In a data-driven society your technical know-how and sensitive commercial information is a valuable business asset. Do you have the measures in place to keep it secure? Intellectual property law provides protection mechanisms for certain types of information – but not all. For example, through patent and trademark registration and copyright. However, there is a broader concept relating to the protection of confidential information which does not necessarily fall under any of the more technical intellectual property categories. Such information could include customer and price lists and manufacturing processes. In this advice blog post our dispute resolution solicitor Ian Carson gives his five top tips for protecting your company’s confidential information.
Remember, securing your commercial data isn’t just about furthering your own business interests. If you process personal data, you ‘ll have a wider duty to clients and consumers because you’ll probably be subject to data protection regulations as well. If you don’t have measures in place to ensure GDPR compliance you could face significant fines and reputational damage. Here are Ian’s tips to secure your business’ confidential information:
We'll be covering:
Ensure people know what information is and isn’t confidential
If you don’t want confidential information leaking out and being misused by competitors, first establish whether the information is in fact confidential. If the information is confidential, the law protects it from being used unfairly by those who have obtained it. The information must not already be in the public domain or be a matter of public knowledge. Any recipient of the information must also have received the information in the knowledge that it is being provided on a confidential basis.
Confidential information might comprise of budgeting and marketing plans, financial information, and business projections. Because it’s easy for employees to inadvertently disclose this information in the course of their work it’s essential to provide staff with training on what information is and isn’t confidential.
Use contracts to impose confidentiality
The duty to respect confidentiality can arise in three main circumstances. It can:
- Be imposed in a written contract between the relevant parties.
- Be implied by the circumstances in which disclosure is made.
- Arise by reason of the special relationship between the party disclosing the information and the party receiving it.
The clearest way to impose a duty of confidentiality is to set it out in writing in a confidentiality or non-disclosure agreement, or in any relevant contract between the parties concerned. Such a provision should be included in employment contracts, agency arrangements, consultancy contracts and joint venture agreements. This is because the way the general law protects confidentiality is sometimes unclear.
No contract? Get a court injunction
Without a written contract, a duty to respect confidentiality can still be imposed under the general law if the recipient of the information can reasonably be expected to have realised that he or she was receiving the information in confidence.
Alternatively, the nature of the relationship between the parties can result in a similar duty being imposed, for example if the parties are employer and employee, solicitor and client or doctor and patient.
Where a right to confidentiality exists, you can apply to court for an injunction to prevent the recipient from making unlawful use of the information and from disclosing it to others. However, the option of an injunction is only available where the breach of confidentiality has yet to occur. If the information has already been used or disclosed then, apart from an injunction to restrain future use, your best remedy is more likely to be to seek financial damages to reflect the profit made by the party in breach, or the loss you have suffered because of the breach.
Avoid legal action with better security practices
Legal action such as applying for an injunction to protect your commercially sensitive information is a fairly blunt instrument. Win or lose, you’re still likely to incur significant cost. So, it’ s important to consider what practical steps you can take to prevent confidential information being wrongly obtained and used in the first place. Measures include use of passwords, encryption, and keeping documents out of public view. As we have mentioned data protection laws also impose obligations to safeguard private data.
Actively manage and review information held by departing employees
During the course of employment, or of a consultancy arrangement, people often amass a significant amount of information that may be kept at home or on their laptops. This is particularly true given the increase in working remotely. It’s worth taking time to ensure that all confidential information is deleted from any devices retained by departing employees or consultants and all hard copies handed back.
We have seen numerous examples of how businesses have only appreciated the need to safeguard their confidential information after it has been unlawfully disclosed, leading to court action or intervention by the Information Commissioner. Taking the time to consider what confidential information a business possesses, who has access to it and what provisions are in place (both legal and practical) to prevent wrongful disclosure can save much time, expense, and risk further down the line.