|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| {{confianat|2}}The “permitted disclosures” provision. | | {{sman|onenda|v1|2}} |
| ==OneNDA commentary==
| |
| ===“Legally required”===
| |
| Some disquiet from institutional [[legal eagle]]s that “legally required” is a little narrow:
| |
| {{quote|{{OneNDA 2(c)}}}}
| |
| There are many occasions where regulators ask — firmly — but don’t ''require'' disclosure of information as such: for example, for a review in the context of a competition review of a proposed merger of exchanges.
| |
| | |
| If we take it as a given that the regulators are there as a force for good — even if their well-meant interventions don’t always work out that way — there should never going to be a case where a counterparty has anything material to lose by having its data disclosed, confidentially, to regulators. Besides, even if the disclosure is only “requested” it is the sort of thing we should expect parties in a commercial relationship to be adult about: where the material is genuinely touchy and it ''can'' be disclosed, a broker with an interest in protecting its commercial relationship would consult its customer in any case — as indeed the clause goes on to contemplate. As t0 that:
| |
| | |
| “'''Promptly notify'''”: The [[JC]]’s general preference is to tone down the need to notify, or god forbid, seek permission when making a regulatory disclosure (see below for obligatory essay) but there is a balance, and we think OneNDA strikes this balance fairly well. Also, if you ''notify'' the disclosure, then the question about whether you were strictly speaking entitled disclose becomes a bit moot.
| |
| ===Disclosure only “for the purpose”===
| |
| A [[doyen of drafting]] writes:
| |
| {{quote|So you’re allowed to disclose only if you’re somehow able to see into the future and know that the further recipient will only use it for the permitted purpose? That makes no sense.}}
| |
| We are surprised that so magisterial an authority on contract phrasing should struggle with this idea. That is want contracts are for: to allocate the risk of future events, however hard they may be to see at the time of signing. In saying “you may pass the information to your agents, but only for the purpose” [[OneNDA]] makes it clear that if your agent uses the information for another purpose, that is on you.
| |
| | |
| If you don’t like that kind of indeterminacy, then ''be careful who you chose as agents''.
| |
| | |
| === Ensure they are informed of the confidential nature of the information ===
| |
| Now a common ''conceptual'' problem with confidentiality arrangements — if not necessarily a ''practical'' one — grows out of our fixation with doing things ''vicariously''. Since modern management orthodoxy obliges one to find someone as cheap and stupid as possible to carry out each molecule of a process, it is scarcely thinkable that a receiver will carry out all modes of the [[purpose]] by itself.<ref>Indeed, if you take the corporate veil literally, even the directors and officers of a corporation represent an agency problem.</ref> It will share the information with all manner of agents just to accomplish the purpose.
| |
| | |
| But once your agent has it, it is out of your hands and beyond [[privity]] of the contract. All other things being equal the discloser cannot sue ''your agent'' for malfeasance; but it can sue ''you''.
| |
| | |
| To be sure, over time [[legal eagles]] have developed various ruses intended to control information in the hand of unbound third parties: covenants on the receiver to impose equivalent confidentiality arrangements on its agents; requirements that the agents are [[Joinder|joined]] to the contract, or otherwise pegged directly with contractual liability to the discloser. Most of these, if they work at all, are more trouble than they are worth; none really respect the contractual chain.
| |
| | |
| Generally your right to disclose to your affiliates and so on is constrained to those who need the information to further the project, and is further conditioned by some kind of obligation to impose corresponding confidentiality terms on such a disclosee, or at least ''inform'' it of the confidential nature of the information. Expect some bleating that having to implement full-scale back-to-back confis is too onerous, or overkill, which is probably fair, as long as your counterparty grasps the essential fact that simply passing [[Confidential information - OneNDA Provision|confidential information]] to a permitted third party does not relieve it of the obligation to ensure the information doesn’t get disclosed to anyone else. If a delegate posts it on 4chan — whether the delegate was subject to an industrial grade back-to-back NDA — this is still the receiver’s problem. The information got out, and the receiver promised it wouldn’t.
| |
| | |
| [[OneNDA]] addresses this conundrum by making the receiver responsible, personally, for its agents’ malfeasance. If the agent respects the purposes, so good. If it does not, your disclosure is a breach of your contract. In using an agent, the receiver casts its fortune into the lap of the Gods.
| |
| | |
| It is the receiver’s problem, in other words, to make sure its agents are not clowns.
| |
| | |
| === Excluding professional advisers ===
| |
| You may see some flummery along these lines:
| |
| | |
| {{Quote|...except that there shall be no requirement to inform a recipient of the confidential nature of the information if it is subject to professional obligations to maintain confidentiality or is otherwise already bound by requirements of confidentiality.}}
| |
| | |
| This is meant to carve-out lawyers, accountants and those subject to professional codes that imply a relationship of trust and confidence. This is well-intended and, practically, harmless — lawyers are innately bound by confidence and privilege, so it goes without saying — but technically, it is wrong, and misunderstands the contractual chain. Just because someone is already bound to some sacred obligation of confidentiality to ''you'' does not mean you should not commit to remind her of for the benefit of someone else.
| |
| | |
| Also, it rather points up the misconception of contractually requiring such a notice or a back-to-back arrangement in the first place. For ''failing to give the necessary notice'' is not the thing: no consequences flow intrinsically from that. What matters is that the delegated recipient keeps the information to itself. If it ''does'', it doesn’t matter that no-one told it it had to. If it does ''not'', it doesn’t matter that everyone did.
| |
| | |
| ====Resistance is useless====
| |
| This “excluding professional advisers” crud points up the manifest and dull ways in which AI will surely make the pursuit of commerce more pointless, more kludgey, and more apt only to be conducted between persons armed with AI. For this request has entered the NDA canon now, at the behest of some alternative legal service providers to whom firms have outsourced their confidentiality negotiation programmes. If phrase isn’t contained in drafts, it is likely to be inserted into yours at the first time of asking by any firm using an AI NDA facility.
| |
| | |
| Does it make any difference? Not really. But that is an argument for striking a sentence, not including it for good measure. Does it add heft, confusion, opportunity for argument and continental drift away from the simplest racing lines for a confidentiality agreement — the ones sketched out by [[OneNDA]]? Certainly.
| |
| | |
| ===Reasonableness===
| |
| You may see people try to squeeze a [[reasonableness]] standard into their obligation to control delegates: Recipient must take reasonable steps to ensure the delegates do not disclose the information. The consequence of this would be that if the Recipient ''did'' take all reasonable steps: delivered tiresome lectures to all its delegates, ensured they acknowledged them in writing; even extracted a binding legal commitment from them not to break confidence — then it could not be held liable for naughty behaviour by a rogue delegate.
| |
| | |
| The JC is, generally, a fan of the “[[commercially reasonable]]” standard, but not in this case. This is to do with reasons of contractual [[privity]], basic allocation of risk and the fundamental principle of contract: there is no value judgment about the quality of your behaviour here. The law of contract cares only about outcome. Contract is about doing, not doing your best.
| |
| | |
| Firstly, the risk argument. Whoever holds this information, if proprietary information gets out, the discloser loses. There is no point where the ''recipient'' loses, directly, from improper disclosure. Therefore our starting position is this: discloser has this secret sauce, and before it discloses it, the risk is fully contained: whether or not it ever gets out is entirely within the discloser’s control. Now, once the discloser lets a recipient have it, under an NDA, it becomes partly ''outside'' the discloser’s control. To the extent it does, it becomes entirely ''within'' the control of the recipient, who doesn’t ''have'' to share it with anyone. It can, and inevitably will — to employees, lawyers, financing partners — but still, the recipient always has a choice about who and when. Once it does so, the recipient then cedes some control, to the delegate.
| |
| | |
| Remember where we started: I had full control of this special information. Even if you do your utmost to keep the information confidential, if it still leaks out, I lose. You don’t. And the law of contract cares not about how hard you tried, but how well you did.
| |
| | |
| To be sure, the villain of this piece is the delegate. But remember who has privity with that delegate: only the recipient. Even if the discloser wanted to sue the delegate it could not. And — unless the recipient remained responsible to the discloser, nor could the recipient, because it would not have personally suffered a loss. The only way the discloser can proceed is down the contractual chain. If the recipient has cut the chain off, then the discloser is left without a remedy.
| |
| | |
| This is a similar argument, but the way, to the old “[[Reliance on legal advice|not liable for relying on bad legal advice]]” chestnut.
| |
| ==General==
| |
| {{confidentiality and regulatory disclosure}}
| |
| {{regulator requests}}
| |
| ===Court proceedings===
| |
| Is it any different for court proceedings? Now, my friends, we are deep in anally retentive territory here.<ref>This may seem a rather unsavoury [[metaphor]], but it seems apposite.</ref> If you should find yourself even broaching the question of what one must do when compelled by ''[[sub poena]]'' or court-mandated [[discovery]] to submit another fellow’s {{confiprov|confidential information}} into the hands of your combatants in connection with an unrelated civil proceeding, then the game is up, this is a [[I’m not going to die in a ditch about it|ditch you might, if you insist on it, die in]], and for the betterment of all you should really just surrender and move on, but for what it is worth, it ''is'' arguably different from compulsory disclosure to a regulator:
| |
| | |
| On one hand:
| |
| *A (third party) litigant may be the disclosing party’s competitor, and its intentions may not be as pure as driven snow — a disposition which one can (or has little choice but to) take as read for a regulator;
| |
| *The discovery request may thus be an abusive use of a court progress to fish out some commercial material. So one should be on one’s guard and ready to defend it, to the advantage of the disclosing party;
| |
| On the other hand:
| |
| *It is a compulsory legal process and, at the limit, you can’t stop it;
| |
| *A civil litigation between you and some other dude, even if it somehow involves the disclosing party’s {{confiprov|confidential information}}, is generally sensitive and may not be the sort of thing you want the disclosing party to know about: there is a “clash of the confidentialities” here
| |
| *As a litigant you will be generally incentivised to resist wider disclosure than is absolutely necessary and so shouldn’t need to have to promise this to the disclosing party. But it is not inconceivable that this confidential agreement ''is'' exactly the ammunition you need to shut down the litigation, so your interests may favour disclosure, while the “discloser’s” may not. You don’t want your confidentiality agreement to crimp your ability to show your best you to the court process.
| |
| When all is said and done, these are all ''extraordinarily'' remote and implausible hypotheticals. They neatly illustrate the fatuity of obsessing over the minutiae of an imponderable future, and it pains me to even talk about them. ''However'', it is in just such a fatuous neck of the woods that the [[legal eagle]] likes to build its nest so — unless you want to [[die in a ditch]] in that fatuous neck of the woods (some do; there is no accounting for taste) — you might just take a view and nod along.
| |
| | |
| {{ref}}
| |
| | |
| <references />
| |
|
OneNDA Owner’s Manual™
A Jolly Contrarian owner’s manual™
Original text:
Resources and Navigation
Index: Click ᐅ to expand:
|
|
Overview
This is the meat and drink of the One NDA so we have set out specific commentary about the three clauses below:
2(a): Permitted Receivers
2(b): liability for breach by Permitted Receivers
2(c): Regulatory disclosure
Summary
“Legally required”
Some disquiet from institutional legal eagles that “legally required” is a little narrow:
The Receiver may share the Confidential Information if required by law or regulation but must promptly notify the Discloser of the requirement if allowed by law or regulation.
There are many occasions where regulators ask — firmly — but don’t require disclosure of information as such: for example, for a review in the context of a competition review of a proposed merger of exchanges.
If we take it as a given that the regulators are there as a force for good — even if their well-meant interventions don’t always work out that way — there should never going to be a case where a counterparty has anything material to lose by having its data disclosed, confidentially, to regulators. Besides, even if the disclosure is only “requested” it is the sort of thing we should expect parties in a commercial relationship to be adult about: where the material is genuinely touchy and it can be disclosed, a broker with an interest in protecting its commercial relationship would consult its customer in any case — as indeed the clause goes on to contemplate. As t0 that:
“Promptly notify”: The JC’s general preference is to tone down the need to notify, or god forbid, seek permission when making a regulatory disclosure (see below for obligatory essay) but there is a balance, and we think OneNDA strikes this balance fairly well. Also, if you notify the disclosure, then the question about whether you were strictly speaking entitled disclose becomes a bit moot.
Disclosure only “for the purpose”
A doyen of drafting writes:
So you’re allowed to disclose only if you’re somehow able to see into the future and know that the further recipient will only use it for the permitted purpose? That makes no sense.
We are surprised that so magisterial an authority on contract phrasing should struggle with this idea. That is what contracts are for: to allocate the risk of future events, however hard they may be to see at the time of signing. In saying “you may pass the information to your agents, but only for the purpose” OneNDA makes it clear that if your agent uses the information for another purpose, that is on you.
If you don’t like that kind of indeterminacy, then be careful who you chose as agents.
Ensure they are informed of the confidential nature of the information
Now a common conceptual problem with confidentiality arrangements — if not necessarily a practical one — grows out of our fixation with doing things vicariously. Since modern management orthodoxy obliges one to find someone as cheap and stupid as possible to carry out each molecule of a process, it is scarcely thinkable that a receiver will carry out all modes of the purpose by itself.[1] It will share the information with all manner of agents just to accomplish the purpose.
But once your agent has it, it is out of your hands and beyond privity of the contract. All other things being equal the discloser cannot sue your agent for malfeasance; but it can sue you.
To be sure, over time legal eagles have developed various ruses intended to control information in the hand of unbound third parties: covenants on the receiver to impose equivalent confidentiality arrangements on its agents; requirements that the agents are joined to the contract, or otherwise pegged directly with contractual liability to the discloser. Most of these, if they work at all, are more trouble than they are worth; none really respect the contractual chain.
Generally your right to disclose to your affiliates and so on is constrained to those who need the information to further the project, and is further conditioned by some kind of obligation to impose corresponding confidentiality terms on such a disclosee, or at least inform it of the confidential nature of the information. Expect some bleating that having to implement full-scale back-to-back confis is too onerous, or overkill, which is probably fair, as long as your counterparty grasps the essential fact that simply passing confidential information to a permitted third party does not relieve it of the obligation to ensure the information doesn’t get disclosed to anyone else. If a delegate posts it on 4chan — whether the delegate was subject to an industrial grade back-to-back NDA — this is still the receiver’s problem. The information got out, and the receiver promised it wouldn’t.
OneNDA addresses this conundrum by making the receiver responsible, personally, for its agents’ malfeasance. If the agent respects the purposes, so good. If it does not, your disclosure is a breach of your contract. In using an agent, the receiver casts its fortune into the lap of the Gods.
It is the receiver’s problem, in other words, to make sure its agents are not clowns.
Excluding professional advisers
You may see some flummery along these lines:
...except that there shall be no requirement to inform a recipient of the confidential nature of the information if it is subject to professional obligations to maintain confidentiality or is otherwise already bound by requirements of confidentiality.
This is meant to carve-out lawyers, accountants and those subject to professional codes that imply a relationship of trust and confidence. This is well-intended and, practically, harmless — lawyers are innately bound by confidence and privilege, so it goes without saying — but technically, it is wrong, and misunderstands the contractual chain. Just because someone is already bound to some sacred obligation of confidentiality to you does not mean you should not commit to remind her of for the benefit of someone else.
Also, it rather points up the misconception of contractually requiring such a notice or a back-to-back arrangement in the first place. For failing to give the necessary notice is not the thing: no consequences flow intrinsically from that. What matters is that the delegated recipient keeps the information to itself. If it does, it doesn’t matter that no-one told it it had to. If it does not, it doesn’t matter that everyone did.
Resistance is useless
This “excluding professional advisers” crud points up the manifest and dull ways in which AI will surely make the pursuit of commerce more pointless, more kludgey, and more apt only to be conducted between persons armed with AI. For this request has entered the NDA canon now, at the behest of some alternative legal service providers to whom firms have outsourced their confidentiality negotiation programmes. If the phrase isn’t contained in drafts, it is likely to be inserted into yours at the first time of asking by any firm using an AI NDA facility.
Does it make any difference? Not really. But that is an argument for striking a sentence, not including it for good measure. Does it add heft, confusion, opportunity for argument and continental drift away from the simplest racing lines for a confidentiality agreement — the ones sketched out by OneNDA? Certainly.
Reasonableness
You may see people try to squeeze a reasonableness standard into their obligation to control delegates: Recipient must take reasonable steps to ensure the delegates do not disclose the information. The consequence of this would be that if the Recipient did take all reasonable steps: delivered tiresome lectures to all its delegates, ensured they acknowledged them in writing; even extracted a binding legal commitment from them not to break confidence — then it could not be held liable for naughty behaviour by a rogue delegate.
The JC is, generally, a fan of the “commercially reasonable” standard, but not in this case. This is to do with reasons of contractual privity, basic allocation of risk and the fundamental principle of contract: there is no value judgment about the quality of your behaviour here. The law of contract cares only about outcome. Contract is about doing, not doing your best.
Firstly, the risk argument. Whoever holds this information, if proprietary information gets out, the discloser loses. There is no point where the recipient loses, directly, from improper disclosure. Therefore our starting position is this: discloser has this secret sauce, and before it discloses it, the risk is fully contained: whether or not it ever gets out is entirely within the discloser’s control. Now, once the discloser lets a recipient have it, under an NDA, it becomes partly outside the discloser’s control. To the extent it does, it becomes entirely within the control of the recipient, who doesn’t have to share it with anyone. It can, and inevitably will — to employees, lawyers, financing partners — but still, the recipient always has a choice about who and when. Once it does so, the recipient then cedes some control, to the delegate.
Remember where we started: I had full control of this special information. Even if you do your utmost to keep the information confidential, if it still leaks out, I lose. You don’t. And the law of contract cares not about how hard you tried, but how well you did.
To be sure, the villain of this piece is the delegate. But remember who has privity with that delegate: only the recipient. Even if the discloser wanted to sue the delegate it could not. And — unless the recipient remained responsible to the discloser, nor could the recipient, because it would not have personally suffered a loss. The only way the discloser can proceed is down the contractual chain. If the recipient has cut the chain off, then the discloser is left without a remedy.
This is a similar argument, but the way, to the old “not liable for relying on bad legal advice” chestnut.
See also
Template:Onenda 2 sa
References
- ↑ Indeed, if you take the corporate veil literally, even the directors and officers of a corporation represent an agency problem.
