How to Write an NDA That Actually Protects You
Quick Answer
An effective NDA must clearly define confidential information, specify the permitted use and duration of the obligation, include practical enforcement mechanisms, and be tailored to the specific relationship and information being protected rather than using a generic template.
Step-by-Step Guide
- 1Determine whether you need a unilateral or mutual NDA
A unilateral (one-way) NDA is used when only one party is disclosing confidential information, such as when you share business plans with a potential investor or proprietary information with a contractor. A mutual (two-way) NDA is used when both parties will share confidential information, which is common in business partnerships, joint ventures, and merger discussions. Using a mutual NDA when only one party is disclosing can weaken your position by suggesting mutual obligations where none should exist.
- 2Define confidential information with specificity
The definition of confidential information is the most critical provision. An overly broad definition (like "all information shared between the parties") may be unenforceable because it does not give the receiving party fair notice of what they must protect. An overly narrow definition may leave important information unprotected. Best practice is to include a general description plus specific categories: trade secrets, financial data, customer lists, business strategies, technical specifications, source code, and any other specifically identified information. Also list clear exclusions: publicly available information, independently developed information, information received from third parties, and information the discloser authorizes for release.
- 3Specify the permitted use of confidential information
State explicitly how the receiving party may use the information, such as "solely for the purpose of evaluating a potential business relationship between the parties." Prohibit all other uses, including reverse engineering, competitive analysis, and disclosure to affiliates not involved in the purpose. Include restrictions on copying and require that all copies be returned or destroyed upon termination of the agreement.
- 4Set an appropriate duration for the confidentiality obligation
The duration should reflect the nature of the information being protected. Trade secrets should be protected indefinitely (as long as they remain secret). Business information and financial data are commonly protected for 2 to 5 years. Technical information may warrant 3 to 7 years depending on the industry. Avoid perpetual obligations for general business information, as courts may find them unreasonable. However, include a provision stating that trade secrets remain protected for as long as they qualify as trade secrets under applicable law.
- 5Include robust enforcement mechanisms
Specify remedies for breach, including injunctive relief (the right to seek a court order stopping the disclosure without having to prove monetary damages first), monetary damages, and attorney fee recovery. Include an acknowledgment that breach would cause irreparable harm not adequately compensable by money damages. Specify the governing law and jurisdiction (choose a jurisdiction favorable to NDA enforcement). Consider including a liquidated damages clause for measurable breaches.
- 6Address practical obligations for handling confidential information
Include provisions requiring the receiving party to: limit access to confidential information to employees and agents who need to know, ensure those individuals are bound by confidentiality obligations at least as protective as the NDA, implement reasonable security measures to protect the information, notify the disclosing party immediately upon discovering any unauthorized disclosure, and return or destroy all confidential information upon termination of the agreement or upon request.
- 7Include required legal exceptions
Every enforceable NDA should include exceptions for legally required disclosures (court orders, subpoenas, regulatory requirements) with a provision requiring advance notice to the disclosing party so they can seek a protective order. Under the Defend Trade Secrets Act (DTSA), NDAs must include a notice informing individuals that they are immune from liability for disclosing trade secrets to the government or in a court filing under seal for the purpose of reporting a suspected violation of law (the whistleblower immunity provision). Failure to include this notice forfeits the employer's right to exemplary damages and attorney fees in a DTSA action.
State-by-State Differences
| State | Key Difference |
|---|---|
| California | California courts apply strict scrutiny to NDAs and will not enforce provisions that effectively function as non-compete agreements (Cal. Bus. & Prof. Code 16600). NDAs that restrict an employee's ability to use general skills and knowledge may be struck down. California also has specific requirements for trade secret identification under the California Uniform Trade Secrets Act (Cal. Civ. Code 3426). |
| Texas | Texas enforces NDAs broadly and treats them as distinct from non-compete agreements. Under the Texas Uniform Trade Secrets Act (Tex. Civ. Prac. & Rem. Code Chapter 134A), trade secrets are protected even without a formal NDA, but a well-drafted NDA provides stronger and more predictable protection. Texas courts generally uphold reasonable NDA duration and scope provisions. |
| Florida | Florida is NDA-friendly and enforces confidentiality provisions robustly under the Florida Uniform Trade Secrets Act (Fla. Stat. 688.001-688.009). Florida courts have upheld NDAs with durations of 2 to 5 years for general business information and indefinite protection for trade secrets. Florida allows recovery of attorney fees for trade secret misappropriation, providing additional enforcement incentive. |
| New York | New York enforces NDAs under common law and treats confidential information protections separately from non-compete restrictions. New York courts require that confidential information be identified with reasonable specificity and that the NDA not impose unreasonable restrictions on the receiving party. New York does not have a statute specifically governing trade secrets, relying instead on common law principles. |
| Illinois | Illinois enforces NDAs under the Illinois Trade Secrets Act (765 ILCS 1065) and common law. The Illinois Freedom to Work Act (820 ILCS 90) requires that non-compete and non-solicitation agreements (but not pure NDAs) include an advisement for employees to consult an attorney. Pure confidentiality agreements that do not restrict future employment are generally enforceable without the same consideration requirements as non-competes. |
Common Mistakes to Avoid
Using an overly broad definition of confidential information that includes publicly available information
Consequence: Courts may find the entire NDA unenforceable if the definition is so broad that it covers information the receiving party cannot reasonably be expected to keep secret. This leaves all of your truly confidential information unprotected. Include clear exclusions for public information, independently developed information, and information received from third parties.
Failing to include the DTSA whistleblower immunity notice
Consequence: The Defend Trade Secrets Act (18 U.S.C. 1833(b)) requires that any NDA or other agreement governing trade secrets include a notice of whistleblower immunity. If this notice is omitted, the employer forfeits the right to seek exemplary (punitive) damages and attorney fees in any trade secret action against the employee. This notice must be included in NDAs signed by employees and contractors.
Making the NDA so restrictive that it effectively prevents the other party from working
Consequence: In states like California, an NDA that functions as a de facto non-compete agreement will be invalidated. Even in states that enforce non-competes, courts will not enforce NDA provisions that unreasonably restrict the receiving party's livelihood. Draft the NDA to protect specific information, not to prevent competition broadly.
Not specifying practical procedures for returning or destroying confidential information
Consequence: Without clear return-or-destroy provisions, you have no enforceable mechanism to ensure confidential information is removed from the receiving party's systems after the relationship ends. Include a specific process: written request, deadline for compliance (typically 10 to 30 days), certification of destruction, and any exceptions for legally required record retention.
Documents You'll Need
Non-Disclosure Agreement
Non-Compete Agreement
Independent Contractor Agreement
Employment Contract
Frequently Asked Questions
Related Guides
This website provides legal information, not legal advice. The information on this page is for general informational purposes only. No attorney-client relationship is formed by using this site. Laws vary by jurisdiction and change frequently. For advice specific to your situation, consult a licensed attorney in your state.