The Basics of Non-Disclosure Agreements for Boards of Directors

A Primer on Non-Disclosure Agreements

At its core, a non-disclosure agreement (NDA) is a contract in which two or more parties agree not to share certain confidential information with outsiders to the relationship. It is sometimes called a "confidentiality agreement," but it is nothing more than an agreement that a party will not reveal confidential (read: secret) information to a third party.
NDAs are useful in many contexts. But they are critical in the context of board of directors service. In most board service agreements and articles of incorporation , boards require that directors sign NDAs. Directors belong to a small group that collectively governs the company’s business and affairs. Director access to confidential and proprietary information can give the company a strategic advantage over other market participants. NDAs make sure that the advantage is not diminished through unauthorized disclosure of confidential information.

Fundamental Elements of a Board NDA

A Non-Disclosure Agreement for the Board of Directors is meant to protect trade secrets, intellectual property, and proprietary information that the company and its directors intend to keep confidential. For some Boards, especially those of family-owned businesses, the NDA also protects against the potential for conflict of interest between certain directors and the business. The NDA may also include specific provisions relating to the director’s duty to disclose a conflict of interest or the potential for a conflict of interest to the remaining members of the Board.
Essential terms of a Board NDA must include:
The Obligation of Confidentiality. This section will describe in detail the information that the director is required to hold confidential. This can be company information but may also specifically define any information provided by another director to the director in question or information that is shared with the director under a representation agreement. The NDA should also provide the remedies that the company has, in this case a violation of the NDA, and how those violations are remedied, including injunctive relief, as well as from the protection of direct and indirect damages from a breach of the NDA. Term of the Obligation. The term of the obligation is directly related to the type of information that is covered. Some confidential, or trade secret information, must continue to be held confidential indefinitely. Typically, a three (3) year term and thereafter can be reasonable and appropriate. If the information covered is more specific, such as the information that is provided by another director to the director in question, then that can depend upon the circumstances of that information. For a term that extends beyond three (3) years, the information should be clearly itemized in the NDA with the rationale as to why that information must be held confidential for a longer duration. Exclusions. This is a common section that is found in many contracts and should be included in the Board NDA. It should be made clear that third-party information that is publicly available and has not been shared in a protected manner with the director should not be covered by the obligation of confidentiality. Vulnerabilities, exploitation, and security breaches third-party information may also not be covered by the NDA. Use of Confidential Information. This section provides the context within which the director can use confidential information that is shared with him or her by the company and by the other members of the Board, including their ability to engage in potential commercial activities. The NDA should also include a provision whereby the director agrees to hold confidential all information that is not meant to be shared with third-parties. The opportunity for the director who is exposed to confidential information to object to the company’s sharing that information should also be considered. Disclosure of Conflicts. This section can be optional, but it should provide exacting detail as to the type of information that must be reported. These types of conflicts may include: Non-Compete. A non-compete can be common in hiring a senior executive or newly appointed CEO to serve on the Board. At times, a non-compete is common if the director owns a competing business that may cause damage to the company and its business plan. Non-Solicitation. An NDA for directors may require that no confidential information that has been shared with the director can be used to solicit or hire his or her superiors or subordinates during the term of his/her position.

The Personal Benefits of NDAs for Boards

There are myriad reasons that compel boards of directors to require non-disclosure agreements or otherwise address confidentiality and information sharing. Here are some of the most frequent:

1. Directors and board observers typically handle sensitive data that should be protected from undue disclosure, such as:

(i) confidential financial information, including forecasts and future projections;
(ii) strategic plans and pricing policies;
(iii) compensation, equity and other potential employment opportunities and related data; and
(iv) trade secrets, proprietary information and protected intellectual property, among others.

  • The unauthorized disclosure of confidential and sensitive data presents a real risk that can materially harm a company’s ability to achieve its objectives or prudently and appropriately conduct its business; indeed, in some instances, it can devastate the company.
  • Escalating awareness of security breaches and unauthorized disclosures, including those perpetrated by insiders, has heightened boards’ sensitivity and concern around vesting employees, board members, executives and consultants with access to privileged, sensitive and/or confidential information and procedures that lack adequate protections against unauthorized or improper disclosure (whether intentional or not) of such information.
  • Today, most companies consider protection of sensitive data to be a critical prerequisite to protecting company intangible assets, largely because most of the threats to corporate value are now sourced to information technology, not hard assets, IP or physical facilities.
  • Cross-border data transfer and electronic media continue to be frequent sources of data security concerns, as such security breaches of such information can occur when data is shared outside of the country in which it is collected, sometimes without the company’s awareness or approval.
  • In addition to its enforcement authority, the Securities and Exchange Commission ("SEC") penalizes companies for failure to take appropriate action to ensure the security of their sensitive company information collectible via electronic means.
  • The National Institute of Standards and Technology ("NIST") provides standards and guidelines for the protection of sensitive information and promotes the establishment of security measures to protect government and commercial assets.

Creating a Successful Board NDA

When drafting the NDA, there are a number of practical steps that may be taken to ensure that the NDA is likely to be upheld by a court and is meaningful to the corporation. Consider the following:

  • It is important for the company to have a clear policy in place that describes confidential information. If the company’s policy delegates who is responsible for the allocation of the confidential designation (for example, the CFO), the confidentiality policy should list examples of the types of information which will be designated confidential (such as customer information or financial information), and should also include examples of information which will not be likely to be designated confidential (such as information within the public domain). The policy should also address how designated confidential information will be marked or stored and who will be responsible for such designations. If all confidential information is to be determined and classified as confidential through Central Contact fourteen (14) days prior to a meeting, then the first agenda item of every monthly board meeting will include a report on what confidential information was discussed at the prior month’s board meeting. Additionally, the policy should include examples of situations when information is shared with the board and other employees, for example a board committee reports to the board. Corporate policy and the NDA should be clear that the policy is intended to function prospectively and that all information disclosed whether or not it is expressly identified as confidential at the time of disclosure will be considered confidential. To ensure compliance with the policy, consider implementing written form agreements which designate documents as confidential and are signed prior to disclosure. It may also be helpful to label documents clearly as confidential at the top and bottom of each page which as a best practice, should also be stamped confidential (i.e. a watermark).
  • When determining who is a board member, the corporation should be clear as to whether a family member, household member or long time personal acquaintance is a director and therefore, is entitled to all company disclosures. Even if there is no familial or household relationship, shareholding within a certain period of time should be lifted when the connection exists between the board member and an individual (such as a director’s brother-in-law) who has the potential of receiving the confidential information.
  • In order to adequately protect the company’s confidential information, the NDA should include a non-solicitation provision. The NDA should contemplate that the board’s duties include not recruiting the company’s employees, customers or suppliers away from the company during such board member’s service on the board and for one year following termination of such director’s service on the board. Non-solicitation provisions are especially relevant for founders who may take on roles outside the company while serving on the board.
  • Non-compete provisions contained in the NDA are seldom enforceable when drafted against independent directors. The corporation should be mindful that independent directors will not likely agree to a post-termination non-compete.

Impact of Violating a Board NDA

Should a board member violate an NDA, the legal implications can be significant. The first course of action may involve going to court to seek a remedy for the breach, which could include injunctive relief, monetary damages, or both.
Injunctive Relief
Injunctive relief, or an order from a judge requiring a board member to comply with the NDA, is the most common remedy sought by companies parallel to monetary damages. In some cases, shareholders may also pursue derivative action. These actions, however, are directed against the individual specifically, not the company.
Monetary Damages
Monetary damages sought to remedy a breach of an NDA may include compensatory damages, consequential damages, punitive damages, earnest money, or any combination thereof. Compensatory damages are paid to the company to replace those lost by the breach, such as lost revenues or additional expenses. Consequential damages are awarded when the harm caused by a breach is not direct . For example, an executive’s disclosure of a confidential recipe or formula to a board member could encourage competition to enter the market and result in consequential damages to the company. Punitive damages are awarded when there is an intent to punish the offending party for extraordinary conduct. Punitive damages are awarded independent of actual damages and are intended to set an example. Evidence of intent is required and punitive damages can be awarded in addition to compensatory or consequential damages. Finally, some companies may require board members to post collateral, such as earnest money, to enforce observance of agreements made under the NDA.
Adverse Impact
The adverse impact of disclosing confidential company information can spread beyond legal recourse for a board member. Breach of an NDA can cause harm to a company’s good standing and reputation. In addition to damaging business relationships, harm to reputation can lead to a decrease in sales and a downturn in the overall business.

Strategies to Ensure NDA Adherence by Board Members

To ensure board compliance with their NDA obligations, there are a number of strategies that can be useful. First, and perhaps most importantly, it is often necessary to provide training for directors on the need for confidentiality and the potential implications of a breach. In addition, when it becomes clear (from either a breach or a perceived breach) that the NDA required for a certain transaction needs to be clarified or even amended, it might be necessary to prepare and circulate a more detailed and updated NDA. In addition, directors must be made aware of the consequences of a breach, and should be reminded of the need to report a potential breach to the appropriate member of management, as well as the board or its audit or confidentiality or ethics committee. It is also important to review periodically the board’s policy on confidentiality. If changes to that policy are required or if technology changes and renders it obsolete, amendments should be made as appropriate.

Examples and Related Cases

Case studies and examples of board non-disclosure agreement breaches remain somewhat elusive, with only a few notable cases appearing in the public record. This is particularly surprising given the number of Fortune 500, S&P 500 and Nasdaq companies to whom the Fortune 1000 laws are generally applicable.
Over the course of the last century there have been many state and federal cases in which attorneys have drawn on the concept of "candid candor" to analyze and apply legal positions with regard to NDAs. In one clear example, these positions were evaluated by the U.S. District Court for the Southern District of New York in 1999 in US v Glens Falls Newspapers, Inc. (1999). In this case, a Federal judge determined that the breach of an NDA did not mean a loss of privileges for his clients, as the confidentiality agreement came under attack solely because of the breach of the covenant. The court agreed to respect the original intent and acquitted the defendants, even after the NDA had been claimed to be voided through one party’s action.
In another, perhaps better-known case, Delia’s, Inc. v. Elkind, a parent went to court to force a retailer jointly owned by his daughter with her then boyfriend to cease selling t-shirts that mocked him. At issue was the effectiveness of the NDA she signed when first going to work for the company, and also when she was made a co-owner of the business, in regard to both the t-shirts themselves, and regarding any information – disclosed or not – that the young woman might be privy to while working for the retail operation.
The court ultimately ruled against the father, concluding that while he would suffer some commercial harm as a result of the t-shirt sales, the business would have taken him, being "monetarily irreparable," and that the company would retain strong reparative capabilities and thus could observe the non-disclosure agreement with its employees. Because Mr. Elkind had sworn to keep the family out of the business, and because the court ruled that all the revelations of his daughter were privileged, the father lost the case and paid his daughter a strong monetary award.
There is a directly related case that is still active: COTTAMENTUM Blue & Bolivar, LLC v. DONNAY USA, Ltd., in which two attorneys representing non-board previously associated individuals are being accused of having kept records and related documents in contravention of their Non-Disclosure Agreements and in violation of the rules of the Bar. In addition to their NDA, the attorneys also allegedly appropriated confidential information including trade secrets, and furthermore spread malicious information about Chief Executive Officer Jean-Luc Donnay, and posted images of their attorneys inside their offices to members of the media they then had attacked, all of which led up to the posting of the illicit Twitter tweet referred to above.
In 2004, a similar ruling was handed down in Department of Homeless Services, City of NY v 1199 SEIU Greater NY Div., in which one employee, after signing a non-disclosure agreement and receiving training, was later charged with violating that same NDA. His termination suit was ultimately upheld by the court, as it was found that he had violated the terms of the NDA he consented to at the time of acceptance of his position.

Conclusions and Recommendations

All publicly held companies in the United States should have non-disclosure agreements for their boards of directors. These agreements can be an effective tool for protecting the confidential information of the company and should be a key element of every company’s confidentiality protections. The NDAs should be increasingly comprehensive as the director approaches the final stages of the company’s sale process. The particulars of the NDAs will vary from one company to another. But, we offer the following items for consideration by companies looking to implement or strengthen NDAs.
• Companies should employ a uniform approach to non-disclosure provisions for their board of directors. Inconsistent or unclear applications of NDAs among the directors of the same company may create problems, and therefore, uncertainty for the company.
• NDAs for board members should include a reasonably limited time period for the non-disclosure obligation. Typically, a period of three years after termination of service with the Company is acceptable. Of course, the period may extend longer than three years where it is necessary for the "sensitive" nuances of the business to remain out of the public eye until the sale process is concluded .
• Companies should document their NDAs explicitly to convey to all directors the scope, extent and significance of the non-disclosure obligations. Failure to do so runs the risk that the director may overlook, misunderstand or misinterpret the obligations.
• Further, companies should be sensitive to the needs of the directors when arranging for execution of the NDAs. Too much pressure may jeopardize the intent and purpose of the NDAs and actually reduce the confidentiality protection that the company seeks.
• Non-disclosure obligations do not need to be alarmist or draconian, i.e., "we will pay the expenses of pursuing any breach of confidentiality." Such statements are overly aggressive and likely to be counterproductive.
• Finally, NDAs for board members should be respected even when the relationship with the director ends. Companies shouldn’t only pay lip service to their commitment to upheld the NDAs. What is the company prepared to do if a director talks loosely and carelessly about the company’s confidential information during or after the end of the board member’s service. This goes to the core of whether or not the company is committed to the NDAs.

Leave a Reply

Your email address will not be published. Required fields are marked *