💬 Frequently Asked Questions

Permitted disclosures are authorized exceptions to the confidentiality obligations. They specify when and to whom confidential information can be shared without breaching the NDA.

Common categories include:

  • Legal compulsion: Court orders, subpoenas, regulatory requirements
  • Personnel: Employees, directors, officers with a need to know
  • Advisors: Lawyers, accountants, investment bankers, consultants
  • Affiliates: Parent companies, subsidiaries, joint venture partners
  • Potential transactions: Acquirers, investors, lenders (with additional confidentiality)

Without clear permitted disclosures, routine business operations could technically violate the NDA. You need to share information with your team and advisors to evaluate and act on it.

Yes, typically, but subject to important conditions:

Standard requirements:

  • Need to know: Only employees who genuinely need the information for the permitted purpose
  • Bound by confidentiality: Employees must be under confidentiality obligations at least as protective as the NDA
  • Responsibility: You remain responsible for employee compliance

Practical considerations:

  • Most employment agreements include confidentiality provisions that satisfy this requirement
  • Consider whether specific project teams should sign additional acknowledgments
  • Train employees on what information is confidential and how to handle it
  • Limit distribution to minimize risk exposure
Best Practice
Create a distribution list for each confidential project. Track who received what information. This helps prove you met the "need to know" requirement if questions arise later.

You cannot directly control another company's employees, but your NDA should include protective provisions:

Essential protections:

  • Responsibility clause: Receiving party is responsible for employee breaches
  • Binding obligation: Employees must be bound by equivalent confidentiality terms
  • Need-to-know limitation: Only employees who need the information for the purpose
  • Notice of breach: Receiving party must notify you of any employee violations

Enhanced protections for sensitive information:

  • Individual acknowledgment forms signed by each employee with access
  • Named list of authorized personnel that you can approve
  • Audit rights to verify access controls
  • Training requirements for employees handling your information
Related Clauses
Receiving Party Obligations

Yes, professional advisors are typically permitted recipients, but verify your specific NDA. Most NDAs allow disclosure to:

  • Legal counsel (in-house and outside)
  • Accountants and auditors
  • Financial advisors and investment bankers
  • Tax advisors

Common conditions:

  • Advisors must be bound by professional or contractual confidentiality obligations
  • Disclosure must be for purposes related to the NDA's purpose
  • You remain responsible for advisor compliance

Good news: Lawyers and accountants are already bound by professional ethics rules requiring confidentiality. This usually satisfies the NDA's requirements without a separate agreement.

Watch Out For
Some NDAs require prior written consent for any third-party disclosure, even to advisors. Read the clause carefully. If it says "may disclose to advisors," you are covered. If it says "shall not disclose to any third party except with consent," you may need permission.

Legal compulsion is a standard permitted disclosure, but the NDA typically requires you to follow specific procedures:

Typical required steps:

  1. Prompt notice: Notify the disclosing party immediately (or as soon as legally permitted)
  2. Opportunity to contest: Give them reasonable opportunity to seek a protective order or quash the subpoena
  3. Cooperation: Assist with efforts to obtain protective treatment
  4. Minimum disclosure: Disclose only what is legally required
  5. Seek protection: Request confidential treatment from the court or agency

Critical timing issue: Some legal processes prohibit you from notifying the other party (e.g., certain grand jury subpoenas, national security letters). Your NDA should have a carve-out for situations where notice is legally prohibited.

Important
Do not ignore these procedures. Even though you are legally compelled to produce information, failing to notify the disclosing party or attempting to limit disclosure could still be a breach of your contractual obligations.

Balance practical reality against your need to protect information:

Common notice periods:

  • "Prompt" or "reasonable": Flexible, allows for urgent situations (most common)
  • Specific days (e.g., 5-10 business days): Gives you clear time to act, but may be impossible in fast-moving legal situations
  • "As early as practicable": Balances urgency with your interests

Practical reality:

  • Subpoena response deadlines are often short (10-14 days for document subpoenas)
  • Court orders may be immediately effective
  • Some situations legally prohibit advance notice
  • The receiving party cannot be in contempt of court to comply with your NDA

Recommended language: "The Receiving Party shall provide notice as soon as reasonably practicable, and in any event sufficiently in advance of any required disclosure to permit the Disclosing Party to seek a protective order or other appropriate remedy."

This depends entirely on your NDA's language. Affiliates are NOT automatically included as permitted recipients.

Check your NDA for:

  • Definition of "Receiving Party" - does it include affiliates?
  • Explicit permission to share with "affiliates" or "related entities"
  • Requirements for affiliate disclosures (separate agreements, guarantee of obligations)

If affiliates are permitted:

  • They are usually subject to the same restrictions as you
  • You typically remain responsible for their compliance
  • The parent company may need to guarantee performance

If the NDA is silent: Affiliates are NOT permitted recipients. Request an amendment if you need to share information with corporate family members.

Corporate Structure Matters
A subsidiary is a separate legal entity from its parent. Even if you share a CEO and office, legally you are different parties. Do not assume information can flow freely within a corporate family without NDA authorization.

This is a business decision that depends on your relationship and risk tolerance. Consider:

Reasons to allow:

  • Receiving party may need to share during their own fundraising or M&A process
  • Refusing may be a deal-breaker for the relationship
  • Can be structured with protective conditions

Reasons to resist:

  • You lose control over who sees your information
  • Potential acquirers may include your competitors
  • Creates additional breach exposure points

Protective conditions if you allow:

  • Prior written notice to you (not necessarily consent)
  • Third party must sign confidentiality agreement with equivalent terms
  • Right to require a direct NDA with the third party
  • Exclusion of competitors from the permission
  • Limitation to bona fide transactions (not fishing expeditions)

Federal and state laws protect individuals who report suspected illegal activity to government authorities. NDAs cannot override these protections.

Key federal protections:

  • Defend Trade Secrets Act (DTSA): Immunity for disclosures to government officials or attorneys for reporting suspected violations of law
  • SEC Whistleblower Program: Protection for reporting securities violations
  • DOJ/FTC Programs: Protection for antitrust violation reports
  • SOX and Dodd-Frank: Corporate fraud reporting protections

Why include in NDAs:

  • Required for trade secret enforcement under DTSA
  • Avoids claims that NDA was used to obstruct justice
  • Provides clarity about what is and is not permitted

Required DTSA notice language (or reference to policy containing it):

"An individual shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that is made in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney, solely for the purpose of reporting or investigating a suspected violation of law."

Maybe, but contractors require more scrutiny than employees. Check your NDA for whether "Representatives" includes contractors.

Typical requirements for contractor disclosure:

  • Contractor must have a genuine need to know
  • Contractor must sign a confidentiality agreement with equivalent terms
  • You remain responsible for contractor compliance
  • Some NDAs require prior approval for contractor disclosures

Special considerations:

  • Offshore contractors: May trigger export control issues for certain technical data
  • Competitors' former employees: May create conflicts or raise suspicion
  • Temporary workers: Ensure their confidentiality agreements are current
Common Mistake
Many businesses share confidential information with contractors who have signed the company's standard contractor agreement, assuming it covers NDA information. Review your contractor agreements to ensure they meet the NDA's requirements for equivalent protection.

Prior consent requirements provide maximum control but create practical problems:

Advantages:

  • You know exactly who has access to your information
  • Ability to veto disclosures to concerning parties
  • Creates documentation trail

Disadvantages:

  • Receiving party may reject the NDA as unworkable
  • Creates operational burden on both parties
  • Delays can harm the business relationship
  • May be ignored in practice, undermining the NDA

Balanced approach:

  • Prior notice (not consent) for most disclosures
  • Prior consent only for sensitive categories (competitors, foreign entities)
  • Pre-approved categories (lawyers, accountants, named employees)
  • Consent not to be unreasonably withheld

Regulatory disclosures fall into the "legal compulsion" category but have unique considerations:

Common regulatory scenarios:

  • SEC filings and requests
  • FDA submissions for drug/device approvals
  • Antitrust/competition authority reviews
  • Environmental agency reports
  • Financial regulator examinations

Important distinctions:

  • Mandatory disclosures: Required by law - clearly permitted
  • Voluntary disclosures: May require disclosing party consent
  • Proactive filings: Information you choose to include in filings - may need consent

Protective measures:

  • Request confidential treatment from the agency
  • Limit disclosure to what is strictly required
  • Notify disclosing party of agency requests when permitted
  • Coordinate on claims of privilege or exemption

Directors are typically permitted recipients, but confirm your NDA covers them:

Standard language includes:

  • "officers, directors, and employees"
  • "Representatives" (often defined to include directors)
  • "those with a need to know for the Purpose"

Director-specific considerations:

  • Fiduciary duties: Directors may have obligations that require disclosure to fulfill their duties
  • Outside directors: May serve on competitor boards - potential conflict
  • Confidentiality agreements: Directors should have confidentiality obligations to the company
  • Board materials: Information in board decks becomes widely distributed

Best practice: Brief board members on confidentiality requirements. Mark board materials as confidential. Remind them not to share with other companies they advise.

Investors present unique challenges because they may include competitors or have relationships with them:

Protective conditions to require:

  • Investor confidentiality: Investor must be bound by confidentiality (LP agreements typically include this)
  • No competitors: Exclude investors who own competing businesses
  • Limited scope: Summary information only, not detailed technical data
  • Prior notice: Receiving party must notify you before investor disclosure

Consider tiered disclosure:

  • Tier 1: High-level summary can be shared with all investors
  • Tier 2: Detailed information requires your prior approval
  • Tier 3: Trade secrets/source code not shared with investors at all
VC Reality
Venture capital firms often invest in multiple companies in the same sector. Your confidential information could theoretically help their portfolio competitor. Explicitly address competitive conflicts in your permitted disclosures clause.

Disclosure to an unauthorized person is a breach of the NDA. Consequences depend on the nature and severity:

Potential consequences:

  • Damages claim for any harm caused
  • Injunctive relief to prevent further disclosure
  • Termination of the underlying business relationship
  • Indemnification obligations for third-party claims
  • Reputational damage

Mitigation steps if breach occurs:

  1. Immediately notify the disclosing party
  2. Attempt to recover or destroy disclosed information
  3. Obtain confidentiality agreement from the recipient if possible
  4. Document all remediation efforts
  5. Assess whether further disclosure occurred

Practical reality: Minor inadvertent disclosures to clearly trustworthy recipients (e.g., a staff member not on the approved list) may not result in claims if promptly corrected. But do not rely on this - follow the rules.