Signing a confidentiality and non-disclosure agreement (NDA) is fairly standard when joining or working with a company involved in technology, life sciences, and other innovation-driven industries. Competition is fierce in those sectors, and companies must ensure that valuable intellectual property (IP) is protected. Although NDAs are commonly used and generally necessary, they don't actually do much to keep data safe. For the most part, they really serve as a deterrent and afford a company recourse in the event that someone inappropriately uses or disseminates the information covered under the agreement.
Of course, this does not mean that companies should discard NDAs altogether. Rather, they should be used in conjunction with other security measures as part of a larger data security strategy. Here are ways that document security offers stronger protection against a data breach than an NDA on its own:
NDAs that impose harsh consequences for failing to keep data confidential will likely prevent some folks from disclosing protected information. However, there may be substantial financial gain at stake for those willing to disclose a company's secrets. Thus, some people may be willing to take that risk, likely hoping that no one will ever know. And, if data isn't saved in a way that prevents dissemination, it may actually be easy for someone to pass something along to someone else completely undetected.
But, by mandating that all confidential data be stored in a highly secure virtual data room, this possibility is essentially eliminated. Data rooms have security features that prevent users from downloading or sharing items unless authorized to do so. And, even if a person does download an item, the administrator will be able to monitor and trace this activity. As a result, this helps prevent inappropriate data distribution, which is not something that an NDA can do, and thus is a far stronger preventive measure.
In addition to using a data room to ensure that all valuable data is located in one secure location, it allows a company to restrict access and retain control over its data. Some companies may rely on a data room for the sake of facilitating document sharing among employees, but there should not be unrestricted sharing capabilities. The data room administrator must be able to grant and revoke access via permissions-based roles. This ensures that only those people with prior clearance are able to enter a data room and can only view the contents to which they have been given specific access. This is obviously much stronger than having employees sign an NDA and then allowing for unfettered access to company data.
Another way to protect data is to ensure that others understand to whom it belongs. Obviously, companies are not going to publicly discuss their IP, but there are ways to make a declarative statement, albeit in a subtle manner, to assert the company’s proprietary rights to data. For example, using a data room that creates electronic watermarks on uploaded documents helps make it clear to whom an item belongs. Then, in the unlikely event that this document falls into the wrong hands, the indistinguishable watermark will provide manifest evidence of its origins. This clearly is not a foolproof method of safeguarding information, but this additional layer of protection along with the other features of a data room and an NDA help provide a more robust security approach.
Perhaps one of the most important aspects of a strong document security strategy is the use of a system that encrypts data when it is at rest and in transit. If documents or files containing valuable information are saved on a hard drive or in a shared network, then any system infiltration could lead to that data being copied and extracted. However, if the information is stored in a virtual data room that employs advanced encryption, then any attempts at interception will prove futile as the contents will be scrambled and illegible. Encryption used to be considered a sophisticated measure reserved for espionage and top secret government operations, but now any responsible technology firm ensures that the data it houses is encrypted. Thus, it is well worth it to invest in a data storage solution that offers this as a standard security feature.
When data is stored on hard drives, it is fairly easy for employees to attach a file to an email and send it to anyone anywhere. In general, a company will not even be able to discern when or how often this is happening. But, if that data is uploaded to an online repository, any attempts to do this will be recorded and archived via an audit log. With an audit trail report, data room administrators can review every click that occurred in the data room. Companies may want to warn data room users of this capability, which is a stronger deterrent to inappropriate sharing than an NDA since there will be ongoing monitoring and concrete evidence of any misdeeds.
NDAs should not be used to the exclusion of other data security methods. Instead, companies should implement a robust security strategy that incorporates diverse security measures, including NDAs, to ensure maximum protection.