Trade secrets are estimated to represent 80% or more of large companies' total asset value, yet a 2025 survey by the Ponemon Institute found that 59% of departing employees take confidential data with them — intentionally or inadvertently. Customer lists, pricing strategies, product roadmaps, source code, manufacturing processes, and financial data walk out the door every day.
An employee Non-Disclosure Agreement (NDA) is the first line of defense. It defines what information is confidential, establishes the employee's obligation to protect it, and specifies the legal consequences of unauthorized disclosure. But not all NDAs are created equal — poorly drafted agreements are regularly struck down by courts as overbroad, unenforceable, or unconscionable.
This guide explains how to draft an employee NDA that actually works: specific enough to be enforceable, broad enough to protect your business, and clear enough that employees understand their obligations. We cover the essential clauses, common pitfalls, enforcement strategies, and the interplay between NDAs and other employment agreements that comprehensive intellectual property protection requires.
What an Employee NDA Should Cover
An effective employee NDA must be comprehensive enough to protect legitimately confidential information while being specific enough to be enforceable if challenged in court.
Definition of Confidential Information
The most important clause in any NDA. Courts consistently strike down NDAs with vague or overly broad definitions (like "all information relating to the company"). An enforceable definition should:
Include specific categories:
- Trade secrets, proprietary technology, and patents pending
- Customer lists, pricing, and sales data
- Financial information, projections, and budgets
- Product development plans, roadmaps, and specifications
- Software source code, algorithms, and architecture
- Marketing strategies and competitive intelligence
- Supplier relationships, terms, and pricing
- Employee compensation data
- Internal processes, methodologies, and "know-how"
- Merger, acquisition, and partnership discussions
Define how information is identified:
- Written or electronic information marked "Confidential" or "Proprietary"
- Oral information identified as confidential at the time of disclosure and confirmed in writing within a reasonable period (typically 30 days)
- Information that a reasonable person would understand to be confidential based on its nature or the circumstances of disclosure
Carve out exclusions (essential for enforceability):
- Information that is or becomes publicly available through no fault of the employee
- Information the employee knew before joining the company (with documentation)
- Information independently developed by the employee without use of confidential information
- Information received from a third party without confidentiality restrictions
- Information required to be disclosed by law, regulation, or court order (with notice to the company)
Employee Obligations
Beyond simply keeping information secret, the NDA should specify affirmative obligations:
- Use confidential information only for the company's business purposes — not for personal gain, side projects, or future employers
- Limit access to confidential information on a need-to-know basis
- Follow the company's information security policies (password protection, encryption, secure storage, clean desk policies)
- Report any suspected breach — if the employee becomes aware of unauthorized disclosure, they must notify the company immediately
- Return all materials upon termination — all documents, files, devices, copies, notes, and digital files containing confidential information must be returned or destroyed, and the employee must certify compliance in writing
Duration, Scope, and Post-Employment Obligations
Duration of Confidentiality Obligations
Courts scrutinize NDA durations for reasonableness:
- Trade secrets: Obligations should last as long as the information qualifies as a trade secret — which could be indefinite. This is generally enforceable because the Defend Trade Secrets Act (DTSA) and state trade secret laws protect trade secrets for as long as they retain secrecy
- Non-trade-secret confidential information: A defined period is more enforceable — 2-5 years after the employment relationship ends is the standard range. Courts may find perpetual obligations unenforceable for information that doesn't rise to the level of a trade secret
- Best practice: Use a two-tier approach — indefinite protection for trade secrets, and a 3-5 year period for other confidential information
Post-Employment Obligations
The NDA must clearly address what happens when the employee leaves:
- Return of materials: All physical and digital materials must be returned. The employee should confirm in writing (via a certification letter) that they've returned everything and haven't retained copies
- Device inspection: The company may have the right to inspect personal devices used for work to ensure confidential information has been removed
- Ongoing confidentiality: The employee's obligation to protect confidential information continues after employment ends, for the duration specified in the NDA
- Exit interview: Many companies conduct exit interviews that include a review of NDA obligations, identification of confidential information the employee had access to, and a signed acknowledgment that the employee understands their ongoing obligations
Interaction with Non-Compete and Non-Solicitation Agreements
NDAs are often paired with other restrictive covenants:
- Non-compete agreements restrict where the employee can work after leaving. These are governed by state law and have become increasingly restricted (the FTC's 2024 ban applies to most employees, though enforcement is in flux)
- Non-solicitation agreements prevent the employee from soliciting the company's customers or employees for a specified period (typically 12-24 months). These are generally more enforceable than non-competes
- Invention assignment agreements ensure that intellectual property created during employment belongs to the company (covered in many states by statute, but a written agreement is best practice)
The NDA should reference these companion agreements and clarify that the obligations in each agreement are independent — the invalidity of a non-compete doesn't affect the enforceability of the NDA.
Enforcement and Legal Remedies
Remedies for Breach
An effective NDA should specify the remedies available if the employee breaches:
- Injunctive relief: The right to seek a court order immediately stopping the employee from continuing to disclose or use confidential information. The NDA should include a clause in which the employee acknowledges that monetary damages would be inadequate and that the company is entitled to seek injunctive relief without posting a bond (where permitted)
- Monetary damages: Actual damages suffered by the company as a result of the breach (lost profits, cost of countermeasures, diminished competitive advantage)
- Liquidated damages: Some NDAs include a pre-defined damage amount per breach, which is enforceable if the amount is a reasonable estimate of potential damages and not a penalty
- Disgorgement: The right to recover any profits or benefits the employee gained from misusing confidential information
- Attorney's fees: The prevailing party's right to recover legal costs (this discourages frivolous breaches and defenses)
Whistleblower Protections
Federal law (the Defend Trade Secrets Act) requires employee NDA agreements to include notice that employees are protected when reporting suspected violations of law:
- Employees can disclose trade secrets to government officials or in court filings under seal for the purpose of reporting or investigating a suspected violation of law
- Employees who file retaliation lawsuits can disclose trade secrets to their attorney and use the trade secret information in the court proceeding if the filing is made under seal
- Failure to include this notice may prevent the employer from recovering punitive damages or attorney's fees in a trade secret misappropriation claim under the DTSA
This notice requirement applies to any contract or agreement with an employee that governs the use of trade secrets or confidential information. Including it is not optional.
Practical Enforcement Strategies
Beyond the legal remedies in the NDA itself, companies should:
- Document access: Maintain logs of what confidential information each employee accesses
- Monitor departures: When employees leave for competitors, review their recent file activity, email, and download history (in accordance with company policy and applicable law)
- Act quickly: If a breach is suspected, move fast — delays in seeking injunctive relief make courts less likely to grant emergency orders
- Preserve evidence: Implement litigation holds immediately upon discovering a suspected breach to preserve all relevant communications and documents
Drafting, Execution, and Management Best Practices
Common Drafting Mistakes
Avoid these frequent errors that undermine NDA enforceability:
- Overbroad definitions: Defining "confidential information" as "everything about the company" is virtually unenforceable. Be specific about categories
- No exclusions: An NDA without standard exclusions (public information, prior knowledge, independent development) is more likely to be struck down as unreasonable
- No consideration for existing employees: If the NDA is signed after the employee has already started working, many states require additional consideration (a bonus, raise, or other tangible benefit) beyond continued employment alone. States vary on this, so check your jurisdiction
- No severability clause: If one provision is found unenforceable, a severability clause prevents the entire NDA from being invalidated
- No DTSA notice: Failure to include the required whistleblower protection notice limits your remedies
- Confusing integration with other agreements: The NDA should clearly state its relationship to the employment agreement, invention assignment, and non-compete
Timing of Execution
- New hires: The NDA should be signed before the employee starts work or accesses any confidential information — ideally as part of the offer letter package
- Existing employees: Presenting an NDA mid-employment requires additional consideration and should be handled carefully to avoid creating the impression that the employment relationship is conditional
- Promotions: When employees are promoted into roles with access to more sensitive information, consider a supplemental NDA covering the new categories of information
Electronic Execution
Employee NDAs are prime candidates for electronic signature:
- They're part of standardized onboarding packages
- Multiple new hires may sign simultaneously
- Remote employees can sign from any location
- The signing event is documented with timestamps and IP addresses, creating a stronger enforcement record than a physical signature on a paper form
- Amendment and re-signing for promotions or policy updates can be done instantly
ZiaSign provides HR teams with template-based NDA management, batch signing for onboarding cohorts, automated reminder workflows, and secure archival with full audit trails — ensuring every employee has a current, properly executed NDA on file.
Manage employee NDAs with ZiaSign →