This guide is based on UK law. It was last updated in April 2008.
Confidential information can be the most valuable asset of a business. A competitive edge in the marketplace may rely on a business having certain information which its competitors do not. However, unlike more tangible assets, the law may not automatically prevent others from taking or using valuable information.
When will confidential information be protected?
Except where it qualifies for intellectual property rights (IPRs) protection (e.g. copyright, database rights, patents etc), information will usually only be protected as a business asset if it is kept confidential. Confidential information can relate to any subject matter and be stored in any form (whether hard copy, electronic or even stored in people's minds). Examples of confidential information include a new product design, a marketing strategy and software code.
Even if information does attract IPRs protection (by satisfying certain legal criteria relating to its form and substance), it is worth noting that IPRs have their limitations and, in particular, may not always prevent competitors from using valuable ideas within IPRs protected information. Consequently, it is often inappropriate to solely rely on IPRs for protection and a better strategy may be to maintain the secrecy of that information.
How can confidential information be used but still protected?
Confidential information is often only valuable if it can be used. Such use of information will invariably involve, (a) storage of the information in an accessible form; and (b) its disclosure to others. Storage and disclosure should be carried out in circumstances which physically protects the information and allows it to maintain its status as protected confidential information.
Storing the secrets
Confidential information can be stored by businesses in a variety of ways, e.g. filing cabinets, PC hard drives and in people's minds. Security measures appropriate to the method of storage and relative value of the information should be put in place. There are particular problems associated with protecting information stored on a computer network or accessible via an internet link which should be addressed – see our guide on Security Aspects of E-business.
Sharing the secrets
Confidential information may be disclosed when discussing business proposals with clients, using employees to carry out work, engaging third party contractors and communicating business information to suppliers. This disclosure may take place face-to-face, over the telephone, by fax, by email or over the internet. Again, you should consider the method of disclosure and assess what measures you can take to ensure the information remains confidential.
One way of maintaining the secrecy of information is by imposing specific confidentiality obligations on its intended recipients. These obligations can be set out in confidentiality letters/agreements and notices (on documents, faxes, emails, etc.). It is crucial that you impose these obligations before disclosing the confidential information. Such obligations should be clear and appropriate to the information concerned and the purposes for which it is to be used. With respect to particularly valuable information, express prior agreement to such obligations by the intended recipient is essential (e.g. by the return of a signed confidentiality letter).
Employees and confidential information
Employees automatically have duties to their employers to not knowingly misuse or wrongfully disclose their employer's confidential information. These obligations are also often expressly confirmed in their employment contracts. If these employees leave a business, the business is less well protected. The courts will generally only protect the more important trade secrets of a business and will be reluctant to restrict ex-employees from subsequently using less critical information. To increase the chances of being able to restrict use of confidential information by ex-employees, it is important that a business can show that, (a) the ex-employees knew that the information concerned was highly confidential; and (b) appropriate measures were taken to protect the information.
Over-reliance on confidentiality agreements
While confidentiality agreements and express confidentiality obligations in employment contracts are useful tools in protecting information, they should not be over-relied upon. Such agreements may allow damages claims in the event of wrongful use or disclosure of confidential information. However, such compensation may be too little too late if the knowledge underpinning a competitive advantage has been disclosed to competitors. Furthermore, it is often difficult to trace the source of a confidential information 'leak'. The golden rule is that information should be kept secure on a day to day basis and only be disclosed to employees, contractors etc where it is necessary in the circumstances.
- Identify the confidential information within your business and where possible mark it as such.
- Ensure that your company has a confidentiality policy and that employees are made aware of it.
- Do not store confidential information where it is easily accessible by unauthorised persons.
- Make sure communication of your confidential information is by secure means.
- Ensure that recipients of confidential information know that it should be treated as such and wherever possible impose express confidentiality obligations.
- Only disclose confidential information to employees or third parties where reasonably necessary.
You can download a 'fill-in-the-blanks' style of confidentiality letter from OUT-LAW. See the choice of letters in our Confidentiality section.