Get best of the week

NDA for development - “residual” clause and other ways to protect yourself

Custom development is almost impossible without transmitting confidential information (CI) to the developer. Otherwise, what is it customized.
The larger the customer, the more difficult it is to negotiate a confidentiality agreement. A model contract with a probability close to 100% will be redundant.

As a result, together with the minimum amount of information necessary for work, you can get a bunch of responsibilities - to store and protect as your own, for many years, even after the expiration of the agreement. Keep records, organize storage, compensate for losses. Provide the disclosing party with an audit opportunity. Pay multimillion-dollar fines for the fact of disclosure. God knows what else. This is a standard form, it is approved by the chairman of the board, it cannot be amended.

To be able to calmly do your job, you need to have the most understandable amount of obligations. This simple truth can be realized by several conditions.

  1. Indication that the NDA is applicable to a specific project. The temptation to extend it to all existing and future projects is great, why sign too much. But the smaller the volume, the less resources are required for its storage, fewer people can access, lower the risks of disclosure.
  2. Confidential information - only written, marked as "confidential". Allows you to clearly understand whether the privacy mode applies to specific information or not. In this case, marking the information is the responsibility of the customer. Avoid wording such as “any information”.
  3. Not all CIs can be returned and destroyed. A “residual” clause is used in standard NDAs by companies such as Microsoft. It fixes the right to data remaining as a result of having access to CI, existing outside of material carriers (for example, in the memory of a person who had access to CI), including ideas, principles, methods. Neither party has the right to limit or prohibit the use of "residual" information by such persons, as well as to charge a fee for its use. This condition does not apply to patent and copyright objects that are legally owned by the disclosing party.
  4. – , (, ). , 3 ( ).
  5. . - (, ), ( ), ( ).
  6. There is no double or triple liability for the same violation. Accidental data leakage cannot be used as a means of enrichment of one of the parties. We limit ourselves to direct documented damage (not losses, which will mean damage + lost profit) within 30-70% of the project cost.

Each of these conditions is logical and protects including the customer - the less CI he reveals, the lower the risk of leakage. No redundancy, but a clear circle of obligations. Take care of yourself and your confidential information.

More articles:


All Articles