Personal Information

NDA

Personal Information

Excluded as Confidential Information

In view of the risk of potentially higher liability associated with handling personal data or personal information, the parties may simply exclude such information from being exchanged under an NDA. Instead, the parties may prefer to address issues relating to personal information through a separate agreement specifically dedicated to the use and protection of such information.

In the following exemplars, the parties expressly restrict or preclude the sharing of personal information via an NDA:

Exemplar N19-1

The Receiving Party shall not, nor shall it permit any of its employees, Affiliates, contractors, contingents, consultants, agents and service providers (including accountants and outside counsel) (collectively, “Representatives”) to, directly or indirectly reproduce, disclose, divulge, disseminate, publish, reveal, reverse engineer, or otherwise make known the Confidential Information to anyone who is not a party to this Agreement except to its Representatives on a need-to-know basis; provided that the Receiving Party must inform Representative of the requirements of this Agreement and obtain from such Representative his, her or its agreement to be bound thereby; and provided, further, that the Receiving Party may not disclose Confidential Information that is or includes personally identifiable information as defined by applicable privacy law (“Personal Information”) to Representatives other than employees without the Disclosing Party’s written consent. A Representative can be a discloser or receiver under this Agreement but is not a party to this Agreement. Neither the Receiving Party nor its Representatives may make any copies of or use any of the Confidential Information without the prior written consent of the Disclosing Party, except such copies and uses as are necessary to carry out the Purpose. The Receiving Party is responsible for compliance with this Agreement by any Representatives to whom the Receiving Party has disclosed Confidential Information.

Exemplar N19-2

As used in this Agreement, “Confidential Information” means any and all information provided to the receiving party (“Recipient”) from the disclosing party (“Discloser”) regardless of the medium in which such information is provided. Confidential Information includes the foregoing regardless of whether such information is specifically marked or identified as confidential. The parties acknowledge and agree that no nonpublic personal information as defined in 12 CFR § 1016.3(p) will be disclosed pursuant to this Agreement.

Included as Confidential Information

On the other hand, despite the inherent risks, the parties may need to disclose personal information in connection with a particular transaction or project. Accordingly, the parties can expressly agree to include personal information within the universe of protected information under an NDA, thereby making such information subject to the NDA’s non-disclosure/non-use obligations.

To that end, the following exemplar expressly excludes personal information (“Non-Public Personal Information”) from the universe of information exempted from an NDA’s non-disclosure/non-use obligations (“Excluded Information”), which essentially makes such personal information subject to the NDA obligations:

Exemplar N19-3

“Confidential Information" means, without limitation (i) any information or data, including Non-Public Personal Information, provided by Disclosing Party to Receiving Party in furtherance of a Transaction, and (ii) the fact that the Parties are engaged in and the content of discussions regarding the Transaction, excluding Excluded Information. For purposes of the foregoing, “Non-Public Personal Information” means nonpublic or personally identifiable information about employees or other individuals other than business contact information; and “Excluded Information” excludes Non-Public Personal Information but includes any other information or data which (i) is (or later becomes) available to the public through no breach of this Agreement, (ii) at the time of disclosure to Receiving Party was previously known or otherwise in the possession of Receiving Party without any obligation to hold it in confidence, (iii) is received from a third party free to disclose such information without restriction, or (iv) is independently developed by Receiving Party without use of the Disclosing Party’s Confidential Information, and (v) business contact information.

Alternatively, as shown in the following exemplar, the parties can make personal information subject to the NDA’s confidentiality obligations (by excluding personal information from the NDA’s enumerated classes of exempted information) unless the discloser has the authority to disclose such personal information:

Exemplar N19-4

The obligations of confidentiality in this Agreement shall not apply to any Confidential Information that:

(a) Is publicly known at the time of disclosure to the Receiving Party,

(b) Becomes public knowledge without breach of this Agreement by the Receiving Party,

(d) Is lawfully obtained without restriction by Receiving Party from a third party, and/or

(e) Is independently developed by the Receiving Party by employees of the Receiving Party who have not had access to the Confidential Information;

provided, however that these exceptions shall not apply to Personal Information unless the Receiving Party possesses and has the right to disclose any such Personal Information independently of its relationship with Disclosing Party and its Affiliates and Representatives.

Exempted as Confidential Information

Certain kinds of personal information may simply by definition fall outside the ambit of an NDA’s non-use/non-disclosure obligations because such information otherwise does not fall within the definition of “Confidentiality information,” which may particularly be true for personal information that has general applicability, is not specific to a client’s business, is not the claimed property of any party (including third parties), and/or is not otherwise a deliverable to either of the parties. Parties can also agree that personal information that is processed and presented in a form that does not disclose the identity of any specific person or other data subject falls outside the scope of the NDA. For example, information that is “anonymized,” aggregated, or otherwise rendered in such a way that the data subject is no longer identifiable is excluded from the NDA’s obligations:

Exemplar N19-5

Nothing contained herein shall restrict or impair Consultant’s right to use, disclose or otherwise deal with Personal Information which Consultant can show is aggregated and/or statistical data (excluding third-party licensed data) created or received by Consultant in the course of providing Services, provided that any such use does not disclose Client’s identity.

CC

Personal Information

NDA

Table of Contents: