Hello lawyer types! Question for you re the wording of a “statement of agreement.”
A friend of mine works for a Wisconsin state agency. A vendor is trying to sell this agency some software, and is making some fairly outrageous claims as to the software’s capabilities. The state agency wants proof. The vendor says, sure, we can prove it, just give us 250,000 of your records, including Social Security numbers.
After my friend raised the privacy issue, the state freaked mildly about releasing the data, and the vendor agreed to sign a “statement of agreement” that it would not use the data for purposes other than proving its claims. My friend asked me for suggested wording. This is not legally going to be a contract as there will be no consideration given the state in return for the data.
My suggested wording was something to the effect of “Vendor agrees to use the data exclusively for the purpose of demonstrating its [name of software package] to the [department in question]. Vendor shall not use this data for any other purpose whatsoever under any circumstances. Vendor shall not sell, give, trade or otherwise transmit the data to any other person, entity, agency or state. If vendor violates this agreement, vendor agrees to pay the [department]…” and then set a huge penalty.
I also told her to be sure one or more of the department’s attorneys looked at it before any final draft is done. In general (and in specific if you know WI law), are such “statements of agreement” binding on the parties? Can one side build in penalties if the other side breaches? What do you think of this wording?
And the most important question: do I have a future drafting legal documents?
Iaal, but an Australian lawyer, so I don’t know much about WI law. I could have a guess at your problem but can I say this: I have no difficulty with helping out the occasional individual on these boards with general advice on a minor or theoretical or amusing legal issue.
You however are asking a question about how to word a specific agreement (a tricky and important one, at that) for a specific named purpose, on behalf of a government agency that has plenty of dough and resources to do it’s own legal research.
I draft “confidentiality agreements” all the time at work, and present them to other companies to sign before we will show them data on business opportunities. Your wording is in the ballpark - the data is only to be used for a defined purpose, it must be returned or destroyed on demand, they are liable for leaks or misuse of the data.
The problem is proving it when there is a leak. Even with a confidentiality agreement, we only deal with ethical companies with good reputations. If you think there’s been a violation of confidentiality provisions and try and hold the party liable, or impose a financial penalty as you suggest, you can be sure they will lawyer up and defend themselves and it’s up to you to prove the leak came from them. The more cynical say confidentiality agreements aren’t worth the paper they’re printed on, but they they do serve a purpose. As I said, if you’re dealing with an ethical organization who value their reputation, they will usually make best efforts to abide by any agreements they sign. It is very good to have a legal document detailing the terms and conditions under which you will reveal the confidential information so there are no misunderstandings.
Your state agency example is outside my experience. This isn’t a business situation. The state agency is entrusted with citizens’ confidential information and a confidentiality agreement isn’t going to cover their ass for revealing this to a private company. If that information has value you can never be sure it won’t be secretly trafficked and, like I said, it’s tough to prove who leaked it. Confidentiality agreement or not, the state agency will probably be ultimately liable for any leaks.
Are such “statements of agreement” binding on the parties? Generally, no.
Courts will generally not enforce agreements to agree. There are, of course, exceptions. If there is a machinery clause in the agreement (meaning, a third party will be appointed to arbitrate in the event of a failure to agree), then the court can enforce that clause.
In order for a court to enforce this agreement, it must be a contract, in which consideration is given on account of parties.
Why not avoid the issue altogether? Provide the data to the company with obfuscated or changed SSNs.
Assuming the data is in a database maintained by the state, I would make a duplicate copy of the data to be provided and then run an update query on that data to change fields as necessary. That’s a pretty trivial operation for any qualified DBA, and you could scramble or replace sensitive fields. Then the intentions or security of the company using the demo data is a moot point.