LUCHS.AT - Security - When the NSA turns on your NDA

A lot of businesses rely on non-disclosure agreements (NDAs) when forming relationships, hiring employees, collaborating with partners or undertake certain projects. Usually these agreements are formed between two parties, and they exclude access to information by any third parties. Everyone signing an NDA is required to take appropriate steps for safeguarding information. Enter PRISM, Stellar Wind and Tempora. Now third parties may have accessed sensitive information (hopefully not only) protected by NDAs. Are these NDAs still valid?

Almost all agreements are constructs that contain clauses in case the confidentiality is breached. The consequences range from fines up to termination of contracts. In turn this means that you should be definitely interested in the security of your communication and data storage - especially if you have no control over the infrastructure used. It's easy if your outsourced data storage is compromised. Eventually the company will inform its customers (again hopefully). Then you know and can react. Of course you still have to figure out what this means for the NDAs you have signed. Now consider the compromise involves only copying of communication and data. Plus no one is allowed to talk about it (probably due to stronger NDAs). As long as you don't notice, everything's fine. Or so you believe. Then news about compromised infrastructure hit the fan. What happens to your NDA?

Thinking about what infrastructure means to your legal obligations is time well worth. Do it today, and let experts help you to improve how you use infrastructure or even maintain some of your own (again?).