Elise Steegstra
Beyond NDAs: Proactive Protection Strategies for Your IP
For many businesses, confidentiality protection begins and ends with an NDA.
Sign the document, exchange information, move on.
But in practice, that approach leaves significant gaps — and courts are rarely sympathetic when those gaps are exposed.
In my most recent episode of Elise Explains IP, I explore what actually protects your confidential information and intellectual property, beyond relying on a standalone NDA. The reality is that enforceable protection requires a combination of legal drafting, operational discipline, technical safeguards, and cultural alignment.
Below is a practical framework to help you move beyond “paper protection” and towards strategies that hold up in the real world.
NDAs Are Useful — But They Are Not a Strategy
NDAs serve an important purpose. They signal that information matters, establish expectations, and provide a contractual basis for confidentiality obligations.
However, NDAs often fail because they are:
If the answer is no, even the strongest-looking NDA may not save you.
Crafting Agreements That Actually Hold Up
A strong confidentiality agreement is not about length or legal jargon. It is about precision and credibility.
In practice, enforceable NDAs tend to share three characteristics:
1. Clear and specific definitions
Courts expect clarity. “Confidential Information” should be identifiable, whether that means source code, technical documentation, customer lists, pricing models, prototypes, or even information disclosed in particular meetings.
If you cannot point to what is protected, a court is unlikely to do it for you.
2. Reasonable, practical obligations
Confidentiality obligations must reflect what is realistically achievable. Requiring “absolute secrecy” or perpetual restrictions with no nuance often undermines enforceability. Courts look for reasonable steps, not perfection.
3. Meaningful remedies
Well-drafted agreements include rights to injunctive relief, not just damages. Once confidential information is disclosed, financial compensation alone is often inadequate.
An NDA should align with how your business actually operates — not how you wish it operated.
Layered Security: Supporting Your Legal Framework
Confidentiality does not exist on paper alone. Courts increasingly examine the technical and physical measures used to protect information.
This is where layered security becomes critical.
Digital controls may include:
Physical controls still matter:
Building a Culture of Confidentiality
One of the most overlooked risks to IP is internal behaviour.
Confidentiality should not rely on employees “remembering” their obligations — it should be embedded in how the organisation operates.
Practical steps include:
The Open-Source Software Risk Many Businesses Miss
Open-source software is an essential part of modern development. It accelerates innovation and avoids unnecessary duplication.
However, unmanaged open source can quietly undermine an entire commercialisation strategy.
Key risks include:
Effective management does not mean avoiding open source. It means:
Bringing It All Together
NDAs are a starting point — not a complete protection strategy.
Real-world confidentiality protection relies on:
If this topic is relevant to your business, the full podcast episode explores these issues in greater depth with practical examples and guidance.
Sign the document, exchange information, move on.
But in practice, that approach leaves significant gaps — and courts are rarely sympathetic when those gaps are exposed.
In my most recent episode of Elise Explains IP, I explore what actually protects your confidential information and intellectual property, beyond relying on a standalone NDA. The reality is that enforceable protection requires a combination of legal drafting, operational discipline, technical safeguards, and cultural alignment.
Below is a practical framework to help you move beyond “paper protection” and towards strategies that hold up in the real world.
NDAs Are Useful — But They Are Not a Strategy
NDAs serve an important purpose. They signal that information matters, establish expectations, and provide a contractual basis for confidentiality obligations.
However, NDAs often fail because they are:
- vague or overly broad
- unrealistic in their obligations
- disconnected from how the business actually handles information
If the answer is no, even the strongest-looking NDA may not save you.
Crafting Agreements That Actually Hold Up
A strong confidentiality agreement is not about length or legal jargon. It is about precision and credibility.
In practice, enforceable NDAs tend to share three characteristics:
1. Clear and specific definitions
Courts expect clarity. “Confidential Information” should be identifiable, whether that means source code, technical documentation, customer lists, pricing models, prototypes, or even information disclosed in particular meetings.
If you cannot point to what is protected, a court is unlikely to do it for you.
2. Reasonable, practical obligations
Confidentiality obligations must reflect what is realistically achievable. Requiring “absolute secrecy” or perpetual restrictions with no nuance often undermines enforceability. Courts look for reasonable steps, not perfection.
3. Meaningful remedies
Well-drafted agreements include rights to injunctive relief, not just damages. Once confidential information is disclosed, financial compensation alone is often inadequate.
An NDA should align with how your business actually operates — not how you wish it operated.
Layered Security: Supporting Your Legal Framework
Confidentiality does not exist on paper alone. Courts increasingly examine the technical and physical measures used to protect information.
This is where layered security becomes critical.
Digital controls may include:
- encrypted storage
- multi-factor authentication
- role-based access permissions
- secure code repositories
- remote-wipe capabilities
- immediate removal of access when staff or contractors exit
Physical controls still matter:
- secure areas for sensitive materials
- controlled access to offices or labs
- visitor protocols
- secure disposal of documents
- clean-desk policies
Building a Culture of Confidentiality
One of the most overlooked risks to IP is internal behaviour.
Confidentiality should not rely on employees “remembering” their obligations — it should be embedded in how the organisation operates.
Practical steps include:
- clear onboarding training that explains why confidentiality matters
- regular reminders and refreshers
- disciplined offboarding processes
- normalising secure communication practices
The Open-Source Software Risk Many Businesses Miss
Open-source software is an essential part of modern development. It accelerates innovation and avoids unnecessary duplication.
However, unmanaged open source can quietly undermine an entire commercialisation strategy.
Key risks include:
- copyleft licences, such as GPL, which may require disclosure of your proprietary code
- lack of visibility over which open-source components are used
- developers copying code without understanding licence terms
- software supply-chain vulnerabilities
Effective management does not mean avoiding open source. It means:
- tracking components and licences
- educating development teams
- implementing approval processes
- conducting regular compliance checks
Bringing It All Together
NDAs are a starting point — not a complete protection strategy.
Real-world confidentiality protection relies on:
- enforceable, well-drafted agreements
- layered digital and physical security
- a culture where confidentiality is normal
- informed management of open-source software
If this topic is relevant to your business, the full podcast episode explores these issues in greater depth with practical examples and guidance.