What Happens If Someone Breaks an NDA?

Immediate consequences

When an NDA is broken, the consequences can be both legal and practical. Legally, the breaching party faces potential lawsuits for damages and injunctions. Practically, they face damaged business relationships, reputational harm, and loss of trust in their professional network.

The disclosing party (whose information was leaked) must decide how to respond. The response typically depends on the severity of the breach, the relationship between the parties, the value of the information disclosed, and the potential for ongoing harm.

Not every breach leads to litigation. In many cases, a stern cease-and-desist letter or a direct conversation resolves the issue. The breaching party stops the unauthorized disclosure, the parties confirm the information has not spread further, and the relationship is either repaired or terminated. Litigation is typically reserved for serious breaches involving significant financial harm.

Legal remedies available

If an NDA is breached, the injured party has several legal remedies available.

Injunctive relief: This is a court order requiring the breaching party to immediately stop disclosing or using the confidential information. Injunctions can be temporary (lasting until a full hearing) or permanent. Courts grant injunctive relief when the injured party can show that monetary damages alone would not adequately compensate for the harm — which is often the case with confidentiality breaches, since you cannot unring the bell.

Compensatory damages: The injured party can recover the actual financial harm caused by the breach. This includes lost revenue, lost competitive advantage, and any other quantifiable losses directly attributable to the unauthorized disclosure.

Consequential damages: In some cases, the injured party can recover indirect losses that resulted from the breach, such as lost business opportunities or damaged customer relationships.

Disgorgement of profits: The court may require the breaching party to surrender any profits they earned by using or disclosing the confidential information.

Attorney's fees: If the NDA includes an attorney's fees provision (and many do), the prevailing party can recover its legal costs. This provision serves as a deterrent against breach and makes enforcement more economically viable.

Punitive damages: In rare cases involving willful and egregious breaches, courts may award punitive damages to punish the breaching party and deter future violations. Punitive damages are not available in all states or under all NDA frameworks.

Steps to take after a breach

If you discover that someone has breached your NDA, take these steps.

Document everything immediately. Gather evidence of the breach: screenshots, emails, witness statements, timestamps. The more evidence you have, the stronger your legal position.

Assess the scope. Determine what information was disclosed, to whom, and whether the disclosure is ongoing. This assessment informs your response strategy.

Consult an attorney. Before taking legal action, get professional advice on the strength of your case, the available remedies, and the most effective strategy.

Send a cease-and-desist letter. A formal letter from your attorney demanding that the breach stop immediately and that all confidential information be returned. This is often the most effective first step and resolves many breaches without litigation.

Consider negotiation. In many cases, negotiating a resolution — such as a financial settlement and a binding commitment to prevent further disclosure — is faster, cheaper, and more practical than going to court.

File a lawsuit if necessary. If the breach is severe and other approaches have failed, file a lawsuit seeking injunctive relief and damages. Your attorney can advise on the best jurisdiction and legal strategy.

Proving a breach occurred

To successfully enforce an NDA, you must prove several elements.

A valid NDA exists: You must produce the signed agreement and show it meets all legal requirements for a valid contract.

Information was confidential: The information that was disclosed must actually qualify as confidential under the NDA's definition. If the information was publicly available or fell within a standard exclusion, no breach occurred.

A breach occurred: You must demonstrate that the receiving party disclosed or used the information in a way that violated the NDA's terms. Direct evidence (such as emails or documents proving disclosure) is strongest, but circumstantial evidence (such as a competitor suddenly implementing an approach identical to your proprietary method) can also support a claim.

You suffered harm: In most cases, you must show that the breach caused actual or threatened harm. For injunctive relief, you must show that irreparable harm would result without the court's intervention.

This is why documentation is so critical. The more thoroughly you can demonstrate each element, the more likely you are to succeed in enforcement.

Calculating damages

Quantifying the financial harm from an NDA breach can be challenging. Courts use several approaches.

Lost profits: The most common damages measure. Calculate the revenue you lost as a direct result of the breach — for example, deals that fell through after a competitor learned your pricing strategy.

Unjust enrichment: How much did the breaching party benefit from using your confidential information? If they used your trade secrets to develop a competing product, their profits from that product may be recoverable.

Reasonable royalty: If the information was used in a way that could have been licensed (such as using proprietary technology), damages may be calculated based on what a reasonable licensing fee would have been.

Diminished value: If the breach reduces the value of the confidential information itself (for example, by making a trade secret publicly known), damages may include the reduction in the information's value.

In practice, proving exact damages is difficult, which is why many NDA disputes are settled out of court for negotiated amounts. Including a liquidated damages clause in your NDA — a predetermined damage amount for breach — can simplify this process, though the amount must be reasonable.

Common outcomes

Most NDA breaches follow a fairly predictable pattern of resolution.

The most common outcome is resolution through a cease-and-desist letter. The breaching party stops the unauthorized disclosure, confirms the information has not spread further, and the parties may renegotiate their relationship or part ways.

The second most common outcome is a negotiated settlement. The parties reach an agreement on financial compensation, ongoing restrictions, and confirmation of confidentiality obligations. Settlements are typically faster and less expensive than litigation.

Litigation to judgment is the least common outcome but is pursued when the breach is severe, the damages are substantial, and other approaches have failed. Even cases that are filed as lawsuits frequently settle before trial.

The key lesson: having a well-drafted NDA dramatically improves your position regardless of which resolution path you follow. It gives you leverage in negotiations, strength in court, and clarity about each party's obligations.

Preventing breaches

The best approach to NDA breaches is prevention. Several practices reduce the risk of breach significantly.

Limit information sharing: Share only the information that is necessary for the business relationship. Less exposure means less risk.

Mark materials as confidential: Clearly labeling documents, emails, and files as confidential creates awareness and provides evidence if a breach occurs.

Use secure sharing methods: Share confidential information through secure channels rather than unencrypted email. Use access controls and audit logs where possible.

Train recipients: Make sure everyone who receives confidential information understands their obligations. A brief discussion of the NDA terms at the beginning of the relationship sets clear expectations.

Monitor access: Keep records of who has access to confidential information and periodically review whether that access is still necessary.

Conduct exit reviews: When a business relationship ends, review confidentiality obligations and ensure all materials are returned or destroyed.