Five Common NDA Mistakes and How to Fix Them for Taiwan Businesses
Avoid common pitfalls in Non-Disclosure Agreements (NDAs) for Taiwan businesses. Learn how to draft effective NDAs to protect your trade secrets and commercial information.
ChCharles TuFounder & CEO, WCTech · Former IPO General CounselMany Taiwanese businesses make critical errors in NDAs, rendering them ineffective. Common mistakes include unclear definitions of confidential information, unreasonable liquidated damages, short confidentiality periods, undefined rights and obligations, and neglecting employee confidentiality. Addressing these issues is crucial for robust protection of trade secrets.
Five Common NDA Mistakes Your Company Might Be Making
Signing a Non-Disclosure Agreement (NDA) is a fundamental step for businesses to protect their commercial secrets. However, many small and medium-sized enterprises (SMEs) often unknowingly make critical errors when reviewing or drafting these contracts. This can render an NDA practically useless, leading to significant losses and difficulties in seeking remedies if confidential information is leaked. From a practical perspective, here are five of the most common NDA mistakes and how to correct them to ensure your confidentiality agreements are truly effective.
Mistake 1: Unclear Definition of Confidential Information Equals No Protection
The most frequent NDA error is a vague definition of "Confidential Information." If an agreement broadly states, "All information related to this Agreement shall be considered Confidential Information," without specifically listing or describing what falls under this scope, the NDA's protective power is significantly diminished. In case of a dispute, the other party could easily argue that certain information does not constitute the "Confidential Information" you intended, making it difficult for a court to determine. The Trade Secrets Act in Taiwan defines the requirements for trade secrets (such as being known to relevant personnel, having economic value due to its secrecy, and the owner having taken reasonable measures to maintain secrecy). If the NDA's scope of confidentiality does not clearly cover these elements, or if the definition of "reasonable measures" is unclear, it becomes challenging to claim protection under trade secret law.
Why You Might Lose:
Article 2 of the Trade Secrets Act defines the constituent elements of a trade secret. If an NDA fails to encompass these elements, or if its definition of "Confidential Information" is overly broad and lacks specificity, the opposing party can argue in litigation that the information does not meet the legal definition of a trade secret or does not fall within the scope of confidentiality defined by the NDA. For instance, including publicly available information within the scope of confidentiality would render that clause legally unenforceable.
How to Fix It:
Be specific and clear when defining "Confidential Information." You can use a list format, including examples such as: technical documents, customer lists, financial statements, marketing strategies, product blueprints, software source code, etc. Simultaneously, include exclusion clauses to explicitly exempt information that is already public, information that becomes public through no fault of the receiving party, or information already lawfully known to the receiving party, thereby avoiding disputes. For information disclosed orally, require written or electronic reconfirmation of its confidential nature.
Sample clause: "For the purposes of this Agreement, 'Confidential Information' shall mean all non-public information disclosed or provided by the Disclosing Party to the Receiving Party in writing, electronic files, orally, or in any other form, including but not limited to: technical information (e.g., patent-pending technologies, manufacturing processes, formulas, design drawings, software code, technical specifications); business information (e.g., customer lists, supplier information, market analyses, financial statements, pricing strategies, marketing plans, personnel data); and any other information designated in writing as 'Confidential' by the Disclosing Party or which, by its nature, should be considered confidential. However, the following information shall not be considered Confidential Information: (a) information that is publicly known at the time of disclosure, or becomes publicly known after disclosure through no act or omission of the Receiving Party in breach of this Agreement; (b) information that was lawfully in the possession of the Receiving Party without an obligation of confidentiality prior to disclosure; (c) information that was lawfully obtained by the Receiving Party from a third party who had no obligation of confidentiality; (d) information independently developed by the Receiving Party without access to or use of the Disclosing Party's Confidential Information."
Mistake 2: Liquidated Damages That Are Too High or Too Low May Be Invalid
Many companies believe that setting a higher liquidated damages amount will deter the other party from breaching the agreement. This is a misconception. Article 252 of the Civil Code in Taiwan stipulates that courts may reduce liquidated damages if they are "manifestly unfair" considering the "breach event" and the "damage suffered by either party." If the liquidated damages amount is disproportionately high compared to the actual potential damage—for example, an astronomical sum for merely disclosing a customer list verbally—a court is likely to reduce it to a reasonable range.
Conversely, if the liquidated damages are set too low, such as a few thousand or tens of thousands of New Taiwan Dollars, for a breach that could cause millions or tens of millions in losses due to confidential information leakage, such damages would fail to act as a deterrent. They might even be considered a "pre-payment" for the cost of breaching confidentiality, thus losing their intended punitive and compensatory functions.
Why You Might Lose:
Pursuant to Article 252 of the Civil Code, courts have the authority to reduce manifestly unfair liquidated damages. Excessively high liquidated damages may be deemed disproportionate, while excessively low liquidated damages may fail to adequately compensate for losses or serve the purpose of punitive damages.
How to Fix It:
Liquidated damages should be set reasonably and possess deterrent power. Consider the following principles:
- Relevance to Actual Damages: Liquidated damages should have a reasonable correlation to the potential extent of damage. While precise estimation is difficult, the amount should be within a reasonable range.
- Deterrent Effect: The liquidated damages should be sufficient for the other party to weigh the cost of breach, deterring them from easy violations.
- Enforceability: Avoid exaggerated figures that a court might deem manifestly unfair and thus reduce. Consider setting a "minimum liquidated damages amount" coupled with a "cap on damages," or stipulate that "liquidated damages shall not prejudice the right to claim actual damages," allowing the injured party to claim the difference based on actual losses.
Sample clause: "In the event the Receiving Party breaches its confidentiality obligations under this Agreement, causing damage to the Disclosing Party, the Receiving Party shall pay to the Disclosing Party liquidated damages in the amount of New Taiwan Dollars [Please specify amount, e.g., NT$1,000,000]. This liquidated damages amount shall be a minimum compensation and shall not prejudice the Disclosing Party's right to claim damages exceeding this amount pursuant to the Civil Code or other applicable laws. If a court deems the aforementioned liquidated damages to be manifestly unfair, it may reduce the amount in accordance with Article 252 of the Civil Code."
Mistake 3: Confidentiality Period Is Too Short, Letting Secrets Expire
Many NDAs set overly short confidentiality periods, such as only one or two years. However, many commercial secrets, especially those related to technology, formulas, and product development plans, can retain their value for many years, even decades. If the confidentiality period is too brief, these information may be legally disclosed or used after the term expires, rendering the purpose of signing the NDA moot.
Why You Might Lose:
A short confidentiality period fails to effectively protect the long-term value of information. Once the term expires, even if the information still holds commercial value, the receiving party may legally disclose it or use it for their own purposes, while the disclosing party can no longer claim confidentiality obligations, creating a protection gap.
How to Fix It:
The confidentiality period should be determined based on the nature of the information, industry characteristics, and commercial value. For core technologies, formulas, patent strategies, and other information with long-term value, the confidentiality period should be extended, for example, to 5, 10 years, or even indefinitely (for certain extremely core technologies or business models). If the value of information rapidly depreciates over time, a shorter period may be appropriate. The agreement should clearly define how the confidentiality period is calculated, such as from the date of disclosure or from the termination date of the agreement. For certain information qualifying as "trade secrets," the obligation of confidentiality should continue as long as the information retains its trade secret nature, without being limited by a fixed term.
Sample clause: "The confidentiality obligations under this Agreement shall remain in effect from the effective date of this Agreement until [Please specify duration, e.g., five (5) years]. However, for information defined as trade secrets under the Trade Secrets Act, the obligation of confidentiality shall continue as long as such information retains its trade secret nature, and shall not be limited by the aforementioned term. Upon termination or expiration of this Agreement, the Receiving Party shall continue to comply with the confidentiality obligations set forth herein."
Mistake 4: Unclear Rights and Obligations Lead to Inability to Pursue Claims
An effective NDA not only defines confidential information but also clearly outlines the rights and obligations of both parties. Common oversights include:
- Failure to Stipulate Obligations for Return or Destruction of Information: After cooperation terminates or the agreement expires, how should the receiving party handle the confidential information received? Should it be returned in its entirety to the disclosing party, or should it be destroyed with proof of destruction? If not stipulated, the receiving party may continue to possess this information, increasing the risk of leakage.
- Failure to Stipulate Legal Consequences of Breaching Confidentiality: Beyond liquidated damages, are there other recourse options? For example, can injunctive relief be sought (to stop the other party from further using or disclosing the information)?
- Ambiguity Regarding Who is the "Receiving Party": If the receiving party is a company, are its employees, agents, consultants, etc., who access confidential information also bound by the NDA?
Why You Might Lose:
Unclear rights and obligations make it difficult to assert claims or pursue responsibility when issues arise. For instance, if information return or destruction is not stipulated, the receiving party might retain the information. If injunctive relief is not stipulated, and the other party continues to disclose information, irreparable damage may occur, and simple liquidated damages may not suffice.
How to Fix It:
- Return or Destruction of Information: Clearly stipulate that upon termination or expiration of the agreement, the receiving party shall, within a specified period (e.g., 30 days), return all Confidential Information (including copies) obtained from the disclosing party, or destroy it as instructed by the disclosing party and provide written proof of destruction. However, allow the receiving party to retain one copy for compliance with other laws or internal backup policies, provided that such copy remains subject to the confidentiality obligations.
- Remedies: Clearly state that in addition to liquidated damages, the disclosing party has the right to seek injunctive relief to prevent or limit the receiving party's breach of confidentiality. This is crucial because monetary compensation often cannot fully cover the damages caused by the leakage of secrets.
- Scope of Binding: Explicitly state that the receiving party not only must comply with confidentiality obligations itself but also must ensure that its employees, directors, officers, agents, and consultants, prior to accessing Confidential Information, are aware of and agree to comply with the terms of this Agreement, and are responsible for their actions.
Sample clause: "Upon termination or expiration of this Agreement, the Receiving Party shall, within [e.g., thirty (30)] days, return to the Disclosing Party, or destroy in accordance with the Disclosing Party's instructions and provide written proof of destruction, all Confidential Information (including but not limited to documents, records, electronic files, presentations, diagrams, models, and any media containing Confidential Information) obtained from the Disclosing Party, along with all copies thereof. However, if the Receiving Party is required to retain a copy to comply with applicable laws, court orders, or its internal automatic backup policies, such copy shall continue to be bound by the confidentiality provisions of this Agreement. The Disclosing Party acknowledges that copies retained by the Receiving Party for compliance with other laws or internal policies do not constitute a breach of this Agreement. Furthermore, the Receiving Party agrees that if it breaches its confidentiality obligations under this Agreement, the Disclosing Party shall be entitled to seek injunctive relief from a competent court to prevent or restrict the Receiving Party's infringing actions, in addition to claiming damages, and that such remedies shall not exclude other rights available at law or in equity."
Mistake 5: Neglecting Labor Standards Act and Employee Confidentiality
Many companies focus on NDAs with external vendors and partners but overlook confidentiality agreements with their own employees. The obligation for employees to maintain confidentiality regarding company secrets they access during their employment is not automatic; it requires explicit stipulation in employment contracts or separate confidentiality agreements. Without clear stipulations, employees may take company secrets with them upon departure, leaving the company with limited recourse.
Why You Might Lose:
The Labor Standards Act in Taiwan does not directly mandate post-employment confidentiality obligations for employees. This obligation primarily arises from the ancillary duties of the employment contract or from independent confidentiality agreements. If the employment contract lacks explicit confidentiality clauses, or if no separate confidentiality agreement is signed, an employee's post-employment duty to maintain confidentiality regarding company secrets may be weak or non-existent, making it difficult for the company to pursue contractual liability.
How to Fix It:
- Incorporate Confidentiality Clauses into Employment Contracts: When signing employment contracts with employees, clearly include clauses regarding confidentiality obligations, outlining the employee's responsibilities for company secrets during and after employment. These clauses should cover the definition of confidential information, the confidentiality period, and the legal consequences of breaching these obligations.
- Independent Confidentiality Agreements: For positions involving highly sensitive information (e.g., R&D, senior management), require employees to sign separate, independent confidentiality agreements to enhance protection.
- Exit Interviews and Reminders: Conduct exit interviews with departing employees, reiterate their confidentiality obligations, and require them to sign a post-employment confidentiality statement confirming their understanding and commitment to continued compliance.
Sample clause (Example of a confidentiality clause in an employment contract): "During the term of employment and after its termination, the Employee shall maintain confidentiality regarding all of the Company's confidential information (including but not limited to the Company's trade secrets, technical data, customer lists, financial information, business plans, patent strategies, product development plans, etc.). The Employee shall not disclose such confidential information to any third party or use it for any purpose other than the Company's business. This confidentiality obligation shall commence on the Employee's start date and shall continue as long as the information remains confidential. In the event of a breach of this clause, the Employee shall compensate the Company for all damages incurred as a result, and the Company reserves the right to pursue legal action under applicable laws."
One-Sentence Checklist
- Is the definition of Confidential Information specific, clear, and does it exclude publicly available information?
- Are the liquidated damages reasonable, sufficiently deterrent, and unlikely to be easily reduced by a court?
- Is the confidentiality period long enough to cover the long-term commercial value of the information?
- Are rights and obligations such as information return/destruction and injunctive relief clearly stipulated?
- Have confidentiality obligations for employees been addressed?
A Common Myth
Myth: Signing an NDA guarantees a win in any dispute and provides foolproof protection.
Clarification: An NDA is a contract, and its effectiveness depends on the rigor and legality of its clauses, as well as the sufficiency of evidence. A poorly drafted NDA, due to unclear definitions, unreasonable terms, or insufficient evidence, may not provide adequate protection when a dispute arises. Therefore, after signing an NDA, companies must still implement internal confidentiality measures and properly preserve relevant evidence to effectively assert their rights when necessary.
FAQ
Q1: If the other party is an international company, how should the NDA be handled?
When an international company signs an NDA, in addition to the common mistakes mentioned above, special attention should be paid to the "governing law" and "jurisdiction" clauses. It is advisable to prioritize laws and courts that are more favorable to your side. If the other party insists on using their home country's laws, carefully assess the level of protection their laws offer to your confidential information and consult with lawyers familiar with that country's laws. Simultaneously, ensure that the Chinese version of the NDA has legal consistency with its foreign language version, or clearly specify which version shall prevail.
Q2: Is an NDA effective for information disclosed orally?
Whether information disclosed orally can be considered Confidential Information under an NDA depends on the NDA's stipulations. If the NDA only defines "written" information as confidential, oral information may not be protected. It is advisable to clearly stipulate in the NDA that orally disclosed information, if reconfirmed in writing and marked as "Confidential" within a certain period (e.g., 7 or 15 days) after disclosure, shall also be bound by this Agreement. However, in practice, proving oral information is more difficult, so it is best to disclose information in writing or electronic form whenever possible.
Q3: If the other party violates the NDA, how can I prove it?
To prove a violation of an NDA, you need to collect relevant evidence, such as:
- Communication Records: Including emails, instant messaging conversations, recordings, etc., showing the other party accessed or disclosed confidential information.
- Information Comparison: Demonstrating that the information obtained by the other party is highly similar to your confidential information and was not obtained through legitimate means.
- Witness Testimony: Testimony from employees or third parties who had access to the information.
- Physical Evidence: Products, documents, or data held or used by the other party that are related to your confidential information.
Ensure your NDA includes provisions for the return or destruction of information and requires the other party to cooperate in providing relevant evidence.
Q4: Can the confidentiality period of an NDA be indefinite?
In principle, for information that qualifies as a "trade secret," the obligation of confidentiality can continue as long as the information retains its trade secret nature, which is legally permissible. However, for non-trade secret information, an excessively long confidentiality period (e.g., perpetual) may be deemed manifestly unfair or an undue restriction on commercial freedom by a court, risking reduction or invalidation. Therefore, confidentiality periods should be set reasonably based on the nature of the information and industry characteristics, and the NDA should clearly distinguish which information constitutes trade secrets, with confidentiality obligations continuing until they lose their secret nature.
Q5: After signing an NDA, what else do I need to do?
After signing an NDA, companies must still implement internal confidentiality measures, such as:
- Internal Information Classification Management: Classify confidential information and restrict access privileges.
- Employee Training: Conduct regular training for employees on confidentiality awareness and relevant laws.
- Security Measures: Enhance the security of information systems to prevent hacker intrusions or internal data leakage.
- Signing Confidentiality Undertakings: Require employees who access confidential information to sign confidentiality undertakings.
- Regular Audits: Periodically audit the storage status of confidential information.
Q6: If the NDA is a standard template, can I use it directly?
It is not recommended to use a standard template directly. While templates can provide a basic framework, each company's business model, industry characteristics, business partners, and the confidential information involved are unique. Standard templates often fail to cover all potential risks and may even contain clauses that are not applicable to your company. It is strongly advised to have an NDA reviewed or modified by a professional lawyer tailored to your specific situation to ensure it provides the most effective legal protection.
This article is general legal information, not legal advice for any specific case. Please consult a qualified lawyer for your situation.