What are my obligations? - OneNDA Provision: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
{{confianat|3}}{{confi obligation}}
{{confianat|3}}
{{confi obligation}}
{{sa}}
{{sa}}
*[[Procure compliance]] — a bit of confi ninja overreach, in our view.
*[[Procure compliance]] — a bit of confi ninja overreach, in our view.

Revision as of 13:58, 7 June 2023

NDA Anatomy™
JC’s guide to non-standard confidentiality agreements.
For the OneNDA, see the OneNDA Anatomy

The OneNDA clause
What are my obligations?

The Receiver must:

  1. only use the Confidential Information for the Purpose,
  2. keep the Confidential Information secure and confidential and only disclose it as allowed by this Agreement,
  3. promptly notify the Discloser if it becomes aware of a breach of this Agreement, and
  4. within thirty days of the Discloser’s request, take reasonable steps to destroy or erase any Confidential Information it holds, except the Receiver may retain copies of Confidential Information:
    1. that are securely stored in archival or computer back-up systems,
    2. to meet legal or regulatory obligations, or
    3. in accordance with bona fide record retention policies,
    subject to this Agreement’s terms.

view template

Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

General terms of confidentiality obligations

Having defined what counts as confidential information, the question arises what can you do with it and what’s not allowed?

In order of stating the bleeding obvious:

Keep the confidential information confidential

Don’t disclose it except to the defined group of people set out in the agreement — and you may be required to ensure that these people only receive the information subject to an equivalent duty of confidentiality:

Inside the organisation: In a large organisation you may be restricted to a small group of people in the organisation, and they may be behind information barriers (for example, credit, legal or the on-boarding team). There may be specific restrictions on passing the information to trading desks and front office personnel who could profit from it (this may be illegal: it could be insider trading or market abuse), to rip a good idea off, end-run around the client to do the same deal with someone else or nefariously use it to curry favour with other clients.

Outside the organisation: you may be allowed to share it with professional advisers, regulators and quasi-regulatory authorities (stock exchanges etc) where required by law (or you reasonably consider it expedient). There may be some tiresome details about only giving what is reasonably necessary, and helping to prevent, challenge or minimise disclosures to regulators. Be aware of the schoolboy error of reclassifying information that must be disclosed to regulators as “no longer confidential”. This is wrong: It is still, in you hands, confidential. Obviously you cannot be blamed for miscreants in the public regulatory system who then misuse it, but you must still keep to your own word.

Only use it to carry out the “purpose” or “project”

This is somewhat hard to enforce — it’s nebulous, right? — and in practice, you’ll never know what goes on behind closed doors, but in the English law-speaking world this is pretty uncontroversial precisely because it isn’t practically actionable. But our North American cousins — and those on the private side of the investment banking wall — can get very worked up over it.

Not make unnecessary copies

Not the sort of thing to argue about, but not necessary either: you can xerox the information a thousand times if that floats your boat, and that won’t cause me any more damage than had you only xeroxed it once — unless you then give it to someone you shouldn’t. It is not the act of copying it that causes the loss, but your subsequent carelessness with the copies. But, still, would you strike that out of a draft? No.

See also