Close
Login to MyACC
ACC Members


Not a Member?

The Association of Corporate Counsel (ACC) is the world's largest organization serving the professional and business interests of attorneys who practice in the legal departments of corporations, associations, nonprofits and other private-sector organizations around the globe.

Join ACC

This Wisdom of the Crowd, compiled from responses posted on the IT, Privacy & eCommerce eGroup* addresses employees who are asked to sign a Non-Disclosure Agreement in an individual capacity by a client company.

*(Permission was received from ACC members quoted below prior to publishing their eGroup Comments in this Wisdom of the Crowd Resource)
Question
My company is performing some services for a customer whereby our software will integrate with software they currently have. We have a Non-Disclosure Agreement (NDA) with this customer, but they are asking the individual who will be performing the services to sign an NDA in his individual capacity. This individual is an actual employee of our company - not a consultant or any other type of relationship. Needless to say I'm concerned and initially thought they simply made a mistake by making our employee the subject of the NDA but upon speaking with the customer, they do want him to sign as an individual and insist that this is standard practice. I gave them all the reasons I thought this was inappropriate, all to no avail.

I have not seen this before and it makes no sense to me, but keep thinking I may be missing something. Has anyone out there encountered a similar situation?
Wisdom of the Crowd

Response #1: Yes, we had that happen, and the way we solved it was to confirm that the employee had signed confidentiality documents with us that were similar to the NDA the employee was being asked to sign. The language in the agreement with our customer flowed down to employees, so it was a chain of documents that the customer agreed would cover any employee who performed the work. Our situation was different, as a number of employees were involved, but check to see whether you can use the same argument - that the employee is already covered and the individual NDA is an unnecessary redundancy.1

Response #2: We had a few requests of that type. In only one instance, where the NDA was related to a very special project, individuals accepted to sign personally the NDA. In the other few cases, we successfully avoided it by pointing out that the individuals were already under confidentiality obligations in their employment contracts.2
Response #3: I'm with a global IT company and we see this often. I believe the requirement is made in order to so to speak 'scare' the individual so that they take their confidentiality obligations more seriously. As you say, this is not acceptable as individuals should not be personally liable in such circumstances. It's also not very practicable as in the unlikely event that the individual is sued for breach, they are unlikely to have a sufficiently deep pocket from which to recover. We tend to solve this by agreeing an acceptable NDA in relation to the transaction which the employee will sign with us (i.e. the employer) and which we will then present to the client.3
Response #4: I've run into this where the other party is worried about your employee learning something that they can run off and commercialize on their own, setting up a defense for you that the actions were beyond the scope of employment, so your firm isn't liable. So, the client/trade secret holder wants recourse directly against the (likely judgment-proof unemployed) individual. A possible compromise is expressly waiving the scope of employment defenses.4
Response #5: Would not the employer be vicariously liable for the employee's breach in any event? I also think it is redundant. The confidentiality provisions in the employee's employment agreement I think are better designed to protect you, the employer, because you could have grounds to terminate the employee if he/she breached the confidentiality.
The NDA should have a clause that obliges you to make it clear to whomever needs to see any confidential information that the obligations flow down to those other parties.5
Response #6: Because the individual is performing as an employee of a party rather than as a party his/herself, we always refuse to have individuals sign as a party. Instead, we will agree to have the individual sign an acknowledgement of the confidentiality obligations that we, as employer, had agreed to as a party. Occasionally we add that our employees are subject to confidentiality obligations at least as rigorous as those under the proposed NDA.6
Response #7: I recently saw this on a non-IT related deal. I used the policy argument that not only is it not fair to hold an employee of ours personally liable for work their doing as an employee, but it is also not a practical solution. Other than getting injunctive relief against the employee (which they can equally - maybe more easily - get through pursuing the corporate entity), its highly unlikely they're going to get any more damages through the employee personally than they will through the corporate entity. If they're looking for an acknowledgement that the employee understands the obligations, it is reasonable to have some sort of acknowledgement or certification that the employee signs indicating they are aware of the NDA and will abide by it.7
Response #8: This is a common practice with the financial services industry. We service several major credit card issuers. All of our employees, regardless of on which client's portfolio they work, sign NDA's with us as a condition of employment. Some clients, in turn, require that any employees working their particular portfolio also sign individual NDAs. It has not presented any issues.8
Response #9: Does the NDA between the two companies (a) require that all employees and consultants receiving information be bound by agreements with terms at least as restrictive as the inter-company NDA, and (b) state that the receiving party will remain primarily liable for any unauthorized disclosure or use by such employees or consultants? If it doesn't, then amend it so it does. Then there is no longer any reason to ask, because you're agreeing that your employees can't get their information unless they've signed something as good, and they can just sue you if there's a problem. There is no reason to subject an employee to direct legal action by a customer.
The only, and I mean the only, time we've considered individual NDAs with a third party are for certain acquisition discussions that are subject to "clean team" procedures required under EU competition laws. We have done individual agreements with our own staff (not the third party) for some Really Sensitive Stuff where they agree they will follow any special procedures or policies notified to them by Ms. X, only use code names, and acknowledge that violation is grounds for discipline, up to and including termination. But that's just to put the fear in our own people.9
Response #10: I have done numerous NDAs in the Mergers & Acquisitions context (so a different circumstance). In that arena, I have regularly seen requests that each employee sign a NDA but have always successfully pushed back by 1) including in our NDA that we are responsible for breaches by our employees, 2) including an obligation that we inform employees regarding confidential nature of material and 3) demonstrating that our employees all have appropriate confidentiality agreements signed with us.
I believe it would be unusual to have your employee directly in privity with your customer and I would push back, for what it's worth. That being said, negotiations are always about leverage and I don't know where the leverage lies in your situation. If you really need this deal and have to end up doing it, you may need to create a special indemnity and defense agreement for your employee.10
Response #11: Similar to other responses, while we receive client requests, we decline any obligations to have individual employees sign NDAs in their personal capacity.
In the past, I did have a bad experience in which a client's in-house legal counsel made direct threats to our employees who were working on the client site regarding enforcing confidentiality obligations and naming those employees individually in a lawsuit. We do not want our employees to be personally liable for actions that they take within their scope of employment. It may cause unintended behaviors or potentially a difference in interests between the company and the employee.
During negotiations, we emphasize that the NDA by its terms: 1) restricts access to the information to employees who have need to know, 2) those employees executed and owe substantially similar confidentiality obligations to the company (their employer), and 3) the company is responsible for any breaches of confidentiality committed by the company's employees.
When we seek to understand what interest the client is attempting to address, the most common response is that our employees will have access to information that the client feels is competitively sensitive and unauthorized use of that information will harm the client's business. For example, product trade secrets or information regarding a potential Mergers & Acquisitions transaction.
Typically, we successfully negotiate and agree on a form of acknowledgement between the company and the individual employee (no privity between client and employee) in which the employee acknowledges the confidential nature of the client information and agrees it is subject to the confidentiality obligations owed by the Company to the client. This acknowledgement addresses the client's interest of obtaining awareness of the sensitive nature of the information and confirms the confidential treatment. The acknowledgement addresses our Company's interest of respecting our individual employees while in the scope of employment. We may also agree on client access to or client review of those acknowledgements to confirm compliance with this contract obligation.11
Response #12: I've seen this, too. I've always pushed back, and thankfully my employers have always backed up the legal department on this. I don't like the idea of the other side being able to harass one of my employees. If one of my employees messes up, the other side can come after my employer, but I don't want them coming after one of my employees directly. Besides, my employer (hopefully) has deeper pockets to make the other side whole.
The only time I've made (or more correctly, had to make) an exception to this rule has been with certain government agencies, where the employees will have access to classified or other information.12
1Response from: Margo Lynn Hablutzel, Assistant General Counsel, Lands' End, Inc. (7/14/2016)
2Anne Van Der Zwalmen, Vice President & European General Counsel, Avnet Europe Comm. VA (7/14/2016)
3Response from: Nimrod Hecht, Attorney, IBM (7/14/2016)
4Response from: John Jacobs, Managing Counsel, CIGNA (7/14/2016)
5Response from: Jacob Kojfman, Legal Director, Western Canada, CGI (7/14/2016)
6Response from: Robert H. Jordan, Assistant Chief Intellectual Property Counsel, 3M Company (7/14/2016)
7Response from: Amanda Kitzberger, Vice President, General Counsel, Secretary, Clopay Plastic Products, Inc (7/14/2016)
8Response from: Andrew Hall, Legal Compliance Officer & General Counsel, Estate Information Services, LLC (7/15/2016)
9Response from: Deborah Schwarzer, General Counsel, Aeris Communications, Inc. (7/14/2016)
10Response from: Isobel Jones, General Counsel (former), Diamond Foods (7/14/2016)
11Response from: Robert Malone, Associate General Counsel, North American Contracting, Accenture (7/15/2016)
12Response from: James Goepel, Vice President, General Counsel and Chief Technology Officer, ClearArmor Corporation (7/14/2016)
Region: United States
The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.
ACC