How does the NDA for software development work?

A non-disclosure agreement is a guarantee for a business against employee’s, contractor’s, or customer’s dishonesty. As we know, conflicts may arise in the process of cooperation. To avoid them, establish responsibility for unscrupulous actions of the parties in advance, it is highly recommended to conclude an NDA.

It may be a part of a software development contract or a separate agreement. A separate clause must be included in the main document, for pointing out all the necessary details, regarding confidential information.

What should we know about NDA?

The subject of the NDA agreement identifies the parties, the terms of the agreement, and the applicable law. It also identifies confidential information. The "rights and obligations of the parties" clause declares the concept of "information disclosure" and the procedure for handling confidential information. Sanctions in case of information disclosure and the procedure for resolving disputes are clarified in the paragraph "responsibility of the parties".

Some companies sign NDAs with employees before they start working, others do that after the official start of cooperation. Both variants are correct. NDAs can be signed at any time, their terms and conditions are determined by the parties according to the mutual agreement. Such a document usually includes the following points:

Parties that enter into a contract. Usually, these are representative companies and employees.
Confidential information definition. This points out which details should not be publicized.
Defining non-confidential information. These are issues that may be discussed with colleagues, relatives, or friends.
Information disclosure conditions. In this paragraph, they may prescribe that all information sent from corporate addresses or published in certain sources of the company is considered as a confidential.
Information disclosure concept. The sale of data to other companies or its using for personal purposes is usually indicated as a disclosure.
Penalties. In many cases, programmers must pay a fine for violating an NDA. Specific amounts of money and conditions should also be discussed in the contract.
Non-competition clause. It just means that the employee cannot work for a competing company.
The governing law is not spelled out in case of disputes.

The essence of a non-disclosure agreement is that the employer allows the developer to process information that is important for the business. If an employee violates these conditions, the sanctions prescribed in the agreement should enter into force.

The evidence necessary for getting compensation

The fine must be commensurate with the loss: there must be a logical connection between the violation and the fine. Anyway, it is difficult enough to set the amount of loss. Financial auditor conclusion or expert opinion must be used for evidence as well as the following issues:

voice messages;
business correspondence via e-mail, messengers;
screenshots;
social networks publications;
information from websites or mobile applications, cloud storage, etc.

If the confidential information was disclosed, submit your formal claim via email. Demand to stop the violation and compensate for damages. You need to provide compelling evidence about the following issues:

Loss exists and it arises precisely from the information disclosure.
The estimated loss amount must be calculated.
Facts indicating the guilt of a particular person.
Causal relationship between the employee’s actions and the incurred losses.

Go to court if you are not satisfied with the results of the employee’s explanation or haven’t got any at all. A contractual penalty can be taken from the counterparty. Only real damage can be recovered from a programmer: money that you lost. The former worker also has a chance to recover lost profits: money that you did not receive. The court needs to show the calculation of losses and confirm that you have suffered them.

Preparation of a contract: what should we know before signing the document?

The NDA conclusion is not a sufficient mechanism for protecting trade secrets but is one of the measures for protecting confidential information. In addition, the NDA can only work if the company has established a trade secret regime.

There are 2 main NDA types:

Unilateral agreement: when one party is going to entrust certain information to the other party, but it must remain closed to third parties for causes of secrecy. Unilateral non-disclosure commitments are most often signed by the parties in the case of contractual and labor relations.
Mutual agreement is the most common type, its fundamental difference from the first one is that both parties exchange confidential information mutually. For example, this type of agreement is used when firms are considering a joint venture or merger.

It should be noted that the NDA does not work when there are too many points from the template. The evidence of transferring the secret information to the person who is entrusted with certain responsibilities is important as well.

Concluding NDA is a rather bureaucratic procedure, and its implementation (in any form) may cause dissatisfaction among company employees and counterparties. Nevertheless, a competent non-disclosure agreement is a workable method of protecting confidential information and trade secrets. NDA helps employers prevent the facts of information disclosure and its illegal use, apply penalties and get compensation for losses caused because of NDA violation.

What are the common mistakes in NDA conclusion?

The commercial success is often based on a know-how product or service, a technology that only this company has on the market. Due to this, the team gains a competitive advantage, as well as customers whose problems can only be solved by using this product or service.

Too short or too detailed description. The high-quality contract must have a restriction of time and territory.
The specifics of work are not taken into account. The agreement should not look like a sample, being based on vague phrases and qualifications. All this indicates an unprofessional approach.
All the processes which take place in the company are classified as confidential information.
There is no regulation of information transferring methods within the company and the procedure for assigning the “confidential” label.
Responsibility for violations or passivity is not specified.

In a case of inappropriate NDA conclusion, the expected consequences occur in the form of NDA violation, its complete ignorance, the use of confidential information by third parties in their interests, unfair competition, and the dissemination of data by former employees. Under such conditions, it would be easy for any developer or counterparty to breach confidentiality. Proving the fact of the information availability, which disclosure caused losses, as well as the number of losses themselves, is a laborious process that does not always lead to the expected result.

The following recommendations will help to avoid basic mistakes:

Focus on the company's IT product when defining the concept of confidential information in the NDA with the customer.
Take ownership of the skills, development methodology, internal software solutions, and approaches. The same is about know-how that the company uses when creating a product for the customer.
Provide for the right to publish cases in the portfolio. It is important to describe the information that can be used in press releases.
Prescribe the obligation not to disclose confidential customer information in cooperation with the development team.

Such terms are the basis of the confidentiality and non-disclosure agreement. It is important to describe the situation in detail. These issues depend on the ability to recover fines and damages, compensate for the damage caused to the company, protect the business from financial losses and conflicts.

Necessary protective measures

First of all, determine the information which is considered a trade secret. Make a draft of a document for further editing. It is not necessary to mark all the data as non-demonstrative. Limit and regulate access to trade secrets. Approve the special document describing the following issues:

access to confidential information;
measures which were taken to protect classified information;
responsibilities of those programmers who have access to trade secrets;
responsibilities that developers will face in a case of disclosure.

Describe the steps which are being taken to protect this information. For example, using passwords, corporate mail accounts, etc.

Keep a record of those employees who have gained access to secret information. It is worth doing that at the very beginning of collaboration.

Trade secrets should not be easily accessible to all those programmers who are usually involved in the working process. The main NDA task is to prevent information disclosure by employees. The agreement has a preventive format, and the more details it has, the higher safety it guarantees.