What makes an NDA unenforceable?

An NDA can be unenforceable if it is overly broad (covering all information rather than specifically defined categories), lacks consideration (nothing of value is exchanged), has an unreasonable duration (perpetual terms for non-trade-secret information), fails to define what constitutes confidential information, or doesn't include standard exclusions for publicly available information and independently developed knowledge. Courts regularly strike down NDAs that are vague or unreasonably restrictive.

How long should an NDA last?

Most business NDAs last between 2 and 5 years. The appropriate duration depends on the type of information being protected. Trade secrets can justify indefinite protection since their value persists as long as they remain secret. General business information like strategies or pricing typically warrants 2 to 3 years. Employee NDAs often extend 1 to 3 years beyond the employment relationship. Match the duration to the realistic shelf life of the confidential information.

Do I need a mutual or one-way NDA?

Use a mutual NDA when both parties will share confidential information — common in partnerships, joint ventures, merger discussions, and co-development projects. Use a one-way (unilateral) NDA when only one party is disclosing sensitive information, such as when hiring a freelancer, pitching to an investor, or onboarding a vendor. Using the wrong type can leave one party's information unprotected.

Can I use a generic NDA template for all situations?

A generic NDA is better than no NDA, but it may not provide adequate protection. Different situations require different specificity levels. An NDA for a software developer should cover source code and algorithms. An NDA for a business consultant should cover client lists and financial data. Tailor the definition of confidential information to match what you are actually sharing. The other clauses — duration, jurisdiction, exclusions, remedies — should also reflect your specific situation.

What should I do if someone violates my NDA?

First, document the breach — gather evidence of what was disclosed, to whom, and when. Send a formal cease-and-desist letter referencing the specific NDA clause that was violated. If the breach continues or has caused damage, consult an attorney about seeking injunctive relief (a court order to stop further disclosure) and monetary damages. If your NDA includes a liquidated damages clause, you can pursue the predetermined penalty amount. Act quickly — delays can weaken your claim.

NDA Mistakes That Could Cost Your Business

Non-disclosure agreements are one of the most commonly used — and most commonly botched — business contracts. A well-drafted NDA protects your trade secrets, client relationships, and competitive advantages. A poorly drafted one gives you a false sense of security while leaving your information exposed.

The worst part? Most NDA mistakes aren't obvious until someone actually breaches the agreement and you discover your "protection" has no teeth.

Here are the most critical NDA mistakes businesses make — and an actionable checklist to avoid them.

Mistake #1: Vague Definition of Confidential Information

The problem: The NDA says it covers "confidential information" or "proprietary data" without defining what that actually means.

Why it matters: Courts have consistently ruled that overly vague confidentiality definitions are unenforceable. If you can't clearly identify what information is protected, a court can't enforce the protection.

The fix: Be specific. List the categories of information covered:

Trade secrets and proprietary formulas
Customer and client lists
Financial data and projections
Source code and technical specifications
Marketing strategies and pricing structures
Product designs and prototypes

You don't need to list every individual piece of information — but you do need clear categories that make it obvious what falls under the agreement.

Mistake #2: Missing Standard Exclusions

The problem: The NDA claims to protect all information without carving out reasonable exclusions.

Why it matters: No court will enforce an NDA that prevents someone from using publicly available information or knowledge they already had. An NDA without standard exclusions looks unreasonable — and unreasonable NDAs get thrown out.

The fix: Every enforceable NDA should exclude:

Publicly available information — anything the receiving party can find through public sources
Previously known information — what the receiving party already knew before signing
Independently developed information — knowledge created without using the disclosed information
Information received from third parties — legitimate sources not bound by confidentiality
Information required to be disclosed by law — court orders, regulatory requirements

These exclusions don't weaken your NDA — they make it enforceable.

Mistake #3: No Time Limit (or an Unreasonable One)

The problem: The NDA either has no duration or requires confidentiality "in perpetuity."

Why it matters: Perpetual NDAs are appropriate for trade secrets — because trade secret protection inherently lasts as long as the information remains secret. But for general business information (strategies, pricing, customer preferences), a court may view an indefinite term as unreasonable.

The fix: Set a confidentiality period that matches the realistic lifespan of the information:

| Information Type | Recommended Duration | |-----------------|---------------------| | Trade secrets | Indefinite (as long as information remains a trade secret) | | Business strategies and plans | 2–3 years | | Customer/client lists | 3–5 years | | Financial information | 2–3 years | | Technical specifications | 3–5 years | | Employee/contractor information | Duration of relationship + 2 years |

If your NDA covers multiple types of information, consider tiered durations rather than a single blanket term.

Mistake #4: Using a One-Way NDA When You Need a Mutual One

The problem: You use a unilateral (one-way) NDA in a situation where both parties are sharing confidential information.

Why it matters: In a unilateral NDA, only the disclosing party's information is protected. If you're entering a partnership discussion, joint venture, or merger negotiation and using a one-way NDA, your counterpart's information may be protected while yours isn't — or vice versa.

The fix: Use a mutual NDA whenever both parties are sharing sensitive information. Common mutual NDA scenarios:

Partnership or joint venture discussions
Merger and acquisition negotiations
Co-development or co-marketing projects
Technology licensing discussions
Strategic alliance explorations

Reserve unilateral NDAs for clearly one-directional disclosures: hiring a freelancer, onboarding a vendor, or pitching to investors.

Mistake #5: No Remedies Clause

The problem: The NDA says information must be kept confidential but doesn't specify what happens if it's not.

Why it matters: Without a remedies clause, you're relying on general contract law to determine what you can recover. This means more time in court, more legal fees, and less predictable outcomes.

The fix: Include specific remedies for breach:

Injunctive relief — the right to seek a court order stopping further disclosure. This is critical because monetary damages alone can't un-disclose confidential information.
Liquidated damages — a predetermined penalty amount for breach. This avoids the expensive process of proving actual damages in court.
Attorney's fees — the breaching party pays legal costs. Without this clause, each side pays their own attorneys regardless of who wins.
Equitable relief — the right to seek remedies beyond just money damages.

The combination of injunctive relief and liquidated damages gives your NDA real enforcement power.

Mistake #6: No Jurisdiction or Governing Law

The problem: The NDA doesn't specify which state's laws apply or where disputes would be heard.

Why it matters: Without a governing law clause, there's a legal fight before the real fight even starts — both sides argue over whose state's laws apply and which court has jurisdiction. This adds months and thousands of dollars to any enforcement action.

The fix: Include a clear governing law and jurisdiction clause:

Governing law — which state's (or country's) laws interpret the agreement
Venue — which court or jurisdiction hears disputes
Arbitration — whether disputes go to arbitration instead of court (often faster and cheaper)

Choose a jurisdiction that's favorable to NDA enforcement and convenient for your business.

Mistake #7: Not Getting It Signed Before Sharing Information

The problem: You share confidential information during the pitch, meeting, or negotiation — then send the NDA for signature afterward.

Why it matters: An NDA only protects information shared after it's signed. Anything disclosed before the signing date falls outside the agreement's scope. If you shared your most valuable trade secret during the first meeting and sent the NDA a week later, that information isn't covered.

The fix: Make NDA signing the first step in any relationship involving confidential information. Before the pitch deck opens, before the demo starts, before the partnership discussion begins — get the NDA signed.

For recurring relationships, ensure the NDA is signed before each new phase of disclosure, or structure the agreement to cover information shared during the entire business relationship.

Mistake #8: Ignoring Return/Destruction Obligations

The problem: The NDA doesn't address what happens to confidential information when the relationship or the confidentiality period ends.

Why it matters: If the receiving party keeps copies of your confidential information indefinitely, the risk of future disclosure never goes away — even after the NDA expires.

The fix: Include a return or destruction clause requiring the receiving party to:

Return all confidential materials (physical and digital) upon request or termination
Certify in writing that all copies have been destroyed
Delete confidential information from all systems, backups, and archives

Specify a reasonable timeframe (14–30 days) for compliance.

Mistake #9: Not Tailoring to the Situation

The problem: Using the same generic NDA for every situation — freelancers, vendors, investors, employees, and partners all get the same document.

Why it matters: A one-size-fits-all NDA either over-protects (making it look unreasonable) or under-protects (missing situation-specific concerns). An NDA for a software developer should address source code and algorithms. An NDA for a marketing consultant should address client data and campaign strategies.

The fix: Customize these elements for each situation:

Definition of confidential information — tailored to what's actually being shared
Duration — matched to the information's useful life
Scope of restrictions — appropriate for the relationship type
Permitted disclosures — any authorized sharing within the receiving party's organization

You don't need a completely different NDA every time — but the key clauses should reflect the specific engagement.

Mistake #10: Relying on an NDA Alone

The problem: Treating the NDA as your only information security measure.

Why it matters: An NDA is a legal tool — it gives you the right to seek remedies after a breach. But it doesn't physically prevent unauthorized disclosure. A determined bad actor won't be stopped by a piece of paper.

The fix: Layer your protection:

NDA — legal protection and deterrent
Access controls — limit who can see confidential information
Watermarking — track document distribution
Need-to-know basis — share only what's necessary for the relationship
Technical safeguards — encryption, access logging, secure file sharing

The NDA is one layer in a comprehensive information security strategy — not the entire strategy.

NDA Enforceability Checklist

Use this checklist before signing or sending any NDA:

[ ] Confidential information is clearly and specifically defined
[ ] Standard exclusions are included (public info, prior knowledge, independent development)
[ ] Duration is reasonable and matched to information type
[ ] Correct type is used (mutual vs. unilateral)
[ ] Remedies clause includes injunctive relief and damages
[ ] Governing law and jurisdiction are specified
[ ] NDA is signed before any confidential information is shared
[ ] Return/destruction obligations are included
[ ] Agreement is tailored to the specific relationship
[ ] Both parties have signed and retained copies

The Bottom Line

An NDA is only as strong as its drafting. The mistakes above are common, but they're also completely avoidable. Take the time to get your NDA right — or use a contract generator that builds in these protections automatically.

Your confidential information is one of your most valuable business assets. Protect it with an NDA that actually works.

Create an NDA now — jurisdiction-aware, professionally drafted, and built to be enforceable.

NDA Mistakes That Could Cost Your Business

NDA Mistakes That Could Cost Your Business

Mistake #1: Vague Definition of Confidential Information

Mistake #2: Missing Standard Exclusions

Mistake #3: No Time Limit (or an Unreasonable One)

Mistake #4: Using a One-Way NDA When You Need a Mutual One

Mistake #5: No Remedies Clause

Mistake #6: No Jurisdiction or Governing Law

Mistake #7: Not Getting It Signed Before Sharing Information

Mistake #8: Ignoring Return/Destruction Obligations

Mistake #9: Not Tailoring to the Situation

Mistake #10: Relying on an NDA Alone

NDA Enforceability Checklist

The Bottom Line

You might also like

Related Contract Type

State-Specific Contracts

Key Legal Terms

Related Articles

Ready to create your contract?