I received three boilerplate NDA’s today.
Each of them had a clause requiring me to delete all copies of “stuff” either upon request or at the end of the period. Two of three required me to not make copies.
This gives me had three impossible problems.
The smallest of the three is that there is no way can I actually determine what is confidential. There was no labeling requirement or usable criteria.
The medium size problem is that they plan to routinely send me confidential information by email. If I were to save an attachment in order to read it, my system would make a copy.
If I opened that copy to annotate it and send back the annotated version, my system would make several additional copies. At the most basic level, whenever my desktop mail client or my webmail browser shows me the message, it makes a copy from the server.
And all the intermediate servers that are used to get the messages between us make copies.
But the largest impossible problem is the one that really bothers me. I do system backups. I hope that everyone does. Those backups include my mailbox. Even if I saved the attachment to an external non-backed up disk that I would melt to slag at the end of work, I can’t delete every copy of the email message from the backups.
Unless I am going to get a separate email account and perhaps a separate machine for each of those three clients, how can I possibly hope to comply?