You signed an NDA. You thought your confidential information was protected. Then the other party shares your pricing strategy with a competitor, and your lawyer tells you the agreement is unenforceable.
This happens more often than most people expect. The problem is rarely that the NDA was missing — it is that the NDA was drafted with fundamental mistakes that undermine its enforceability.
Here are five of the most common NDA mistakes, with concrete before-and-after examples showing exactly how to fix each one.
1. Vague Definition of Confidential Information
This is the single biggest reason NDAs fail in court. When your definition covers "all information," courts treat it as covering nothing.
The problem clause:
"Confidential Information means any and all information, whether written or oral, disclosed by either party."
This definition is too broad. It does not distinguish between genuinely sensitive information and routine business communications. A court reviewing this clause has no way to determine what was actually meant to be protected.
The fix:
"Confidential Information means the following categories of information disclosed by the Disclosing Party: (a) product specifications, technical designs, and source code; (b) customer lists, pricing data, and financial projections; (c) business strategies, marketing plans, and supplier terms; and (d) any other information designated as confidential in writing at the time of disclosure."
This version lists specific categories, sets a clear standard for how additional information gets classified, and gives courts something concrete to enforce.
Why this matters: In Ruckelshaus v. Monsanto Co., the U.S. Supreme Court recognized that trade secret protection depends on the information being specifically identified. Vague catch-all language fails this test.
2. Missing Standard Exclusions
Even a well-defined NDA becomes unreasonable — and potentially unenforceable — without proper exclusions. Every NDA must carve out information that should not be treated as confidential.
The problem: An NDA with no exclusion clause, or one that only excludes "publicly available" information without addressing other standard carve-outs.
The fix — add these four exclusions:
"Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was known to the Receiving Party before disclosure, as demonstrated by written records; (c) is independently developed by the Receiving Party without use of the Disclosing Party's information; or (d) is received from a third party who is not bound by a confidentiality obligation."
Without exclusion (c), a receiving party could be accused of breaching the NDA simply by developing something similar through their own work. Without exclusion (d), information that legitimately enters the public domain through other channels remains locked under the agreement.
Practical tip: If you work in an industry where parallel development is common — software, consumer products, marketing — exclusions (b) and (c) are critical. Without them, you are signing an agreement that could restrict your own independent work.
3. No Specified Remedies or Relief
Many NDAs describe what is confidential and what the receiving party cannot do, but say nothing about what happens when someone breaches the agreement. This forces the disclosing party into expensive, uncertain litigation.
The problem clause:
"The Receiving Party agrees to keep all Confidential Information strictly confidential."
This creates an obligation but provides no mechanism for enforcement. If the other side breaches, you have to prove monetary damages — which are notoriously difficult to quantify for information leaks.
The fix:
"The Receiving Party acknowledges that a breach of this Agreement may cause irreparable harm to the Disclosing Party for which monetary damages would be inadequate. The Disclosing Party shall be entitled to seek injunctive relief in addition to any other remedies available at law or in equity, without the requirement of posting a bond."
This clause establishes two things: first, that the disclosing party can seek a court order to stop ongoing disclosure (injunctive relief) without proving exact dollar damages. Second, it waives the bond requirement that courts sometimes impose before granting injunctions.
Why this matters: Injunctive relief is often the only practical remedy for a confidentiality breach. By the time you calculate monetary damages, the information may have spread beyond recovery. Getting this clause right means you can act fast.
4. Wrong NDA Type for the Situation
Using a mutual NDA when only one party is disclosing — or a one-way NDA when both parties are sharing — creates gaps in protection.
The problem: A startup uses a mutual NDA template when hiring a freelance developer. The mutual structure implies both parties are sharing confidential information equally. In practice, only the startup is sharing sensitive information (product plans, source code, customer data). The developer has no real confidential information to protect.
Why this is dangerous: If the developer breaches the NDA and the case goes to court, the mutual structure can undermine the startup's position. The developer's attorney can argue that the agreement contemplated a balanced exchange of information, and the startup's one-sided disclosures fall outside the agreement's intended scope.
The fix: Match the NDA type to the relationship:
- One-way (unilateral) NDA — when you are disclosing and the other party is receiving. Use for contractors, vendors, consultants, and anyone you are sharing proprietary information with.
- Mutual NDA — when both parties will genuinely share sensitive information. Use for joint ventures, partnership discussions, merger negotiations, and co-development projects.
When in doubt, a one-way NDA with clear roles (Disclosing Party and Receiving Party) is safer than a mutual NDA that obscures who is actually at risk.
5. Missing or Unreasonable Duration
An NDA without a clear end date creates uncertainty for both parties. An NDA with an unreasonable duration — perpetual protection for non-trade-secret information — risks being struck down entirely.
The problem clause:
"The obligations of confidentiality shall survive in perpetuity."
Courts in many jurisdictions view perpetual obligations as unreasonable when applied to general business information. Trade secrets can justify indefinite protection because their value depends on secrecy. But pricing strategies from five years ago or marketing plans that have already been executed do not warrant lifetime confidentiality.
The fix:
"The obligations of confidentiality shall remain in effect for a period of three (3) years from the date of disclosure of each item of Confidential Information. Notwithstanding the foregoing, obligations with respect to trade secrets (as defined by applicable law) shall continue for as long as the information qualifies as a trade secret."
This approach creates a reasonable default period while preserving indefinite protection for genuine trade secrets. It also ties the clock to each individual disclosure rather than the agreement signing date — which matters when information is shared over months or years.
How to Avoid These Mistakes
The pattern across all five mistakes is the same: vagueness kills enforceability. Courts need specificity to enforce agreements, and the other side's lawyers will exploit every gap in your drafting.
When reviewing or creating an NDA, check for these five elements:
- Specific categories of confidential information — not catch-all language
- Four standard exclusions — public information, prior knowledge, independent development, third-party sources
- Remedies clause — injunctive relief language that lets you act fast
- Correct NDA type — one-way or mutual, matched to the actual information flow
- Reasonable duration — 2 to 5 years for general information, indefinite for trade secrets only
Getting these right does not require a lawyer for every agreement. It requires understanding what courts actually enforce and drafting accordingly.