NDA's - Recent RIM case teaches what you need to know about need-to-know laws

For the London Free Press - July 6, 2009 Read this on Canoe

Despite recent trends toward corporate transparency, it is still necessary to guard certain information.

A recent case involving Research In Motion dealt with the interpretation of a non-disclosure agreement, or NDA, meant to limit what RIM could do with the other party's information.

An NDA is a legal contract between parties that outlines confidential information that the parties wish to share for certain purposes.

There are a number of reasons why a business might need to share sensitive information with another, such as one party manufacturing something for the other, or to explore a potential business arrangement.

An NDA usually contains two basic elements:

- That the recipient won't share the information with anyone else, and perhaps even restrict who can see it within the recipient company.

- Limits on what use the recipient can make of the information.

NDAs are very useful in the technology sector. Frequently, one company might have the necessary expertise to create one part of a product, but will require outside help on another part.

In essence, computers, cellphones, televisions and many other everyday conveniences would not be possible without the collaboration that NDAs allow.

Apple, for example, has done a good job keeping details of its new products under wraps until they are made public with great fanfare.

However, NDAs can be open to interpretation. This was the situation in the recent case of Certicom Corp. versus Research in Motion Ltd.

The facts were complex. Essentially, Research in Motion -- the Waterloo-based maker of BlackBerry -- entered into an NDA with Certicom Corp., a Mississauga-based information security specialist.

Certicom is best known for their Elliptic Curve Cryptography, which is used by the US Military, IBM, Motorola, and others to protect sensitive information.

The NDA between the two parties included a provision that stated the confidential information could be used "only to the extent reasonably required to fulfill the purpose" of the NDA. Once they got a look at the sensitive information, Research in Motion decided to begin a hostile takeover bid to acquire Certicom.

In response, Certicom brought an action to the Ontario Supreme Court of Justice to block RIM from making any bids on their company unless they consented. The court agreed that the NDA precluded using the information for that purpose and granted their request.

The case shows the value of having an NDA when exchanging information, and of tailoring the NDA to the specific needs. It is usually not enough to simply sign a document stating that both sides will remain quiet.

An NDA must include provisions that also limit what can be done with that information.

While most NDA's are similar in form and content, they do required careful review before signing, and careful thought into what information is being divulged, what uses of that information should be allowed, what one might not want the information used for and who actually needs to see it.