Practical ways of protecting your business’ confidential information
The best method of protecting your business’ confidential information is to sign a confidentiality agreement or non-disclosure agreement (‘NDA’). However, an NDA cannot provide an absolute guarantee that the disclosed information will be protected. If the recipient has no intention of complying with its obligations under the NDA then it may be too late, or too expensive, to seek a meaningful remedy. This article considers other practical ways you can protect your business’ confidential information.
Do not disclose
The safest course of action is to avoid disclosing confidential information unless absolutely necessary.
Redact sensitive information
If you must disclose confidential information then consider redacting particularly sensitive parts of the information (e.g. prices, names).
Disclose on a “need to know” basis
Limit the disclosure of your confidential information to people who “need to know” the same. Avoid disseminating information to a wider audience as this increases the risk of unauthorised disclosure or use of the information.
Tell the recipient the information is confidential before you disclose
Tell the recipient that the information you disclose to them is confidential before you disclose it to them. This should include circumstances where information is disclosed orally. This helps to avoids any misunderstandings as to whether the information should be treated as confidential.
Tell the recipient the purpose for which they are receiving the information before you disclose
Tell the recipient the reason why they have received the information and in what circumstances they are authorised to use it (e.g. to evaluate a business opportunity with the discloser and not for any other use). This helps to avoid any misunderstandings as to how and why the recipient can use the information.
Provide hard copies
If possible and practicable, consider providing confidential information in hard copy form only (e.g. not orally and not electronically), prohibit taking copies of the same and then request the return of hard copies as soon as the information is no longer required.
Mark the information as confidential
If the confidential information is provided in hard copy or electronic form then mark it as confidential (e.g. with a watermark or heading).
Keep a record of who has access to the confidential information
Maintain a list of who has authorised access to the confidential information so you can easily identify if someone should not have access to the information.
Provide access via a virtual “data room”
If the confidential information forms part of the response to due diligence requests for a transaction and if possible and practicable, provide access to the information via a virtual “data room” which requires individual log in details and passwords for users and access to which is subject to rules governing the use of the room and information contained within it.
Stagger disclosure of information
In the context of a transaction, consider holding back confidential information until such time when it is necessary to disclose. This will ensure that:
- the length of time during which the information is at risk of unauthorised use or disclosure is no longer than is necessary; and
- parties who may only be “fishing” for information are not privy to confidential information before you have assessed whether they are serious.
Create and maintain internal policies and procedures
Remember that protecting confidential information is not just about protecting it from third parties. Ensure that you have adequate policies and procedures governing how information is used, stored and shared by your employees.
Physical and electronic security
The majority of information is stored electronically. Ensure your electronic security is also suitable for protecting your business’ confidential information (e.g. firewalls, secure e-mails and encryption). Remember to review your business’ security measures regularly because information technology develops rapidly and your security systems may become out of date.
Restrict internal disclosure
Information may remain confidential within certain parts of your business. Consider using code names and restricting access to confidential information to those employees who need to know the same.
Train your employees
Train your employees on your policies and procedures and their obligations. Teach them practical ways of keeping information confidential (e.g. do not discuss company business in public, do not carry files labelled with confidential information such as client or project names).
This note is intended to be for information purposes only and does not constitute legal advice. For advice on NDAs and protecting your confidential information, please contact a member of our Corporate team.