Confidentiality agreement: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
No edit summary
Tags: Mobile edit Mobile web edit
 
(33 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{rightbox|30|{{Rocknrollconfi}}}}Also known, to those for whom the glass is half-empty, as a [[non-disclosure agreement]]. An agreement whereby you promise not to tell. If Robert Plant were writing one, he would write it like the box on the right.
{{a|confi|
{{image|Secret|jpg|Do you promise not to tell, and if you do, do you acknowledge damages may not be an adequate remedy?}}
}}{{d|confidentiality agreement|/ˌkɒnfɪdɛnʃɪˈæləti/ /əˈgriːmənt/|n|}}


Anyhoo. Here are the main of a normal financial markets confidentiality.
(Also known, to those for whom the glass is half-empty, as a “[[non-disclosure agreement]]”, or an “[[NDA]]”. Or a “[[confi]]”.) <br>


===What’s in a [[confi]]?===
1. (''Forensic evolution'') The ostentatious courtship display of a fecund [[legal eagle]]. Identified as a kind of Darwinian [[textual selection]] because the length and gravity of the terms of a [[non-disclosure agreement]] varies in exact inverse proportion to its subject matter. The more fatuous the “confidential information”, the more stentorian in term and baroque in expression the NDA tends to be. Thus, a [[legal department]] whose plumage boasts an enormous multicolored [[NDA]] is broadcasting to the rest of the market, “look how fertile I am! I can insist on this transparently idiotic legal contract and people still sign it! It is absurd along every conceivable dimension, yet, here I still am, my business in rude health!” <br>
Confis can be “one way”, where one party discloses and the other receives, or “two way”, where both parties disclose sensitive information. A broker’s template will tend to be far more generous when it is receiving only, than when it is giving information up.
====Length====
Firstly, let’s be blunt about this: there is a special place in hell for [[Mediocre lawyer|any advisor]] who serves up a confidentiality agreement more than 3 pages long. Even three pages is purgatorially tedious. GET TO THE POINT. It’s a goddamn [[confi]], not the sale of your soul. Oh hang on.
===='''Purpose'''====
''Why'' are the parties sharing the information in the first place? Typically, you’ll want to restrict use of the information to matters relevant to the project. Expect to see a definition of “purpose”, or something similar.
===='''What information is in scope?'''====
Parties give each other all kinds of information. Not all of it is sensitive. Seeing as a confi imposes onerous obligations, you should carefully define the “[[confidential information]]” that’s in scope.
*'''[[Personal information]]''': If the information is personal information about individuals, there may be additional provisions concerning storage, processing and rights to access and correct that information. Especially once the [[ General Data Protection Regulation]] ([[GDPR]])  comes into force. Hoo boy.
*'''What information that otherwise would be in scope, is out of scope?''': Even within the definition of confidential information, you’ll need to make exceptions:
**Information the receiver already held at the time of disclosure
**Information the receiver receives separately from someone else other than in breach of a confidentiality undertaking
**Information the receiver develops independently of the disclosure and without reference to information disclosed
*'''{{t|Trick for young players}}''': Don't make the {{tag|schoolboy error}} of including in this exclusion from the definition of confidential information “information required to be disclosed to regulators or government authorities”. This is a legitimate exception to the prohibition on disclosing information — see below — but it shouldn’t disqualify the information from being Confidential Information altogether. If it did, once you were required to give any information to the regulator, it would suddenly be open season and you could tell everyone about it.
===='''What is the {{tag|confidentiality}} restriction?'''====
Now you know what counts as [[confidential information]], what can you do with it and what’s not allowed?  You’ll often see:
*'''Keep the information confidential'''. Don’t disclose it except to a limited group of people — and you may be required to ensure that these people only receive the information subject to an equivalent duty of confidentiality:
**'''Inside the organisation''': In a large organisation this may be to a small group of people in the organisation (for example, credit, legal or the onboarding team). There may be specific restrictions to prevent it getting to trading desks or front office personnel who may use the information to profit from it (this will usually be illegal: it’s likely to constitute insider trading or market abuse, but no harm is specifying in the contract).
**'''Outside the organisation''': you may be allowed to share it with your professional advisers, and to regulators and quasi regulatory authorities (stock exchanges etc) where required by law (or you reasonably consider it expedient).  There may be some tiresome details about only giving in formation that is reasonably necessary, and taking what steps are necessary to take legal action to prevent disclosures to regulators.
*Only use it to carry out the “purpose” or “project”.
This is somewhat hard to enforce — it’s nebulous, right? — and in practice you’ll bever know what goes on bhind closed doors, but in the English law-speaking world this is pretty uncontroversial precisely because it isn't practically actionable. But the yanks can get very worked up over it. At least that's what I recall, but it may have been a fever dream.
====Obligation to notify provider of regulator requests====
This is a common and oft accepted provision: where you are obliged to disclose to a regulator, you must first notify the provider of the information, to allow them to make
*'''[[Trade reporting|Trade]]/[[transaction reporting]]''': [[Broker]]s will be obliged to disclose a lot of trade-specific client information to regulators and exchanges every day on account of {{t|MiFID}}/{{t|EMIR}} [[Trade reporting|trade]] and [[trade reporting]]. We are not going to repeatedly tell the client that.
*'''Ad-hoc ''general'' information requests''': Outside [[Trade reporting|trade]]/[[transaction reporting]], when regulators ask for [[ad hoc]] information from a [[broker]], it is usually for a wide-ranging data set across whole trading books and sectors, covering multiple clients. It is unrealistic to accept [[Brokers]] to monitor which clients within that population have confis, much less a right to be specifically notified beforehand. Nor will they want to go to the trouble of getting all those consents. Why? BECAUSE LIFE IS TOO SHORT.
*'''Ad-hoc ''client-specific'' information requests''': Where a regulator specifically asks for data on a single client, it is likely the regulator will also have made equivalent disclosure requests to the client at the same time (or copied the client on those requests to the [[broker]]) — if the request is benign — and if it has not, the investigation is likely to be one where the regulator would not allow the [[broker]] to alert the client anyway, and indeed where such notification could be a criminal offence (market abuse, etc). Even where the notification clause carves out where “notification being illegal” this leaves the [[empty set]] of circumstances where the [[broker]] would have to give info about a specific client and the client doesn’t, but was entitled to know about it.
*'''Commercial sensitivity''': Lastly, the legitimate point of a confi is ''to respect the client’s legitimate interest in protecting the commercial value of non-public information''. It is ''not'' to keep silent about behavioural turpitude; indeed a [[broker]]’s regulatory obligations may oblige it to report, without invitation, bad acts it observes, whether the client likes it or not and whether there is a [[confidentiality agreement]] or not. Generally, client information a [[broker]] holds is not legally or professionally [[privilege]]d. Since, by definition, passing information to a regulator should not<ref>Absent a severe dereliction of the regulator’s duty, and in that case there’s not really much the broker can be expected to do about it, is there?</ref> prejudice the commercial value of that information, it is hard to see when client would have a valid reason to seek injunctive relief to prevent disclosure of information to a competent regulator.
                                                                                                                                                                                                                                                       
And that is borne out by the [[JC]]’s tawdry personal experience (anecdotal though it may be, it does span 22 years and four different investment banks): the [[JC]] has never ever, ever seen anyone take injunctive relief to prevent disclosure of confidential information to a regulator.


===='''Return of information'''====
2. (''[[Reg tech]]'') Any class of legal contract sufficiently common, homogenous, predictable and dull that a machine-learning proof of concept will appear to work, in some superficial way, for a period of time at least as long as the [[general counsel]]’s attention span. (So named because the [[confidentiality agreement]] is the only such contract in wide use). Hence: “Hi I would like to pitch you my new [[software as a service]] offering, which can intelligently automate your entire legal operations platform. It runs on [[chatbot]]s and [[Natural language processing|natural language processing]] [[and/or]] a room full of captive economic migrants in Khazakstan. It rocks. I can give you a half-hour demo. So I can set up the POC, can you send me a few sample...” <br>
The disclosing party will want rights to get the information back at the end of the project. In this modern era of distributed network computing, the old entreaties to “return all copies of information” are faintly absurd: as if they’ve been kept in a manila folder in a filing cabinet somewhere, only inspected by chaperoned employees wearing white cotton gloves. Of course everything will have been transmitted electronically, will exist on servers all around the world, and the very action of attempting to return it will oblige it to be copied onto other servers. Some of these copies will be stored for years under document retention policies. So the real ask ought to be “to put beyond practical use” and have an exception for regulatory retention. There’s also a conceptual issue with information the receiving party has derived from the confidential information — this may include information which is confidential to the receiver, and should not have to be offered up to the discloser.
“Let me guess: a few sample [[confidentiality agreement]]s?” <br>
“Oh right. I see. Hey look sorry, [[I have to hop]].” <br>
===The NDA space race===
The trajectory of “NDA as [[legaltech]] exemplar” bears a striking similarity with the space race.


====Possibility of injunctions====
Firstly, competitors in this stampede towards the [[singularity]] all talk a great game about their magical technology ([[machine learning]], [[neural network]]s, [[general AI]] etc) when in fact it is runs from a call-centre full of Bulgarian school-leavers equipped with slide rules, compasses, protractors and pencils (if lucky) and vacuum cleaner nozzles, duck tape, tin foil and string (if not). In fairness, there ''is'' general intelligence involved; it’s just not ''artificial'': it belongs to the school-leavers).
Some people like to acknowledge that the potential consequences of breach of confidence are so severe that ordinary contractual damages might not be adequate and [[equitable]] relief might be the only means of protecting your position. Injunctions, dawn raids and so on. Whatever floats your boat. Really an acknowledgment so that the poor wronged person who goes to the [[courts of chancery]] seeking injunctive relief can point to M'lud and say, “You see, your honour? That rascal knew perfectly well I might need an injunction here.


Like I say, whatever floats your boat.
Secondly, virulent conspiracy theories circulate in underground networks if legal eagles which doubt whether there was ever any technology involved at all, theorising instead that the whole idea of a confidentiality agreement is just an elaborate hoax.
====No [[representations]] or [[warranties]]====
Another one for the “[[I never said it was]]” file, a clear [[disclaimer]] that when giving you this information, I never said it was accurate or good for anything. so you can’t sue me if you rely on it and lose money.


====Term====
Thirdly, allowing for a moment it did work, this moon-shot cost a hell of a lot of time and money and was a huge distraction for a what was a dry, lifeless, inert, joyless and ultimately fairly pointless journey. It is as if the Eagle triumphantly landed on Planet NDA, they took selfies, horsed around for a bit with a space buggy and some golf clubs, collected some pumice and came home. Suddenly it’s 60 years lateral, no one’s been back to Planet NDA since, let alone colonised the rest of the galaxy.
Some folks will insist on a hard stop, say two years, after which supplied information ceases to be confidential. [[Inhouse lawyer|Inhouse lawyers]] may profess themselves to be immutably bound to have such a term by internal [[policy]]]]. While the commercial value of much information does go stale over time (blueprints fo a BetaMax, anyone?), this isn’t universally true — a client list is valuable however long you hold it — and the usual justification for the hard stop (“we don't have the systems to indefinitely hold infoirmation subject to confidence and don't want indeterminate liability for breach”) is a canard. Whatever information security systems you do have don’t suddenly stop working after three years. And as for indeterminate liability — well, [[no harm no foul]]: if the information really is stale then no loss follows from a breach, right? No loss, no damages.


===What a confi shouldn't have===
The following often make their way into a confi agreement, though none really have any business being there.
*An [[Exclusivity clause]]
*A [[Mon-solicitation clause]]
*An [[indemnity]]


{{confi basic structure}}


===Special AKA===
==The [[OneNDA]]==
The same as a:
Nowadays there is a market standard commercial non-disclosure called the [[OneNDA]]. It solves a lot of problems, does away with much of the small-minded drizzling that tends to go with NDA negotiation, and really removes much of the need for this page. The JC was fairly heavily involved with its production so I’m kind of biased, but it’s pretty neat.
*[[Non-disclosure agreement]]
*[[NDA]]
*[[Confi]]


==See also==
{{sa}}
*[[Copyright and AI]]
*[[Confidence]]
*[[Confidence]]
*[[Confidentiality Agreement - Rock 'n' Roll Style]]
*[[Copyright]]
*[[Patent]]
{{ref}}

Latest revision as of 19:43, 21 November 2023

NDA Anatomy™
JC’s guide to non-standard confidentiality agreements.
For the OneNDA, see the OneNDA Anatomy


Do you promise not to tell, and if you do, do you acknowledge damages may not be an adequate remedy?
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

confidentiality agreement
/ˌkɒnfɪdɛnʃɪˈæləti/ /əˈgriːmənt/ (n.)

(Also known, to those for whom the glass is half-empty, as a “non-disclosure agreement”, or an “NDA”. Or a “confi”.)

1. (Forensic evolution) The ostentatious courtship display of a fecund legal eagle. Identified as a kind of Darwinian textual selection because the length and gravity of the terms of a non-disclosure agreement varies in exact inverse proportion to its subject matter. The more fatuous the “confidential information”, the more stentorian in term and baroque in expression the NDA tends to be. Thus, a legal department whose plumage boasts an enormous multicolored NDA is broadcasting to the rest of the market, “look how fertile I am! I can insist on this transparently idiotic legal contract and people still sign it! It is absurd along every conceivable dimension, yet, here I still am, my business in rude health!”

2. (Reg tech) Any class of legal contract sufficiently common, homogenous, predictable and dull that a machine-learning proof of concept will appear to work, in some superficial way, for a period of time at least as long as the general counsel’s attention span. (So named because the confidentiality agreement is the only such contract in wide use). Hence: “Hi I would like to pitch you my new software as a service offering, which can intelligently automate your entire legal operations platform. It runs on chatbots and natural language processing and/or a room full of captive economic migrants in Khazakstan. It rocks. I can give you a half-hour demo. So I can set up the POC, can you send me a few sample...”
“Let me guess: a few sample confidentiality agreements?”
“Oh right. I see. Hey look sorry, I have to hop.”

The NDA space race

The trajectory of “NDA as legaltech exemplar” bears a striking similarity with the space race.

Firstly, competitors in this stampede towards the singularity all talk a great game about their magical technology (machine learning, neural networks, general AI etc) when in fact it is runs from a call-centre full of Bulgarian school-leavers equipped with slide rules, compasses, protractors and pencils (if lucky) and vacuum cleaner nozzles, duck tape, tin foil and string (if not). In fairness, there is general intelligence involved; it’s just not artificial: it belongs to the school-leavers).

Secondly, virulent conspiracy theories circulate in underground networks if legal eagles which doubt whether there was ever any technology involved at all, theorising instead that the whole idea of a confidentiality agreement is just an elaborate hoax.

Thirdly, allowing for a moment it did work, this moon-shot cost a hell of a lot of time and money and was a huge distraction for a what was a dry, lifeless, inert, joyless and ultimately fairly pointless journey. It is as if the Eagle triumphantly landed on Planet NDA, they took selfies, horsed around for a bit with a space buggy and some golf clubs, collected some pumice and came home. Suddenly it’s 60 years lateral, no one’s been back to Planet NDA since, let alone colonised the rest of the galaxy.


What should be in an NDA

Let’s be blunt about this: there is a special place in hell for any advisor who serves up a confidentiality agreement more than 3 pages long. Even three pages is purgatorially tedious. GET TO THE POINT. It’s a goddamn NDA, not the sale of your soul.

For those of you who can’t see your way clear to embracing the OneNDA, and who have not yet been asked to get your coat, here are the basic things it needs to cover: Who is who: Who is disclosing, who is receiving, or is it mutual? Mutual is good — as it plays to the idea that this is fair, but sometimes you want to just get across the line quickly, by offering confidentiality, without requiring it. That way, for example, you can just sign without seeking assent.

  • The confidential information: What counts as confidential information, and what doesn’t?
  • The Purpose: Why are you disclosing the confidential information? What is the project?
  • The confidentiality obligation itself: How is the receiver expected to keep it secret? Who can the receiver share with? On what terms?
  • Mandatory disclosure beyond the “Purpose”: What about compulsory disclosure under legal process, statutes and regulations?
  • Term: How long does the confidentiality obligation last?
  • Other: Representations and warranties, governing law, And for God’s sake WHATEVER YOU DO DON’T FORGET THE COUNTERPARTS CLAUSE.

What shouldn’t be in an NDA

The following often make their way into a confi agreement, though none really have any business being there.

The OneNDA

Nowadays there is a market standard commercial non-disclosure called the OneNDA. It solves a lot of problems, does away with much of the small-minded drizzling that tends to go with NDA negotiation, and really removes much of the need for this page. The JC was fairly heavily involved with its production so I’m kind of biased, but it’s pretty neat.

See also

References