Negotiation Objectives
Permitted disclosures represent a tension between two legitimate interests: the disclosing party wants to minimize how their confidential information spreads, while the receiving party needs flexibility to operate normally without constantly risking breach.
If You Are the Disclosing Party
You want narrow, specific carve-outs with advance notice requirements and ongoing confidentiality obligations for any permitted recipients. You want to know before your information is disclosed and have a chance to seek protection.
If You Are the Receiving Party
You want broad flexibility to share information with anyone who needs it for legitimate business purposes. You do not want operational decisions delayed by notice-and-wait requirements for routine disclosures.
Essential Carve-Outs to Request
These carve-outs are standard and should be included in virtually every NDA. If any are missing, request them immediately.
-
Legal Process / Court Orders
Essential and non-negotiable. No NDA can override a valid court order or subpoena. Courts will not enforce a provision that requires a party to violate the law. Include notice requirements so the disclosing party can seek a protective order.
-
DTSA Whistleblower Immunity
Required by federal law for trade secret protection. Omitting this notice does not prevent whistleblowing - it only hurts the disclosing party by eliminating their ability to recover attorney's fees and exemplary damages in trade secret litigation.
-
Legal Counsel
Parties need to be able to obtain legal advice about the NDA itself and the contemplated transaction. Attorney-client privilege provides additional protection. This carve-out is nearly always accepted.
-
Employees with Need to Know
Receiving parties need to share information internally. The key negotiating point is the "need to know" requirement - disclosing parties should insist on this limitation, while receiving parties may seek broader "in connection with their duties" language.
-
Accountants and Financial Advisors
Important for due diligence, financial planning, and audits. Professional duties of confidentiality apply. Usually accepted, though disclosing parties may request that such advisors execute separate NDAs.
-
M&A and Financing Disclosures
Receiving parties who may seek acquisition or financing need this carve-out for due diligence. Disclosing parties often resist this as it could expose their information to competitors. Compromise: require prior written consent for specific transactions.
-
Affiliates and Subsidiaries
Large organizations often need to share information across corporate entities. The key issue is whether affiliates are automatically covered or must be specifically bound. Consider requiring that affiliates agree to the NDA terms.
Strategic Considerations
Notice Requirements: A Critical Battleground
The biggest negotiating point is usually notice requirements for compelled disclosures. Disclosing parties want maximum notice (10+ business days) to seek protective orders. Receiving parties want "prompt notice where legally permitted" to avoid procedural traps. A reasonable middle ground is 5 business days where permitted by law, with the disclosing party bearing costs of any protective order proceedings.
Flow-Down Obligations
When negotiating carve-outs for employees, contractors, and advisors, always address whether these recipients must be bound by equivalent confidentiality obligations. Disclosing parties should insist on written agreements; receiving parties may prefer to rely on professional duties or company policies.
Liability for Recipients
Consider who bears liability if a permitted recipient breaches. The receiving party should remain liable for their employees and contractors. For professional advisors, their own professional liability may apply. Clarify this in the agreement to avoid disputes.
Common Pitfalls to Avoid
-
Omitting DTSA Whistleblower Notice
This is surprisingly common in older NDA templates. Without the notice, you forfeit attorney's fees and exemplary damages in trade secret litigation - a significant penalty for a simple omission.
-
Impossible Notice Requirements
Requiring 30 days' notice before responding to a subpoena is unrealistic and may be unenforceable. Courts issue deadlines; NDAs cannot override them. Use "to the extent legally permitted" language.
-
Vague "Employees" Language
Allowing disclosure to all employees without a "need to know" requirement effectively gives the receiving party unlimited internal distribution rights. Always include purpose limitations.
-
Forgetting Contractors
Many businesses rely heavily on contractors who may need access to confidential information. If contractors are not included in permitted disclosures, routine business operations could constitute a breach.
Pre-Negotiation Checklist
- Identify all categories of people/entities who will need access to the confidential information
- Determine whether you anticipate any M&A, financing, or similar transactions during the NDA term
- Assess your organization's ability to comply with notice requirements (legal team availability, response time)
- Review your existing contractor and employee confidentiality agreements for compatibility
- Consider whether you are in a regulated industry requiring specific disclosure carve-outs
- Verify the NDA includes DTSA-compliant whistleblower immunity language