Insights Header image
Insights Header image
Insights Header image

Tips for Startups – The Scope and Limitations of Non-Disclosure Agreements

August 2016 Business Law Bulletin 6 minute read

In an economic climate where information is often a business’s primary asset, it is important that companies be able to control the disclosure of key information such as intellectual property, strategic plans, data, research and development, and financial forecasts. The surest way to prevent unwanted disclosure is simply to not share information that you wish to keep confidential, but often times this is not practical and risks stifling business growth. If and when your company decides to share this type of information with an outside third party, entering into a non-disclosure agreement (an “NDA“, or sometimes referred to as a confidentiality agreement) prior to sharing the information may help prevent the receiving party from disclosing the information provided. Although an NDA has its place in commercial practice, it does not come without its limitations. For this reason, we suggest relying on an NDA as only one part of your company’s practice for keeping key information confidential.

What is an NDA?

An NDA is a contract between two or more parties, with at least one disclosing party and at least one receiving party. The disclosing party is the entity sharing confidential information that they wish to remain undisclosed beyond this arrangement, while the receiving party is the entity receiving the confidential information.

The NDA must define the information that you expect to remain confidential (the disclosing party will prefer a broader definition to protect more information) and the purposes for which it may be used (this should be defined carefully to ensure that the receiving party is not able to use the information for any purpose outside what the disclosing party intends to share it for). The agreement may also set out the particular individuals who are responsible for receiving and controlling the individuals or the “further recipients” with whom they may share the information with. The receiving party and these further recipients may be held responsible for disclosing or using the information outside the terms of the NDA. Depending on the form of information, the parties may also require the receiving party to return the confidential information, or when that is not possible, to destroy it in a commercially reasonable manner.

The agreement will also set out the disclosing party’s remedies in case of a breach. These may include monetary damages, injunctive relief, and indemnification for harms caused by the breach. Depending on the information in question, breach of an NDA may cause irreparable damage to the disclosing party. For example, if the disclosed information lands in the hands of a competitor, or otherwise proves unfavorable to the disclosing party once publicly known. Unfortunately, as is the case with contractual breaches, a harmed party would have to go to court to have the breach enforced, which can be costly, time-consuming, and ultimately won’t reverse the unwanted disclosure. Much in the same way that IP law can’t protect trade secrets, the release of the information itself is what is harmful and it is difficult to undo this damage.

Are NDAs All the Same?

While it may be tempting to use a template NDA or other confidentiality agreement found on the Internet, there are many provisions in confidentiality agreements that should be tailored to the specific business relationship at hand. Using a confidentiality agreement that is suitable for your company’s goals and circumstances is imperative to ensuring your key information is not disclosed. The form of an NDA may vary and will depend on the particular situation at hand, for example, will only one party be disclosing information, or both? A one-way NDA is appropriate when only one party (the disclosing party) is sharing confidential information. Mutual NDAs, on the other hand, are useful when all parties to the agreement are sharing confidential information and act as both receiving and disclosing entities, for example, when deciding whether to enter into a joint venture, a partnership, or merge into one entity. The NDA will allow both parties to learn more about each other such that they can determine whether to make the significant decision of merging or entering into a partnership. Both parties will be granted protection under a two-way NDA, and will often be subject to equal restrictions.

Will the information be shared over a period of time or is this a one-time disclosure? The term of disclosure may be important to clarify whether information being shared falls under the protection of the NDA. Additionally, the disclosure term and the period the information is subject to these restrictions are quite distinct timelines. Although the disclosing party may want the information to be held confidential indefinitely, there are some jurisdictions where a court will not enforce this, leaving your company unprotected where you may expect the information to be kept confidential forever.

Is the information being shared for a particular purpose and should you limit the ways in which the receiving party may use the information it receives? It is important to consider your goals for sharing the information and define the boundaries of use accordingly. The purpose of use should be flexible enough to enable the receiving party to use the information as the disclosing party intends, say to evaluate a potential partnership or investment. But is should not be defined so broadly as to allow the receiving party to use the information for any purpose, negating any protection the disclosing party may expect.

Additionally, an NDA may spell out whether and when the information may be disclosed further to a recipient that is not party to the contract. A more flexible limit on “further disclosure” would allow a recipient to share the disclosed information only with those persons within the receiving party’s organization, as is necessary to carry out the purpose of the NDA on a strictly “need to know” basis. Alternatively, an agreement may restrict the recipient to sharing the confidential information only with particular persons who are expressly authorized in writing to receive the information. This would suit shorter-term projects with a limited scope.

In certain circumstances, it may be appropriate to include a non-solicit, non-hire, or non-compete provision in the NDA, to restrict the recipient from being able to use your company’s information to solicit your company’s customers, employees, or compete with your business. If this is not necessary, however, it is not advisable to retain and rely on a provision that a court may find unenforceable

Other Ways to Protect Your Confidential Information

Once confidential information is publicly disclosed, it becomes quite difficult to successfully engage in damage control and prevent the disclosed information from being spread further. This is particularly true where information can be permanently stored and instantly spread over the Internet. While NDAs can be useful in certain situations, we suggest that your company consider these agreements as only one part of its practice to protect key information.

Consider whether and to what extent you are comfortable sharing certain confidential information. There may be circumstances where you do not need to share your “secret sauce” in order to engage in a working relationship, so consider limiting this disclosure to what is truly needed. Many of the clauses that you may include in an NDA may also be set out in other agreements that your company enters into, including employment and independent contractor agreements, licensing and supply agreements, and financing arrangements.

Companies may take precautions internally as well. From instituting shredding policies and requiring certain documents to be stored in locked cabinets to controlling network login in and out of the office. Your company may wish to limit certain information to only those employees who have a need to know the information to perform their job. In certain situations, it may also a good idea to gently remind parties, such as employees or independent contractors, of their confidential obligations to your company from time to time or when the relationship is over. Depending on the form of your company’s confidential information, it may be reasonable to perform internal audits of your protective policies and measures and work from these results to increase protection. Finally, certain information may be so important to your company to warrant implementing security policies and precautions or register the company’s intellectual property under trademark or patent registration.

Implementing and following security practices that work for your company, in addition to using an NDA when appropriate, will continue to serve your company as it grows and will help to avoid costly litigation and prevent unwanted disclosure of your company’s most important information.


If your company is considering disclosure of confidential information to another entity, do not hesitate to take action and get an NDA before parting with any important knowledge. Because of the nuances involved in drafting NDAs, such as utilizing appropriate scope when defining terms, it is important to seek legal advice from your counsel so that your agreement is properly drafted.

by Morgan McDonald and Brandon Deans, Temporary Articled Student

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2016

Insights (5 Posts)View More

Featured Insight

BC Human Rights Tribunal Questions Enforceability of Release

This bulletin addresses the enforceability of releases signed following a termination and reiterates best practices for obtaining an enforceable release.

Read More
May 29, 2024
Featured Insight

Proposed Changes to Employment in Ontario: Working for Workers Five Act, 2024

This bulletin discuss new employer obligations proposed in Bill 190, the Working for Workers Five Act, 2024.

Read More
May 28, 2024
Featured Insight

Investor Relations Activities Require Clear and Conspicuous Disclosure

BC Notice 51-703 emphasizes that investor relations activities must be “clearly and conspicuously” disclosed pursuant to Section 52(2) of the Securities Act.

Read More
May 22, 2024
Featured Insight

Unpacking Ontario’s Proposed Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024

Unpacking Ontario's Bill 194: Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024. Key changes & compliance strategies detailed.

Read More
May 17, 2024
Featured Insight

Navigating International Student Worker Restrictions: Post-Expiry Guidelines for Employers

On April 30, 2024, Canada’s temporary waiver allowing international students to exceed 20 hours of work per week expired.

Read More
May 14, 2024