Tell me more ×
Answers OnStartups is a question and answer site for entrepreneurs looking to start or run a new business. It's 100% free, no registration required.
up vote 2 down vote favorite
1

A potential client wanted to test my SaaS service which would be storing and analysing some of their confidential data. They asked me to sign a 5 year term NDA. I did not have my company set up at the time, and I signed it as an individual.

Now I have a company, but I no longer want to be personally liable if for any reason someone were to breach our security and gain access to this potential client's confidential information.

Is there a way to transfer this personal liability to my company? Is it possible to agree with this potential client to annul the original NDA and sign a new NDA that is between the two companies instead? Or am I stuck with this personal risk until the original NDA term runs out?

share|improve this question

4 Answers

up vote 5 down vote

Though possible the other party would need to be ok with transfering the liability and truth is they are better protected with you being on the hook rather than your company.

share|improve this answer
up vote 3 down vote

I don't think an NDA and a security breach resulting in compromised data is the same thing. What exactly does the NDA say?

I doubt that "transferring" the NDA to the company will put you out of the role - since you are the company and likely can be shown that you acted in a negligent manner, etc. I don't think negligence will be protected within a corporate entity.

share|improve this answer
1  
One key phrase is: "Each Party acknowledges that disclosure or use of Confidential Information in violation of the Agreement could cause irreparable harm to the other Party for which monetary damages may be difficult to ascertain or an inadequate remedy. Each Party therefore agrees that the other Party will have the right, in addition to its other rights and remedies, to seek and obtain injunctive relief or other equitable remedy for any breach of this Agreement." – james Sep 23 '10 at 21:38
I would have thought that a security breach could result in unintentional disclosure of confidential data. However I would not have said that a security breach is automatically a result of negligence. Companies put in place all manner of security mechanisms but no system is 100% unhackable. Are you saying that I am highly likely to be found negligent if there is a security breach? – james Sep 23 '10 at 21:47
I wouldn't characterize a security leak as a violation of the nda - if you protect their information with the same reasonable measures as your own confidential information i would not think that the NDA was violated. You are not "disclosing" - the intruder violated the law and that would be the responsible party. Again, if you took reasonable steps to safeguard their information but were the victim of theft or fraud that is not something I think you can be held liable for, – TimJ Sep 24 '10 at 1:54
up vote 0 down vote

Are they still a "potential" customer? or have they moved on? When they become a customer setup a new contract that supersedes all existing contracts and is between them and your company.

If they are not a customer (i.e. not paying money) then terminate the agreement, erase the data. And ask them if they want to buy it. I've wasted too much time on 'potential' customers over the years who want everything (including legal docs signed) but never spend any money. It sounds like this doc is a distraction and a worry to you, and it will distract from getting real customers.

BTW: 5 years is a bad idea. 1 year should be the maximum.

share|improve this answer
up vote 0 down vote

Just sign another one, between your company and the counterparty, and say in it, "The parties hereby agree that the [Nondisclosure Agreement], dated _, between [your name] and [other party's name], is hereby terminated."

Whether or not that eliminates all liability for you is another question- I don't have the full facts of the situation- but that would make you no longer a party to the NDA, but your company would be.

Whether or not the counterparty would go for this is also another question.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.