I have not carefully read the entire NDA, but I offer the following comment.

If a recipient of information protected by an NDA is a legal entity, such as a corporation, Section 4 of your form requires the recipient to enter into a confidentiality written agreement with each employee (and others working for the recipient) who receive information protected by the NDA. This is both too much and too little!

It is too much because it is burdensome on the recipient to require employees to sign a written agreement every time the corporation receives receive information protected by an NDA. There might be 20 employees who need to see the information, and keeping track of who has signed and who hasn’t and making sure that an employee who has signed doesn’t share information with an employee has not yet signed is an administrative burden.

I don’t ask for this provision when representing the disclosing party, and I would resist this when representing the recipient.

In any event, how does the disclosing party police this requirement?

It is too little because the recipient fulfills its obligation by entering into a written agreement with the employee as required by your form of NDA. If there is a written agreement with the employee and the employee improperly discloses the information protected by the NDA, the recipient points to the written agreement and says, “I did what you asked.” So why would the recipient be liable for the wrongful disclosure by its employee?

To whom is the employee liable if the employee improperly discloses the information protected by the NDA? Presumably the disclosing party would want to sue based on the fact that the employee signed a written agreement agreeing to keep the information confidential, but unless the disclosing party is a third-party beneficiary of the recipient’s written agreement with the employee, the disclosing party has no rights under that agreement.

In the absence of an express statement in the NDA that the recipient’s agreement with the employee is intended for the benefit of the disclosing party (i.e., the disclosing party is a third-party beneficiary of the agreement), it is a litigable issue whether the disclosing party a third-party beneficiary. There is nothing in the NDA form that requires the recipient’s agreement with the employee to contain such a clause.

In some situations, both the disclosing party and the recipient might prefer not to identify the source of the information protected by the NDA.

Even assuming that the written agreement with the employee allows the disclosing party to sue the employee for wrongful disclosure based on that agreement, does the employee have adequate resources to pay a judgment?

Instead of requiring such agreements between a recipient and an employee, it might be more effective to state in the NDA that the recipient is required to instruct its employees on the confidential nature of the information, that the recipient is responsible for any disclosure of information by its employees in violation of the NDA, and that the recipient will be liable for any damages resulting therefrom.

Thanks very much for this comment. I'm glad I looked back on my threads page and saw it!

First, I should make clear that I did not set out to write the very best NDA possible. Rather, I set out to write the NDA that I thought companies and their counsel would find the quickest and easiest to approve. In other words, to reflect current practice, which we might both to agree falls well short of optimum.

Alas, my experience from prior projects is that better terms don't provide enough incentive to standardize. Everybody likes their NDA, and the difference between OK and better isn't compelling. But my hope is that if we standardize otherwise, through CT's self-propagating mechanism, that standard can then become a platform for better terms.

Now to your points on employees and confidentiality.

The covenant to sign NDAs with employees is essentially a commitment to best practice. The parties are confirming that NDAs, or more likely CIIAAs, are part of the hiring packets for both sides. Note the exception for professionals under non-contractual confidentiality obligations, like lawyers. That tracks reality, in my experience.

You are correct that absent express language, and without privity, disclosers could end up without direct claims against breaching employees. That's an absolutely fair point, though I'd hasten to add that the company, rather than its employee, is usually the deep pocket, and an injunction to the company is usually what's needed to stop any bleeding.

The terms addressing employer responsibility are in section 4(m) of version 1.1.0:

> (m) Compliance and Oversight. > > (i) Receiving Party shall ensure that its Advisers abide by the confidentiality obligations of Receiving Party under this agreement. If Receiving Party is a legal entity, Receiving Party shall also ensure that its Personnel abide by the confidentiality obligations of Receiving Party under this agreement. Breach of Receiving Party obligations by Receiving Party Personnel or Receiving Party Advisers will be deemed breach of this agreement by Receiving Party itself. > > (ii) If Receiving Party is a legal entity, Receiving Party shall provide Disclosing Party copies of confidentiality agreements with Personnel who receive Confidential Information on Disclosing Party request.

Again, thank you very much. Writing what you did took time, I know.

If you'd like to discuss further, please do e-mail me. Otherwise, I can't be sure I'll see it. I'd be more than happy to make time for a call, or arrange a meal, coffee, or libations next I'm down to San Jose from Oakland.