than they initially seem.

Non-Disclosure Agreements (NDAs) are some of the shortest, and possibly most common, agreements, and, as such, seem deceptively familiar and simple. But, they are can be very complex. One thing to be aware of is who a NDA is written to protect. Some are described as mutual but actually only protect one party’s data. The individual or company providing the NDA has the power to write themselves in as the exclusive “discloser” and cast the other party as the “receiving party.” A document written this way can leave the “receiving party” open to misuse of their data or unauthorized disclosure without any recourse.

Another NDA issue cropping up more and more frequently is the re-use and misuse of NDAs. Whether a company is using the same NDA for a plethora of dissimilar purposes or an unestablished company has pulled an untested NDA off the internet, the document can be unfit for their purposes, fail to be valid in the jurisdiction, or have unnecessary complexities that bog down the relationship. Most concerning, these types of agreements often fail to protect the types of data the parties intend.

Beyond these somewhat obvious pitfalls, there can significantly trickier things in NDAs. The first of these comes up if the duty to maintain confidentiality ends with the term. Put simply, if the contract expires in one year and the confidentiality obligations do not survive termination of the agreement, all the confidential information shared throughout the course of the contract can be made public after that first year, including information given the day before the expiration of the contract as well as information that has long standing implications for future plans. NDAs are almost always intended to be temporary, but not so temporary that they fail to protect information. A NDA should last long enough to reach a formal agreement, since it’s meant to form a basis for initial conversation.

Another way a NDA can limit what information is protected is through extensive requirements for what can be considered confidential. For example, a NDA could require that confidential information be labeled “confidential” in red ink, 24.7 point font, Helvetica, and only disclosed to Bob Smith in Accounting. Anything that does not meet all these unreasonable criteria would be eligible for use or disclosure. While most NDAs are not as outlandish as the foregoing, how “Confidential Information” is defined is a very important point in the agreement. The other side of this issue is the inclusion of exceptions as to what is confidential. While certain exceptions may be legally required, some NDAs include so many exceptions that confidentiality is meaningless.

The “purpose” described in an NDA is often overlooked as legal voodoo, but it sets limits on what information can be disclosed and in what circumstances that information can be used. Further, a well written purpose can set both parties on track to a mutually beneficial long term relationship. While purposes can range from “a commercial relationship between the parties” to a “strategic relationship,” a “commercial relationship” is the language typically agreed upon.

Another thing to watch for in many NDAs is the inclusion of people not involved in the deal, third parties and affiliates. These outside parties are often excused from the limits of the NDA, and where they are included, are more difficult to enforce the confidentiality restrictions against. Ideally, to make it easier to find and, if necessary, legally challenge, third parties and affiliates, they are listed in the document. Where this isn’t possible, NDAs usually require third parties and affiliates be held to at least the same level of confidentiality as required by the NDA prior to the disclosure.

Another thing to consider when signing an NDA is where the parties are based and the governing law. As a general rule, trade secrets and other commercially valuable information, which often falls under NDAs, are within the purview of the Uniform Trade Secrets Act (UTSA). The UTSA was developed as an effort to harmonize the standards and remedies for the misappropriation of state secrets. But as with every rule, there are exceptions. Only 47 states have adopted the UTSA, excluding New York, North Carolina, and Massachusetts. Since the NDA in the ZeniMax case chose Texas as the governing law, any trade secrets would be subject to the UTSA. The enforceability of contracts is generally uniform throughout the U.S., since so much business occurs across state lines, parties must be able to rely on the enforceability of their agreements.

From an international perspective, NDAs function in much the same way as other contracts. Certain provisions may receive additional protections from intellectual property laws and treaties, but the enforceability of the core agreement depends heavily on the countries of the parties involved. The biggest issue that arises in pure contract law is the “choice of law” or “governing law” provisions. Most parties don’t want to engage in expensive international litigation and will push for local law. Some countries require local law be the governing law for the contract to be endorsable. Beyond strict contract law, trade secret law varies by country. Parties to the North American Free Trade Agreement agree to provide for uniform minimum standards for protecting trade secrets, but the specifics are dealt with on a country-by-country basis.

Some NDAs include strange provisions, the least unusual of which is a requirement that any dispute be settled in a nonstandard or biased forum, for example one with unusual laws or that is likely to give preference to one party. Another uncommon inclusion to NDAs is a license to use confidential information for testing purposes without limitation. This clause would allow a consultant, who isn’t legally bound to confidentiality, to determine how the confidential information functions and to attempt to reproduce it. Relatedly, and equally rare, some NDAs include assignments, meaning intellectual property transferred as confidential information becomes the property of the receiving party. Equally odd are indemnification provisions or restrictions on hiring practices, which, while common in business agreements or other contracts creating long term relationships, have no place in an NDA.

NDAs are necessary to conduct business while protecting ideas and technology, but they can also be deceptively dangerous. Even seemingly innocuous agreements, like the one between ZeniMax and Oculus can lead to litigation and expensive judgments. Even with all the complexities of NDAs, no amount of simplifying a relationship or blind trust is worth the risk of not having one; and, the best NDA to have is one drafted by an attorney for your specific needs. NDAs are an important first step in protecting information, best used in combination with a judicious eye to what’s being shared with other parties. The outcome of the dispute between ZeniMax and Oculus lends the most important lesson: know how shared information is being used and protected, lest the NDA be breached.