
Please, No More NDAs - bradleyjoyce
http://squeejee.com/blog/2010/02/19/please-no-more-ndas/
======
tptacek
This post, in various guises, pops up about once a month. 'grellas had a solid
response last month, and it'll stand us in good stead here too:

<http://news.ycombinator.com/item?id=1050457>

What I read, when I read posts like this between the lines, is that the author
doesn't spend much time working with large companies. Small web startups, even
if funded, might let an NDA go. Practically no company with in-house counsel
--- that is, no company with more than a couple hundred employees --- will
show any flexibility on this; they're often legally obligated to have you sign
one.

~~~
anamax
> that is, no company with more than a couple hundred employees --- will show
> any flexibility on this; they're often legally obligated to have you sign
> one.

What law(s) obligates them and why doesn't it/they apply to smaller companies?

Yes, many companies have agreements with third parties regarding the
proprietary information of said third parties. If you're talking about more
than that, please explain.

~~~
tptacek
No law requires a company with 200 employees to have in-house counsel.

Companies with 200+ employees will tend to be negotiating several contracts
per week. In-house counsel saves them money.

When you're negotiating with a smaller company that's round-tripping with an
outside firm for every redline to every contract, there's always a chance that
one side or the other will say "fuck it" and sign, because legal drama is
getting out of hand.

When you're negotiating with a firm with in-house counsel, there is virtually
no chance that anyone without a board seat can say "fuck it" to legal.

~~~
anamax
I know how lawyers behave and how companies of different sizes use them.

However, I asked a different question, namely, what's legal obligation
referenced in "they're often legally obligated to have you sign one."

~~~
tptacek
Because they themselves are bound by confidentiality rules, either by contract
or by regulation (HIPAA, etc), and the NDA is part of the due care they have
to take to ensure employees and contractors can't violate those rules.

It's been a little while, so now I'm wondering: what are we debating here?
Clearly, large companies will demand NDAs, and clearly they are unlikely to
back down for a 5 person web shop.

~~~
anamax
> what are we debating here? Clearly, large companies will demand NDAs, and
> clearly they are unlikely to back down for a 5 person web shop.

We're not debating anything.

I'm trying to find out how the presence of in-house counsel and/or a couple of
hundred employees is relevant to a legal obligation. Yes, legal obligations
come from contracts and laws and company size leads to inflexible behavior,
but that wasn't the original statement. I've quoted it below.

"Practically no company with in-house counsel --- that is, no company with
more than a couple hundred employees --- will show any flexibility on this;
they're often legally obligated to have you sign one."

~~~
tptacek
I hope you feel like I've responded to your original question:

(a) At some threshold size it becomes more cost-effective to keep legal in-
house

(b) That's because you'll be handling so many contracts for vendors,
customers, and service providers that the round trips to an outside firm will
become intolerable

(c) Once you have legal in-house, they're going to set the standard for
contractor legal relationships

(d) Legal will have zero incentive to show flexibility about those standards;
any laxity is pure downside risk for them

(e) The effect is amplified here by the fact that legal spends more time on
relationships with comparatively large legal risks, and couldn't care less
about a 5 person web shop

(f) In many cases, legal is right, because giving an outside firm enough
access to get work done exposes them to regulated information

(g) Even if it's unreasonable to presume that a 5 person web shop is going to
facilitate a vast (say) HIPAA violation, for instance by accidentally printing
and mailing tens of thousands of customer notices on paper used to print
patient health records (note: actually happened), it's also unreasonable for
there to be no contractual notice and protection for such an event happening

As usual, 'grellas has the better example. Here's a refined version of it:
virtually all my clients are confidential. If you came to my office, there's a
nonzero chance you'd learn one of them (we take steps, but it's hard to be
perfect about it in person, when you're on the phone with them or their apps
are on your monitor). What keeps you from tweeting what you learn?

------
adriand
Like everything in life, there are always exceptions. I generally won't sign
NDAs either but I gave the green light to signing one today in a case where
our potential client is abandoning their dev team due to failed promises,
technical issues, and a timeline that has kept getting longer and longer. This
client wants me to review the application as it stands now to determine its
quality and figure out what needs to be done to fix it.

In this case I was okay with signing an NDA that was solely restricted to the
data residing in their existing database, and I added in a clause that
specifically excluded source code, design, technological processes, etc., from
the NDA. To me, it's not unreasonable for someone to ask for an NDA to prevent
the disclosure of data such as contact lists, email addresses, login names,
and other private details.

I won't sign NDAs that cover ideas or anything technological, but these kinds
of NDAs are just due diligence on the part of clients, in my opinion.

------
steveklabnik
"no deal, amatuer" - unknown.

