Non-Disclosure Agreements In Hiring

I am curious… Last week, our team spent time in a workshop with a potential partner. During the session, someone used ChatGPT to summarise our ideas in real time and make suggestions for improvement. It sparked great discussion, but it also raised an awkward question. For the AI to generate meaningful suggestions, it needed the context we had just shared, including technical details, strategic direction, and confidential roadmap items. Later, in a conversation with a legal advisor, we realised our NDAs did not explicitly cover this. They were written for a time when “sharing” meant emailing a document or handing over a printout, not pasting confidential information into a model you do not control. We ended up updating our docs to include an AI-specific clause: No Confidential Information may be uploaded to, processed by, or disclosed to any publicly available AI/ML system, model, or dataset without prior written consent. Apparently, this is starting to appear in some contracts as legal teams and AI law specialists are recommending clauses that: - Ban feeding confidential data into public models without written consent. - Require proof that approved tools will not train on the data. - Bind contractors and sub processors to the same rules. Some even provide model language allowing AI use only with “commercially reasonable assurances” the model will not train on the information and is isolated from other customers. Has anyone else encountered this or started updating their own NDAs and agreements? #AIGovernance #DataPrivacy #LegalTech #AICompliance #Contracts

Most companies get this wrong: NDA ≠ DPA. I still see organisations trying to “solve privacy” by inserting one confidentiality clause into a vendor NDA — and assuming they are compliant. BUT, they aren't. ✔️ An NDA protects business secrecy. ✔️ A DPA governs lawful processing of personal data. The distinction is not academic — it determines: 👉 Whether your processing is lawful at all 👉 Whether your vendor relationship is compliant under DPDP / GDPR 👉 Whether you are exposed to regulatory penalties even without a breach I’ve uploaded a short comparison note that breaks down: → When an NDA is enough → When a DPA is legally mandatory → Why can one not substitute the other → What legal, operational, and regulatory risks each one addresses If you are: • An in-house counsel reviewing vendor contracts • A DPO or privacy consultant designing compliance frameworks • A founder outsourcing data processing • Or a lawyer advising on tech/data matters This distinction will materially change how you draft, review, and negotiate contracts. 📄 See the document for the complete comparison. If you’ve ever seen NDAs used as a “privacy workaround, I’d be interested to hear how you’ve handled that in practice.

Can we stop normalizing this? 🚫 Employers asking for Social Security Numbers and other sensitive personal information during the application stage. Job seekers should not be required to hand over their SSN, date of birth, or other vital identifiers just to apply for a job. Unless you're making an offer or running a background check post-interview, there is no justifiable reason to request this information upfront. This practice: 🔒 Poses a serious identity theft risk ⚠️ Erodes trust between candidates and companies 🛑 Creates unnecessary barriers in an already broken job market If you need to verify identity for a background check — fine. Do it after you’ve made a conditional offer. That’s how legitimate, secure, and respectful hiring works. Let’s protect people’s data. Let’s fix the process. Job seekers deserve better. #HiringPractices #DataPrivacy #RecruitmentEthics #JobSearch #IdentityProtection #HRStandards #CyberSecurity #JobSeekersRights #RespectTheProcess

The candidate hadn’t resigned. The offer wasn’t made. But his current employer already knew he was trying to leave. An employer had already made up his mind. Interview done. Team aligned. Offer draft in progress. Everything looked set. Then, out of enthusiasm, he did a reference check - not discreetly, not professionally, but directly with someone from the candidate’s current workplace. Without informing the candidate. Without an offer being rolled out. Without acceptance. By evening, the candidate called me. His voice had changed. “My office knows. I haven’t even resigned yet.” That’s when the reality hit. Reference checks are not the problem. Overstepping is. There’s a world of difference between verifying credibility and exposing someone’s intent to leave. Until an offer is made and accepted, a candidate’s job search is not public information. It’s trust. And trust, once broken, creates damage far beyond one role. The employer lost a good candidate that day. Not because of compensation. Not because of role clarity. But because a simple professional boundary was crossed. Hiring is not just about choosing talent. It’s also about protecting the person while you choose them.

Medical Cannabis: Marrying Collaboration with Confidentiality The landscape of the medical cannabis industry offers a myriad of opportunities and challenges. On one hand, collaboration is key to drive patient-centric advancements; on the other, businesses must protect their proprietary assets to ensure sustainable growth. Striking this balance is a nuanced endeavour. The Imperative of Confidentiality: Protecting sensitive information isn’t merely about maintaining a competitive edge. It's about: Business Integrity: Proprietary methodologies, research, and unique product formulations drive differentiation and innovation in the marketplace. Investor Trust: Stakeholders and investors place their trust in a company’s ability to safeguard business assets. Maintaining confidentiality is essential to uphold this trust and ensure continuous financial backing. Regulatory Adherence: The industry is governed by strict regulations. Companies often possess data, such as patient information or clinical trial details, that mandate strict confidentiality to comply with laws and protect patients. Collaboration's Constructive Canvas: While protecting internal assets is crucial, the industry's growth thrives on collaborative ventures. These partnerships can pave the way for shared research, standardized practices, and joint advocacy efforts. Merging the Dual Paths: Non-Disclosure Agreements (NDAs): Employing NDAs allows companies to discuss potential collaborations without fear of unwarranted disclosures. It legally binds parties to confidentiality, ensuring business secrets remain secure. Defined Collaboration Boundaries: Establishing clearly delineated boundaries ensures that while companies work together on shared goals, each entity's sensitive data remains protected. Secure Collaboration Platforms: Leveraging technology that provides encrypted, compliant platforms for collaboration ensures data integrity while allowing collective efforts to flourish. Strategic Joint Ventures: Establish partnerships where shared resources and innovations drive mutual growth, yet each entity's core proprietary assets remain distinct and protected. In the heart of the medical cannabis industry lies a profound responsibility: to advance patient care while ensuring business viability. To truly flourish, we must foster an environment where collaboration and confidentiality coexist, not compete. As leaders, our challenge is to navigate this delicate balance, ensuring that while we advocate for a brighter, unified future, the bedrock of our individual business identities remains unshaken. In the end, our legacy will be defined not just by our ability to drive collective growth, but also by our commitment to protect the foundations that make such growth possible. #MedicalCannabis #StrategicCollaboration #BusinessConfidentiality #cannabismedicinal #cannabisindustry #cannabisbusiness #collaboration #confidentiality #patientcare #patientcentric #research

Today, a recruiter invited me to a call about a potential role I was very interested in learning more about. But, less than an hour before the meeting, I received a sudden calendar update: “Fred from Fireflies will join to record and transcribe the conversation.” - No prior request for consent. - No explanation of how the recording would be stored. - No clear details on how my data might be used. What should have been a straightforward conversation instantly shifted into a scramble to protect my privacy (voice, image, and data). Recording an interview, without clear, advance permission, erodes trust before the first question is even asked. Consent is a deliberate agreement that lets everyone show up prepared and comfortable. This is an ethical issue. No doubt, an AI note-taker could be valuable to this recruiter. But, they also raise questions about data retention, confidentiality, and intellectual property. A candidate discussing career history, research, or sensitive client details deserves to know exactly how those records will be used and who will have access. If you truly aim to build an inclusive hiring process, plan for ethical recording practices from the first email. - State your intentions. - Outline how the file will be stored and data retention policies. - Offer alternative accommodations. - Secure explicit consent well before the call. Anything less feels like surveillance disguised as efficiency. How are you making sure your use of AI tools in interviews respects privacy, consent, and accessibility? *Note, I am fortunate to be able to walk away from situations that violate my privacy, and I did exactly that in this case. I recognize that many candidates cannot afford to decline and must navigate similar scenarios without the option to stay no. If you are in that position, I see you and stand with you. #CyberSecurity #DataPrivacy #Consent

A few months ago, I was reviewing an NDA for a tech startup founder. He told me, “It’s just a standard contract, everyone signs this.” But within a few minutes of reading, I found a clause that said: “All intellectual property created during the term shall belong to the receiving party.” That one line meant he’d lose ownership of every product his company built. We negotiated it out, redrafted the agreement, and safeguarded his IP. After the call, he told me "I didn’t realise a single sentence could have cost me my entire business." In my 4.5 years of legal freelancing, specially in contracts, this one experience reaffirmed something I’ve always believed in. People think legal work is about endless paperwork, but the day they lose their prized possession, be it intellectual property or physical property, is when they realize that a protection measure is always necessary. Protect your innovation before it's too late.

I always LOVE getting guidance from regulators...this time it comes from the Commission d’accès à l’information du Québec (CAI)! 🎉 The CAI has shared new guidelines on what personal information #employers can collect during #recruitment. Here's the scoop: Recruitment: *Employers can't just collect any PI they want, even if candidates provide consent. 🚫 *Recruiters should ask, "Do we really need this PI to evaluate the application?" 🤔 *At this stage, you can ask for the following: name, phone number, email, academic details, professional achievements, skills, and interests. 📋 *Keep application forms simple and avoid asking for too much. Consider different forms for different positions ✍️ *Don't ask for references before the interview. 🛑 *These apply to the employer (direct recruiter) and third-party recruitment agencies. Interview: *You can check ID but you can't make a copy. 🆔 *Avoid questions about age, gender, religion, ethnic origin, marital status, pregnancy, sexual orientation, etc., unless it's crucial for the job. ❌ *#Psychometric tests should be valid and job-related. Protect this info and only use it if necessary! 🧠 Artificial Intelligence: *Let candidates know if #AI is used to sort applications or assess them. 🤖 *Ensure staff using AI are trained and know its limits. 📚 *Give candidates a chance to review AI-based decisions. 📝 *Do a Privacy Impact Assessment (#PIA) before using AI. 🔍 *Don't use AI to assess emotional or psychological states during video interviews. 🎥 Background Check: *#Criminal background checks must be job-related and need explicit consent. 🕵️♂️ *Don't keep copies of criminal records if the offence isn't related to the job. 🗑️ Hiring: *Now you can collect necessary PI like date of birth, social insurance numbers, address, bank info, and a photo for benefits, pay, and other employment-related activities. 🏦 *Remember to #delete or anonymize the data of unsuccessful candidates when you no longer need it or as per legal requirements. 🗂️ Plus, the CAI has given strict guidance on collecting employee #biometrics for identity verification. 🛡️

"I Don’t Need an NDA, I Trust Them!" – The Costly Mistake Founders Must Avoid 🚨 As founders, we often build businesses on relationships and trust. But sometimes, that trust can backfire—badly. Here’s a case study that serves as a wake-up call: A small tech startup, 𝐈𝐧𝐧𝐨𝐯𝐚𝐭𝐞𝐗, partnered with a freelance developer to create an innovative app that was expected to disrupt their industry. The founder trusted the developer completely and didn’t bother signing a Non-Disclosure Agreement (NDA). Months later, while pitching the app to investors, the founder discovered something shocking: -The developer had 𝐬𝐡𝐚𝐫𝐞𝐝 𝐭𝐡𝐞 𝐚𝐩𝐩’𝐬 𝐜𝐨𝐧𝐜𝐞𝐩𝐭 𝐚𝐧𝐝 𝐜𝐨𝐝𝐞 with a competitor. -That competitor launched a 𝐧𝐞𝐚𝐫𝐥𝐲 𝐢𝐝𝐞𝐧𝐭𝐢𝐜𝐚𝐥 𝐚𝐩𝐩 just weeks before InnovateX’s release. -Since the competitor had a 𝐬𝐭𝐫𝐨𝐧𝐠𝐞𝐫 𝐦𝐚𝐫𝐤𝐞𝐭 𝐩𝐫𝐞𝐬𝐞𝐧𝐜𝐞, InnovateX struggled to gain traction and eventually shut down due to lack of funding. All of this could have been avoided with a simple NDA. 3 𝐋𝐞𝐠𝐚𝐥 𝐋𝐞𝐬𝐬𝐨𝐧𝐬 𝐄𝐯𝐞𝐫𝐲 𝐅𝐨𝐮𝐧𝐝𝐞𝐫 𝐌𝐮𝐬𝐭 𝐋𝐞𝐚𝐫𝐧! 1️⃣ 𝐀𝐧 𝐍𝐃𝐀 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐬 𝐈𝐧𝐭𝐞𝐥𝐥𝐞𝐜𝐭𝐮𝐚𝐥 𝐏𝐫𝐨𝐩𝐞𝐫𝐭𝐲 (𝐈𝐏): Your ideas, designs, and business plans are assets. An NDA legally binds parties to keep this information confidential, reducing the risk of theft or misuse. 2️⃣ 𝐓𝐫𝐮𝐬𝐭 𝐢𝐬 𝐆𝐨𝐨𝐝, 𝐁𝐮𝐭 𝐏𝐫𝐨𝐨𝐟 𝐢𝐬 𝐁𝐞𝐭𝐭𝐞𝐫: Even when working with friends, partners, or trusted freelancers, legal agreements are essential. It’s not about distrust; it’s about safeguarding your business. 3️⃣ 𝐏𝐫𝐞𝐯𝐞𝐧𝐭𝐢𝐨𝐧 𝐢𝐬 𝐂𝐡𝐞𝐚𝐩𝐞𝐫 𝐓𝐡𝐚𝐧 𝐋𝐞𝐠𝐚𝐥 𝐁𝐚𝐭𝐭𝐥𝐞𝐬: Without an NDA, you may face lengthy and expensive legal disputes if your IP is stolen. A simple NDA upfront can save you from this headache and financial loss. At Dastawezz, we make legal solutions easy and accessible for founders like you. From drafting NDAs to comprehensive legal support, we’ve got you covered. 👉 𝐏𝐫𝐨𝐭𝐞𝐜𝐭 𝐲𝐨𝐮𝐫 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬, 𝐩𝐫𝐨𝐭𝐞𝐜𝐭 𝐲𝐨𝐮𝐫 𝐢𝐝𝐞𝐚𝐬. #legal #legalservices #legaldocuments #legalconsultation

Incorporating Data Privacy Clauses in NDAs 🔐 As someone deeply involved in data protection, I have seen firsthand how critical it is to protect sensitive information in our collaborations. In today’s landscape, integrating robust data privacy clauses into Non-Disclosure Agreements (NDAs) is no longer optional—it's essential. Why This Matters: 1. Regulatory Compliance: With regulations like GDPR and CCPA shaping our practices, we must ensure our NDAs reflect these legal requirements. I've witnessed the repercussions of non-compliance, and it's not something any organization can afford. 2. Data Classification: Clearly defining what sensitive data looks like is crucial. For example, specifying categories like PII or financial data helps everyone understand what’s at stake. 3. Access Controls: Establishing who can access sensitive information—and under what conditions—helps uphold the principle of least privilege. I’ve found that clarity here builds trust among all parties involved. 4. Breach Notification: It’s vital to have a breach notification protocol outlined in the NDA. Knowing how to respond swiftly can make all the difference in minimizing damage. 5. Data Transfer: In our globalized world, addressing cross-border data transfers in NDAs ensures we remain compliant with international standards. By embedding these technical aspects into our NDAs, we reinforce our commitment to data integrity and privacy. It’s not just about legal compliance; it’s about cultivating trust in every partnership. Let’s prioritize data privacy in our agreements and foster a culture of accountability in our industry. #DataPrivacy #NDA #LegalCompliance #DataSecurity #RiskManagement #cybersecurity #dataprotection