Yes, non-disclosure agreements (NDAs) are legally binding contracts—but only if they meet specific legal requirements. The federal Defend Trade Secrets Act (DTSA) of 2016 created a national standard for protecting confidential information, while state laws impose additional restrictions that vary by jurisdiction. An NDA that violates public policy, lacks consideration, or uses overly broad language can be thrown out in court—leaving the disclosing party without protection.
According to a 2022 Congressional finding, 1 in 3 workers is subjected to NDAs in the workplace, with many agreements attempting to conceal misconduct rather than protect legitimate trade secrets. This means knowing when an NDA will hold up in court—and when it won’t—could be worth millions of dollars to your business or protect your legal rights as an employee.
In this article, you will learn:
- 📋 The specific legal requirements that make an NDA enforceable under federal and state law
- ⚖️ Real court cases where NDAs succeeded or failed—and why
- 🚫 Common mistakes that render NDAs unenforceable (and how to avoid them)
- 🛡️ Your rights as a whistleblower, even if you signed an NDA
- 💰 What happens if someone breaches an NDA—and how to enforce your rights
Federal Law: The Foundation of NDA Enforceability
Before diving into state-specific rules, understanding federal trade secret law provides the starting point for NDA enforceability across all 50 states.
The Defend Trade Secrets Act (DTSA) of 2016
The DTSA fundamentally changed trade secret protection in America. Before 2016, civil trade secret claims existed only under state law. Now, a trade secret owner can sue directly in federal court when confidential information relates to a product or service in interstate or foreign commerce.
The DTSA provides powerful remedies that strengthen NDA enforcement. Plaintiffs can seek actual damages, injunctive relief, ex parte seizure orders, exemplary damages up to two times the amount of actual damages, and attorney’s fees if misappropriation is willful or malicious.
| Federal Remedy | What It Does |
|---|---|
| Actual Damages | Compensates for direct financial losses |
| Injunctive Relief | Court order stopping further disclosure |
| Ex Parte Seizure | Allows seizure of materials without advance notice |
| Exemplary Damages | Up to 2x actual damages for willful violations |
| Attorney’s Fees | Losing party pays legal costs in bad-faith cases |
The DTSA defines a “trade secret” as information that derives independent economic value from being secret and is subject to reasonable efforts to maintain its secrecy. This means NDAs serve as evidence that a company took “reasonable measures” to protect its information—making them essential for any trade secret claim.
The Whistleblower Immunity Provision
One of the DTSA’s most overlooked provisions protects employees who disclose trade secrets. Under 18 U.S.C. § 1833(b), you cannot be held liable for disclosing trade secrets if you make that disclosure in confidence to a government official or attorney solely for the purpose of reporting or investigating a suspected violation of law.
The DTSA places an affirmative duty on employers: they must provide notice of this whistleblower immunity in NDAs with employees. Employers who fail to include this notice cannot recover exemplary damages or attorney’s fees in any trade secret lawsuit against that employee.
The Speak Out Act (2022)
President Biden signed the Speak Out Act into law on December 7, 2022, with overwhelming bipartisan support—unanimous in the Senate and 315-109 in the House. This federal law makes pre-dispute NDAs and non-disparagement clauses unenforceable when they relate to sexual assault or sexual harassment.
The Speak Out Act does not void existing NDAs or create penalties for including them in contracts. Instead, it removes the legal threat of enforcement when survivors want to speak out about their experiences. The law applies only to clauses “agreed to before the dispute arises”—meaning NDAs signed after an incident as part of a settlement can still be enforceable.
State-Specific NDA Laws: Where the Nuances Matter
While federal law provides the baseline, state laws impose additional requirements that can make or break your NDA’s enforceability.
California: The Most Restrictive State for NDAs
California stands out as the most employee-friendly state regarding NDAs. The California Uniform Trade Secrets Act (CUTSA) establishes the legal foundation for protecting trade secrets within the state. However, California imposes significant limitations that don’t exist elsewhere.
California Labor Code Section 16600 makes non-compete agreements largely unenforceable. This matters for NDAs because courts scrutinize whether an NDA functions as a de facto non-compete. If an NDA prevents employees from using general knowledge and skills in new employment, California courts may refuse to enforce it.
California Senate Bill 331 (the “Silenced No More Act”), effective January 1, 2022, expanded existing restrictions on NDAs. Settlement agreements can no longer prohibit discussion of workplace harassment or discrimination on any protected basis—not just sex. This includes race, religion, color, national origin, ancestry, disability, medical condition, familial status, gender, and age.
Employers in California must now include specific language in all nondisparagement agreements: “Nothing in this agreement prevents you from discussing or disclosing information about unlawful acts in the workplace, such as harassment or discrimination or any other conduct that you have reason to believe is unlawful.”
California courts also reject the “inevitable disclosure doctrine”—the legal theory that allows courts to prevent employees from working for competitors because they will “inevitably” use trade secrets in their new role. This doctrine succeeded in Illinois courts (PepsiCo v. Redmond) but California has consistently refused to adopt it.
New York: Recent Changes Protect Employees
New York Governor Kathy Hochul signed Senate Bill S4516 into law on November 17, 2023, immediately changing how NDAs work in discrimination cases. The law makes it unenforceable to release “any claim, the factual foundation for which involves unlawful discrimination, including discriminatory harassment, or retaliation” if the agreement contains certain prohibited provisions.
New York’s law now prohibits three things in settlement agreements:
- Requiring employees to pay liquidated damages for violating NDA or non-disparagement clauses
- Requiring employees to affirm they were not subjected to discrimination or retaliation
- Certain provisions that waive unknown claims
Employees must be given 21 days to consider confidentiality provisions, plus 7 days to revoke after signing—though employees can now waive the 21-day period if represented by counsel.
Texas: Reasonable Scope Is Everything
Texas courts generally uphold NDAs as valid and enforceable as long as the terms are reasonable. Under the Texas Uniform Trade Secrets Act, businesses can pursue legal action against those who improperly disclose or use confidential information.
What makes a Texas NDA enforceable:
- Specific definition of confidential information
- Reasonable time period for confidentiality obligations
- Geographic limitations (if applicable)
- Clear consequences for violations
- Fundamental fairness to both parties
Texas law requires adequate consideration for employee NDAs. The case Eurecat US, Inc. v. Marklund (2017) illustrates this requirement. The court held that an at-will employee NDA must be based on new consideration to be enforceable. Reliance on “continued employment” alone is not enough—employers must provide new cash, benefits, confidential information, or other consideration when asking existing employees to sign NDAs.
Florida: Legitimate Business Interest Required
Florida law recognizes NDAs as enforceable if the drafting party can justify the agreement with a legitimate business interest. Under Florida’s Uniform Trade Secrets Act (F.S. §688.001–688.009), businesses have the right to pursue legal action against those who improperly disclose confidential information.
Florida courts balance protection of business interests with the right to fair competition and employee mobility. An NDA with language that is overly restrictive or broad is unlikely to be enforced. For example, an NDA prohibiting employees from discussing “anything that happened at the workplace” would likely be too broad, and a document restricting disclosures for 100 years would be too restrictive.
| State | Key NDA Consideration |
|---|---|
| California | Most restrictive; rejects inevitable disclosure; SB 331 limits |
| New York | 21-day consideration period; S4516 restrictions (2023) |
| Texas | Requires new consideration for existing employees |
| Florida | Must demonstrate legitimate business interest |
Mutual vs. Unilateral NDAs: Understanding the Difference
NDAs come in two fundamental types, and choosing the wrong one can leave you unprotected or create unnecessary obligations.
Unilateral NDAs (One-Way Protection)
A unilateral NDA involves only one party sharing confidential information. The disclosing party reveals secrets, and the receiving party agrees to keep them confidential. Common scenarios include:
- Employer and employee: Employees gain access to trade secrets through daily work. Employers use unilateral NDAs to ensure this information stays protected after employment ends.
- Company and consultant: When hiring a business development consultant, companies must disclose sales strategies, customer data, or operational details. A unilateral NDA protects this information.
- Startup and potential investor: Entrepreneurs pitching ideas often require investors to sign unilateral NDAs before revealing proprietary concepts.
Unilateral NDAs need only the signature of the receiving party to be enforceable. They’re simpler to negotiate and faster to execute because only one party has confidentiality obligations.
Mutual NDAs (Bilateral Protection)
A mutual NDA protects both parties who are exchanging confidential information. Both sides are simultaneously disclosing parties and receiving parties. Common scenarios include:
- Partnership negotiations: Two companies exploring a strategic alliance both need to share financial data, customer lists, and business plans.
- Merger discussions: In M&A transactions, buyers need seller’s financials while sellers may need buyer’s funding plans and strategic intentions.
- Joint ventures: When creating new business entities together, both companies contribute proprietary technology or processes.
In a mutual NDA, both parties have equal and reciprocal obligations to maintain confidentiality. This symmetrical arrangement ensures neither side gains an unfair advantage from shared information.
| Aspect | Unilateral NDA | Mutual NDA |
|---|---|---|
| Information Flow | One-way (discloser → recipient) | Two-way (both parties share) |
| Who Signs | Only receiving party required | Both parties required |
| Confidentiality Obligations | Only recipient is bound | Both parties bound equally |
| Negotiation Time | Typically faster | May take longer due to balanced terms |
| Common Use | Employment, consulting, investor pitches | M&A, partnerships, joint ventures |
The Seven Essential Elements of an Enforceable NDA
Courts evaluate NDAs against specific criteria. Missing any of these elements can render your entire agreement unenforceable.
1. Identifiable Parties
The agreement must clearly define who is bound by its terms. This sounds simple, but clerical errors here are common—and fatal. If “Global Tech Corp” signs the NDA but “Global Tech LLC” owns the data, you may have no standing to sue for a leak.
Always use the correct legal entity name, not trading names or DBAs. Verify that the person signing has authority to bind the organization—an unauthorized signatory can void the entire agreement.
2. Specific Definition of Confidential Information
Vague or overly broad definitions can render an NDA unenforceable. Courts prefer agreements that specifically identify what information qualifies as confidential. However, some flexibility exists.
Federal courts have upheld NDAs covering “any and all financial, technical, commercial or other information concerning” a company’s business—but only when these broad terms were limited by exclusions for publicly available information and information learned before disclosure.
The balance lies in being specific enough to be enforceable while comprehensive enough to protect all necessary information. Common approaches include:
- Categorical definitions: List types of information (customer lists, pricing, technical specifications)
- Marking protocols: Require confidential documents to be labeled as such
- Combination approach: General categories plus marking requirements
3. Purpose for Disclosure
The NDA should specify why confidential information is being shared. Valid purposes include evaluating a potential partnership, performing a specific job, conducting due diligence for an acquisition, or developing a product together.
Without a stated purpose, the receiving party may argue they didn’t understand the context of the disclosure—weakening enforcement.
4. Duration of Confidentiality
NDAs can run indefinitely or terminate on a certain date. Most include a survival period stating how long confidentiality obligations last after the agreement ends. Survival periods of one to five years are typical, depending on the type of information involved.
Trade secrets may warrant indefinite protection because their value persists as long as they remain secret. Conversely, business strategies or market analysis may become outdated within years.
| Duration Type | Typical Timeframe | Best For |
|---|---|---|
| Short-term | Few weeks to months | Preliminary negotiations, brief collaborations |
| Medium-term | 1-5 years | Standard business relationships |
| Long-term | 5+ years | Industries with long R&D cycles |
| Indefinite | No expiration | True trade secrets (formulas, processes) |
Be cautious with indefinite terms. In Augusta Medical Complex, Inc. v. Blue Cross of Kansas, Inc., a Kansas court refused to support contracts with perpetual time durations. Courts in some jurisdictions may find indefinite NDAs unreasonable restraints on trade.
5. Clear Obligations and Restrictions
The NDA must articulate what the receiving party can and cannot do with confidential information. This includes:
- Prohibitions on sharing information with third parties
- Restrictions on reverse engineering proprietary technology
- Requirements to use information only for stated purposes
- Obligations to implement reasonable security measures
The “standard of care” clause deserves special attention. Does the recipient need to use “reasonable care” or “the same degree of care they use for their own secrets”? If the recipient has terrible internal security, the latter standard could leave your data vulnerable.
6. Exclusions to Confidentiality
Most enforceable NDAs include specific situations where confidentiality obligations are waived. Standard exclusions include:
- Information already in the public domain
- Information the recipient already knew before disclosure
- Information received lawfully from a third party
- Information independently developed by the recipient
- Disclosures required by law or court order
Without these exclusions, courts may find an NDA unreasonable and refuse to enforce it.
7. Legal Recourse for Breaches
An enforceable NDA includes the consequences of violating the agreement. Remedies typically include:
- Monetary damages: Compensation for financial losses
- Injunctive relief: Court orders to stop further disclosure
- Liquidated damages: Pre-determined penalty amounts
- Specific performance: Court-ordered actions to correct harm
Including an acknowledgment that monetary damages would be inadequate and that the disclosing party is entitled to seek injunctive relief makes obtaining a court order easier. Without this language, plaintiffs must separately prove irreparable harm—a higher burden.
Real-World Court Cases: When NDAs Succeed and Fail
Understanding how courts actually rule on NDA disputes provides practical guidance that abstract legal principles cannot.
Case Study 1: PepsiCo v. Redmond — The Power of Inevitable Disclosure
The Situation: William Redmond worked as General Manager for PepsiCo’s North American business unit in California. He had signed a confidentiality agreement and possessed intimate knowledge of PepsiCo’s strategic plans, pricing architecture, and a secret new delivery system the company had invested over $1 million developing.
Quaker Oats hired Redmond to run Gatorade and Snapple’s distribution—direct competitors to PepsiCo’s sports drinks. PepsiCo sued, arguing Redmond would “inevitably disclose” trade secrets in his new role, even without intending to.
The Court’s Ruling: The Seventh Circuit Court of Appeals granted PepsiCo’s injunction, preventing Redmond from assuming his Quaker position for six months and permanently prohibiting him from using or disclosing PepsiCo trade secrets.
The court found that “unless Redmond possessed an uncanny ability to compartmentalize information, he would necessarily be making decisions about Gatorade and Snapple by relying on his knowledge of PCNA trade secrets.” The court also noted Redmond’s lack of candor—he initially denied receiving detailed information about Quaker’s business plans, but later described such information in depth in an affidavit.
| PepsiCo v. Redmond | Outcome |
|---|---|
| Remedy | 6-month injunction + permanent prohibition |
| Key Factor | Inevitable disclosure doctrine applied |
| Legal Significance | Landmark case for trade secret enforcement |
| Warning | Dishonesty during litigation hurt defendant’s case |
Key Takeaway: Even without evidence of actual misappropriation, courts can prevent former employees from working for competitors if the new role makes disclosure “inevitable.” However, California and several other states reject this doctrine.
Case Study 2: Adcor v. Beretta — $20 Million Verdict Reduced to $1
The Situation: Adcor Industries developed a firearm called the BRX-15 and shared substantial confidential information with Beretta under an NDA to explore a potential partnership. After discussions fell through, Beretta kept copies of Adcor’s proprietary information rather than returning it as required by the NDA.
A jury found Beretta breached the NDA and awarded Adcor $20,000,000. But the trial judge vacated this verdict and replaced it with $1 in nominal damages.
The Court’s Ruling: The Maryland Court of Special Appeals affirmed the $1 judgment. Adcor failed to explain the causal connection between Beretta’s specific breach (keeping documents) and the damages it sought. The damages Adcor claimed were tied to Beretta’s failure to proceed with the project—not the failure to return confidential information.
The court rejected Adcor’s “benefit conferred” approach, explaining that breach of contract damages focus on the plaintiff’s loss, not what the defendant gained or retained. And since Adcor’s separate claim for misappropriation of trade secrets had been dismissed, it couldn’t bootstrap those damages onto the NDA claim.
Key Takeaway: Proving an NDA breach is not the same as proving damages. You must demonstrate a direct causal link between the specific breach and your financial harm. Without that nexus, you may win the battle but lose the war.
Case Study 3: Waymo v. Uber — $245 Million Settlement
The Situation: Anthony Levandowski, head of Google/Waymo’s autonomous vehicle research, downloaded over 14,000 confidential files before leaving to start Otto—a company Uber purchased for $680 million just six months later. Waymo alleged its self-driving car technology was stolen through this transaction.
The Settlement: Five days into jury trial, Uber settled for 0.34% of its equity (approximately $245 million) and agreed that no Waymo confidential information would be used in Uber’s technology. Uber’s CEO Dara Khosrowshahi expressed “regret” regarding the conduct in a public statement.
What makes this case remarkable: After four days of testimony, Waymo had shown limited public evidence that Uber actually used its trade secrets. Yet the settlement value was significant. Why? Trade secret misappropriation applies to information “carried in one’s head, just as if it were on paper or in an electronic file.” Conversations Levandowski had with Uber’s team—or suggestions he made based on Waymo knowledge—could constitute misappropriation even if no documents were transferred.
The U.S. Department of Justice separately pursued criminal charges. Levandowski was later convicted and sentenced to 18 months in prison (though he received a pardon in January 2021).
Key Takeaway: Trade secrets include knowledge in your memory, not just documents. Companies acquiring competitors’ employees face liability for what those employees know—even without documentary evidence of theft.
Case Study 4: Data Center Industry — $77 Million Verdict
The Situation: Two data center companies entered due diligence negotiations, signing an NDA. One party allegedly misused confidential information obtained during these discussions to gain competitive advantage.
The Verdict: A jury awarded $77 million to the would-be seller—one of the largest NDA verdicts in U.S. history.
Key Takeaway: M&A due diligence creates significant exposure. Companies exploring acquisitions access their targets’ most sensitive information. If the deal falls through, robust NDAs are the only protection against misuse.
When NDAs Are Unenforceable: Red Flags That Doom Agreements
Understanding why NDAs fail is as important as knowing what makes them succeed.
Covering Up Illegal Activity
An NDA cannot be used to conceal criminal conduct. This principle has been reinforced through high-profile cases involving Harvey Weinstein and Jeffrey Epstein. Courts found that NDAs used to silence victims of sexual assault were unenforceable as violations of public policy.
The Weinstein case became a landmark moment: NDAs do not hold up in court when used to mask predatory behavior. Federal prosecutors in the Abercrombie & Fitch case argued that NDAs requiring victims to not discuss involvement “even with family or friends” created unlawful barriers to reporting criminal activity.
Overly Broad Language
An NDA that attempts to protect everything often protects nothing. Courts consistently refuse to enforce agreements with vague or overly broad classifications of confidential information. If you define your secrets as “everything the company does,” a court may find the entire NDA unreasonable.
Examples of language courts have rejected:
- Prohibiting discussion of “any information learned during employment”
- Covering information that is already publicly available
- Restricting employees from discussing general industry knowledge
Lack of Consideration
Like all contracts, NDAs require consideration—something of value exchanged between the parties. For employment NDAs signed at hiring, the job itself provides consideration. However, problems arise when employers ask existing employees to sign new NDAs.
In Texas, the Eurecat case established that NDAs for at-will employees must include new consideration beyond continued employment. Employers must provide additional compensation, benefits, or access to confidential information to make mid-employment NDAs enforceable.
Unreasonable Restrictions
Courts evaluate the reasonableness of NDA terms by considering:
- The disclosing party’s interest in keeping information secret
- The time period for confidentiality obligations
- The burden imposed on the receiving party
- The public interest
An NDA requiring 100-year confidentiality on routine business information would likely fail. Similarly, agreements that impose “overly burdensome” obligations—such as requiring employees to maintain confidentiality about publicly available information—are unlikely to be upheld.
Violations of Whistleblower Protections
Federal law explicitly prohibits NDAs from preventing employees from reporting securities violations to the SEC. The SEC’s Rule 21F-17 states that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.”
The SEC demonstrated enforcement teeth in its action against KBR, Inc. In 2015, the SEC imposed a $130,000 penalty on KBR for NDA language that threatened discipline or termination for employees who discussed internal investigations without prior approval—even though no employee was actually prevented from reporting. The mere existence of restrictive language triggered the violation.
Consequences of Violating an NDA
Breaking an NDA triggers both legal and professional consequences that can be severe and long-lasting.
Civil Remedies
When someone breaches an NDA, the harmed party can pursue several remedies in civil court:
Compensatory Damages: Cover direct financial losses caused by the breach, such as lost profits from disclosed trade secrets.
Consequential Damages: Address indirect losses that were a foreseeable result of the breach, such as damage to business reputation or loss of future opportunities.
Liquidated Damages: Many NDAs include pre-determined penalty amounts. These clauses are enforceable if the stipulated amount reasonably approximates the potential harm.
Injunctive Relief: Courts can issue orders preventing further disclosure or use of confidential information. This remedy is often more valuable than money because it stops ongoing harm.
Punitive Damages: In rare cases involving egregious conduct, courts may award additional damages to punish the breaching party.
Criminal Penalties
While breaching a standard NDA is typically a civil matter, criminal penalties apply in certain circumstances:
- Violating court injunctions: If a court orders you to stop disclosing information and you continue, you may face contempt charges—including potential jail time.
- Trade secret theft: Under the DTSA and Economic Espionage Act, stealing trade secrets for economic benefit can result in federal criminal prosecution.
- Government NDAs: Violating NDAs with federal agencies (like those signed by Edward Snowden with the NSA and CIA) can trigger criminal prosecution for unauthorized disclosures.
Professional Consequences
Beyond legal penalties, NDA violations can destroy careers:
- Immediate termination of employment
- Industry-wide reputation damage
- Difficulty finding future employment (especially in small industries where word travels)
- Loss of professional licenses in regulated fields
- Exclusion from future business opportunities
How to Enforce an NDA: Step-by-Step Process
When someone violates your NDA, quick action protects your interests and preserves remedies.
Step 1: Document the Violation
Gather all evidence before taking action. You need concrete proof to answer these questions:
- What information was disclosed?
- When did the disclosure occur?
- Who received the disclosed information?
- How did you discover the breach?
Save copies of emails, file logs, chat transcripts, and any documents showing the disclosure. Create a timeline of events demonstrating when information was shared, accessed, or leaked. Without documentation, enforcement becomes “your word against theirs.”
Step 2: Review the NDA
Before proceeding, confirm:
- The NDA covers the information that was disclosed
- The confidentiality period hasn’t expired
- The breach doesn’t fall within any exclusions
- The proper parties signed the agreement
- The NDA complies with applicable state law
If the NDA is defective, you may need to pursue trade secret claims under the DTSA or state law rather than breach of contract.
Step 3: Send a Cease and Desist Letter
A cease and desist letter is typically the first formal step. This letter should include:
- A reminder of the NDA’s specific terms
- Evidence that the NDA has been breached
- Demand to immediately stop sharing or using confidential information
- Deadline for compliance
- Consequences if the demand is ignored (legal action)
Many disputes resolve at this stage. The breaching party may not have realized the severity of their actions—or may recognize the legal exposure and agree to stop.
Step 4: Consider Alternative Dispute Resolution
Some NDAs require arbitration or mediation before litigation. Even if not required, these processes can offer faster, less expensive resolution than court proceedings.
Step 5: File a Lawsuit
If the breach continues or settlement negotiations fail, litigation becomes necessary. Courts can provide:
| Court Remedy | Purpose |
|---|---|
| Temporary Restraining Order | Immediate, short-term stop to disclosure |
| Preliminary Injunction | Longer-term prohibition pending trial |
| Permanent Injunction | Ongoing prohibition after judgment |
| Monetary Damages | Compensation for provable losses |
| Attorney’s Fees | Recovery of legal costs (if NDA provides) |
You may file under the DTSA in federal court if the trade secret relates to interstate commerce, or under state law in state court. Some plaintiffs file both simultaneously.
Industry-Specific NDA Considerations
Different industries have unique NDA requirements based on their regulatory environments and business practices.
Technology and Silicon Valley
Tech companies use NDAs extensively—often too extensively. A Business Insider review of 36 NDAs from major tech companies found many agreements were “so broad they prohibited the employee from discussing virtually anything about their work.”
More than two-thirds of workers who shared their agreements didn’t understand what the NDAs prevented them from saying. This creates a chilling effect: employees fear speaking about anything, even when disclosure would be legally protected.
California’s refusal to enforce non-compete agreements had an unintended consequence: venture firms began using NDAs as substitutes for non-competes to protect intellectual property. This led to increasingly aggressive NDA language that often exceeds what courts will enforce.
Best Practice: Tech NDAs should focus on actual trade secrets—source code, algorithms, product roadmaps—rather than attempting to cover all workplace information.
Healthcare (HIPAA Compliance)
Healthcare NDAs must align with the Health Insurance Portability and Accountability Act (HIPAA). These agreements protect Protected Health Information (PHI) and establish that:
- Employees will keep confidential all PHI regardless of format (oral, written, electronic)
- PHI will be used or disclosed only as permitted by HIPAA regulations
- Employees understand that computer use may be monitored for compliance
- All confidential information must be returned upon request
Healthcare NDAs operate alongside HIPAA’s legal requirements—not as substitutes. Disclosing PHI without authorization violates both the NDA and federal law, creating dual liability.
Entertainment and Film
Entertainment NDAs protect unreleased content from leaking before planned announcements. Marvel Studios is famous for using extremely broad NDAs covering all information not already public—enabling swift action against leaks.
Key differences in entertainment NDAs:
- Term length: Often only 1-2 years, since most confidential information becomes public upon release
- Focus: Plot details, casting decisions, visual effects, and marketing strategies
- Scope: May cover casual set photos posted to social media
- Enforcement: Studios actively monitor for leaks and pursue violations aggressively
Epic Games sued a former games tester for violating an NDA by “leaking” Fortnite information, seeking injunctive relief plus punitive damages. This illustrates how seriously entertainment companies pursue even minor breaches.
Mergers and Acquisitions
M&A NDAs are typically signed before negotiations begin to ensure both parties can share information freely. Without an NDA, a potential buyer could walk away with sensitive information and use it for competitive advantage.
M&A NDAs commonly include provisions not found in standard agreements:
- No obligation to proceed: Clarifies that signing the NDA doesn’t commit either party to a deal
- Non-solicitation: Prevents buyers from hiring the seller’s employees if the deal falls through
- Standstill: Limits buyer’s actions regarding the target company during negotiations
- Transaction confidentiality: Keeps the existence of negotiations secret
The stakes are enormous. One data center company won a $77 million verdict when the other party misused information obtained during failed due diligence.
Common Mistakes That Render NDAs Unenforceable
Avoiding these errors protects your interests and ensures your NDA will hold up in court.
| Mistake | Consequence | How to Avoid |
|---|---|---|
| Overly vague “confidential information” definition | Court may find entire NDA unreasonable | List specific categories of protected data |
| No provision for injunctive relief | Harder to stop ongoing disclosure quickly | Include acknowledgment that monetary damages are inadequate |
| Wrong entity signs | No standing to sue for breach | Verify correct legal entity name; confirm signatory authority |
| Missing whistleblower notice | Cannot recover exemplary damages or attorney’s fees | Include DTSA immunity notice in employee agreements |
| Indefinite duration for non-trade secrets | May be found unreasonable restraint on trade | Match duration to information’s actual sensitivity |
| No consideration for existing employees | Agreement may be unenforceable | Provide new compensation or benefits when asking current employees to sign |
| Buried non-solicitation clauses | Creates unintended restrictions | Review NDAs carefully; separate non-solicitation into distinct agreement |
| No “residuals” protection | Loophole allows use of “remembered” information | Prohibit use of confidential information retained in memory |
Special Note on AI: In 2026, failing to include a “No AI Training” clause is increasingly problematic. Without explicit prohibition, counterparties might feed proprietary data into Large Language Models—permanently incorporating your trade secrets into third-party AI systems.
Do’s and Don’ts for NDA Compliance
Do’s ✅
- Do clearly define confidential information: Use specific categories (customer lists, source code, pricing strategies) rather than vague blanket terms. Courts favor specificity.
- Do include standard exclusions: Carve out publicly available information, independently developed information, and legally required disclosures. This makes your NDA more reasonable and enforceable.
- Do match duration to information type: Trade secrets may warrant indefinite protection, but routine business information should have reasonable time limits—typically 2-5 years.
- Do include the DTSA whistleblower notice: For employee agreements, this is legally required to preserve exemplary damages and attorney’s fees.
- Do specify remedies: Include provisions for injunctive relief, monetary damages, and attorney’s fees. Acknowledge that monetary damages alone would be inadequate.
- Do provide consideration for existing employees: If asking current employees to sign new NDAs, provide bonuses, raises, or additional benefits—not just “continued employment.”
Don’ts ❌
- Don’t attempt to cover illegal activity: NDAs cannot prevent reporting of crimes, discrimination, harassment, or regulatory violations. Such provisions void the agreement and may create liability.
- Don’t use NDAs as disguised non-competes: In California and increasingly other states, agreements that effectively prevent employment with competitors will be struck down.
- Don’t include liquidated damages provisions that are punitive: Courts enforce liquidated damages only when they reasonably approximate actual harm—not when they’re designed to punish.
- Don’t skip jurisdictional provisions: Specify which state’s law governs and where disputes will be resolved. Without this, enforcement against out-of-state parties becomes complicated.
- Don’t rely on NDAs alone: Implement physical security, access controls, and cybersecurity measures. NDAs are evidence of reasonable efforts to protect secrets—not the only protection you need.
Frequently Asked Questions
Can an NDA prevent me from reporting illegal activity to the government?
No. Federal whistleblower laws explicitly protect your right to report securities violations to the SEC, regardless of any NDA. The DTSA provides immunity for disclosing trade secrets to government officials for the purpose of reporting suspected violations of law.
Do I need a notary for my NDA to be legally binding?
No. NDAs do not need to be notarized to be enforceable, as long as the agreement is signed voluntarily by all parties and includes clear terms. Some parties choose notarization for high-stakes international deals.
Can verbal NDAs be enforced?
No. Most courts require NDAs to be in writing to enforce confidentiality. Verbal NDAs rarely hold up due to evidentiary difficulties—proving what was actually agreed to becomes nearly impossible.
What happens if information covered by an NDA becomes public?
Nothing. If information is already in the public domain, an NDA cannot prevent its disclosure or use. NDAs must focus on protecting genuinely confidential material that isn’t publicly available.
Can I be sued for breaking an NDA even if I didn’t cause any damage?
Yes. Under California Civil Code section 3360, plaintiffs can recover nominal damages for breach of contract even without proving actual harm. The breach itself is a legal wrong regardless of whether damage was inflicted.
How long do NDAs typically last?
It varies. Short-term NDAs last weeks to months, medium-term agreements span 1-5 years, and long-term or indefinite NDAs protect trade secrets with perennial value. Duration should match the information’s sensitivity.
Can I negotiate the terms of an NDA before signing?
Yes. NDAs are contracts, and all contract terms are negotiable. If provisions seem unreasonable, request modifications—especially regarding scope, duration, and remedies.
Are NDAs enforceable if I wasn’t given anything in return for signing?
No. Like all contracts, NDAs require consideration—something of value exchanged between parties. For employment agreements, the job itself typically provides consideration at hiring. For existing employees, additional compensation may be required.
Can an NDA restrict what I do after leaving a job?
Yes, but with limits. NDAs can prohibit you from disclosing confidential information learned during employment. However, they cannot prevent you from using general skills and knowledge or working for competitors (especially in California).
What’s the maximum penalty for breaking an NDA?
It depends. Civil penalties can include actual damages, consequential damages, liquidated damages (if specified), and potentially punitive damages for egregious conduct. Under the DTSA, exemplary damages can reach twice the actual damages for willful violations. Criminal penalties apply only when breaches involve theft of trade secrets, violation of court orders, or government secrets.