NDA Agreements: How to Draft and Enforce Them

The non-disclosure agreement, or NDA, is the Swiss Army knife of business contracts: deployed constantly, in situations ranging from the mundane to the genuinely critical, and almost universally underestimated until someone breaches one and the inadequacy of the document becomes painfully apparent.

An NDA serves a simple purpose: it legally obligates the recipient of confidential information to keep it secret and to use it only for the specified purpose, creating legal liability for unauthorized disclosure or use. The simplicity of the purpose, however, does not translate into simplicity of drafting. NDAs routinely fail to protect the information they were designed to protect because they are poorly defined, improperly structured, or missing provisions that effective enforcement requires.

This guide explains what effective NDAs include, what common drafting mistakes undermine their enforcement, when to use a mutual versus one-way NDA, and how to respond when someone breaches the obligation they signed.

What Every Effective NDA Must Include

The definition of confidential information is the most important provision in any NDA, and it is the one most likely to determine whether the agreement provides real protection. A definition that is too narrow fails to cover the information the disclosing party actually needs to protect. A definition that is too broad, covering everything the disclosing party says is confidential, may be unenforceable for vagueness or may dilute the agreement's practical effect by treating ordinary information as protected.

Effective definitions of confidential information describe the category of information being shared with enough specificity to distinguish it from generally available information, and they specify that the obligation applies to both marked written disclosures and to oral disclosures subsequently confirmed in writing within a specified period. They also specify the standard exclusions that courts expect to see: information that is or becomes publicly available through no fault of the recipient, information the recipient already knew before disclosure, information independently developed by the recipient, and information received from a third party without restriction.

The permitted use provision specifies the purpose for which the recipient is authorized to use the confidential information. This is a critical limitation that prevents the recipient from using your information for their own competitive purposes even if they never technically disclose it to a third party. A definition that obligates the recipient to keep information confidential without specifying a limited permitted use creates a significant gap in protection.

Mutual vs One-Way NDAs

A one-way or unilateral NDA protects information flowing in one direction: the disclosing party shares confidential information with the recipient, and only the recipient is obligated to maintain confidentiality. One-way NDAs are appropriate when only one party is sharing confidential information, such as a vendor presenting a proprietary solution to a potential customer, or a job candidate being provided with sensitive information about a company during the hiring process.

A mutual or bilateral NDA obligates both parties to maintain the confidentiality of information received from the other, which is appropriate when both parties will be sharing confidential information with each other, as is common in joint venture discussions, partnership negotiations, and potential acquisition talks where both the buyer and seller share sensitive business information.

Many companies reflexively request mutual NDAs even in situations where only one party is actually sharing confidential information, on the theory that mutuality signals good faith and even-handedness. In practice, a mutual NDA when only one party is sharing confidential information simply means that the non-sharing party has taken on obligations about information they never actually receive. This is not necessarily a problem, but it is a structurally unnecessary commitment.

The Duration Trap: How Long Should an NDA Last?

The term of an NDA specifies how long the confidentiality obligation continues. Common durations range from one to five years, with some NDAs specifying perpetual obligations for certain categories of particularly sensitive information. The appropriate duration depends on the nature of the information: how long will it retain competitive value, and how long does the disclosing party genuinely need protection?

Extremely long or perpetual NDA terms raise enforceability concerns in some jurisdictions, where courts may find that obligations of excessive duration are unreasonable restraints on trade. Excessively short terms create practical protection problems: a two-year NDA covering information about a product that will not reach the market for three years expires before the protection period needed.

The survival clause specifies which provisions of the NDA continue in effect after the NDA's primary term expires or after the parties' relationship ends. Many NDAs have poorly drafted survival clauses that inadvertently allow the confidentiality obligation to lapse when the broader agreement terminates. Careful drafting ensures that the confidentiality obligation survives for the period specifically negotiated, regardless of the underlying business relationship's duration.

When the NDA Is Breached: Your Enforcement Options

Injunctive relief is the most important remedy for NDA breach and should be specifically addressed in the agreement's remedies provision. An injunction is a court order requiring the breaching party to stop the prohibited conduct immediately. Injunctions are available on an emergency basis without full litigation when the plaintiff can show immediate irreparable harm, which is the standard case when confidential information is being actively disclosed or used.

A well-drafted NDA should include a specific provision acknowledging that monetary damages may be inadequate to compensate for breach and that the disclosing party is entitled to seek injunctive relief without posting a bond. Courts are more receptive to injunction requests when the agreement explicitly acknowledges the inadequacy of monetary remedies, because it removes the argument that the plaintiff should be required to prove irreparable harm.

Liquidated damages provisions in NDAs, specifying a fixed amount payable upon breach, can provide certainty about remedies when proving actual damages from a confidentiality breach is difficult. The challenge is that excessively high liquidated damages provisions may be challenged as unenforceable penalties rather than genuine pre-estimates of loss. Working with an attorney to set a defensible liquidated damages figure is advisable when this provision is included.

Final Thoughts

The NDA is only as valuable as its drafting quality and the seriousness with which both parties treat it. A thoughtful, specifically drafted agreement that defines confidential information precisely, specifies the permitted use, provides for adequate remedies, and is taken seriously as a legal commitment by both signatories genuinely protects the information it covers.

The common mistake of treating NDAs as routine forms to be signed and filed without careful attention creates protection that looks real on paper but fails when tested. Invest the modest time and cost required to draft NDAs that actually work before you share information that genuinely matters.

When someone breaches your NDA, act quickly with legal guidance. The remedies available, particularly injunctive relief, are time-sensitive, and delay significantly reduces their effectiveness.