There’s nothing wrong with doing things on trust in business, but sometimes you need more. Growing businesses will sometimes need to share sensitive information with people outside of your company. What would happen if that pricing information, or those strategic plans, ended up in the hands of a competitor? Misuse of your confidential information could seriously damage your business. If you know a little about the rights you have in confidential information, then you can control it, and stop it from being used in a way that may have an adverse impact on your business.
Confidential information is a valuable type of intellectual property right. Crucially, the rights will only exist for as long as the confidential information remains secret. So you need to be really careful about where it is kept, who sees it, and who is allowed to use it. Thinking through the physical security measures in your organisation is a great starting point.
You need to protect it
Your employees are critical to protecting your sensitive data. Their confidentiality obligations should be set out in your employment contracts. Is it clear to your staff what their responsibilities are? Maybe you have a staff handbook that sets out the relevant policies and procedures. In any case, do make sure you communicate clearly to key staff about the importance of secrecy, and procedures for sharing sensitive information.
Is your business innovative? If you share an innovation to someone outside of your business (without suitable legal protection), you may not then be able to protect it with a patent.
Maybe you have trade secrets? Many inventions are very valuable, but do not pass the relevant tests to qualify for patent protection. Or perhaps a patent application isn’t the way to go because you do not want an invention to be published. You can only protect trade secrets – Coca-Cola, WD 40 and Listerine being some of the most well-known examples – by keeping them confidential.
Here’s what you can do to protect your confidential information:
- store it in a secure area and control access to it
- only share it with others on a “need-to-know” basis
- if you can, discuss it verbally rather than by email
- mark it clearly on documents as CONFIDENTIAL
- put a confidentiality agreement in place before sharing
If you have access to someone else’s confidential information:
- keep a record of when it is received, and who it is shared with internally
- stick to what any confidentiality agreement you have signed says, especially the permitted use
- delete, return or shred copies after use (subject to what any confidentiality agreement says)
Do you need an NDA?
If you want to share your confidential information to people outside of your business, you should put a confidentiality agreement, also known as a non-disclosure agreement – or NDA – in place before you show it to anyone. The NDA makes it clear that the information needs to be kept secret, and says how it can and can’t be used.
Some partners or professionals may already be under obligations of confidentiality because of the nature of the working relationship. Check any existing commercial agreements to make sure your concerns are covered off. If there isn’t already a written agreement, and for new relationships, you should have an NDA. It will help you to control the information, and to prove that the person receiving it has a legal duty to protect it.
There’s no such thing as a ‘standard’ NDA. Your business may not have adequate protection unless an NDA is customised for your particular needs. Signing someone else’s NDA without legal advice is risky: you may expose yourselves to liabilities without realising it. We see some corking examples of people slipping unwanted obligations into NDAs – such as indemnities and restraints of trade.
Hopefully it will never come to this, but if your confidential information is misused, an NDA will ensure that you can take legal action to either stop it from happening (injunctions), or to obtain money damages to compensate you for your losses.
Written by Nicola Proudlock
Principal at My Inhouse Lawyer
One of our values (Growth) is, in many ways, all about cultivating a growth mindset. We are passionate about learning, improving and evolving. We learn from each other, use the best know-how tools in the market and constantly look for ways to simplify. Lawskool is our way of sharing with you. It isn’t intended to be legal advice, rather to enlighten you to make smart business decisions day to day with the benefit of some of our insight. We hope you enjoy the experience. There are some really good ideas and tips coming from some of the best inhouse lawyers. Easy to read and practical. If there’s something you’d like us to write about or some feedback you wish to share, feel free to drop us a note. Equally, if it’s legal advice you’re after, then just give us a call on 0207 939 3959.
How it works
It starts with a conversation about you. What you want and the experience you’re looking for
We design something that works for you whether it’s monthly, flex, solo, multi-team or includes legal tech
We use Workplans to map out the work to be done and when. We are responsive and transparent
Freedom to choose & change
A responsive inhouse experience delivered via a rolling monthly engagement that can be scaled up or down by you. Monthly Workplans capture scope, timings and budget for transparency and control
A more reactive yet still responsive inhouse experience for legal and compliance needs as they arise. Our Workplans capture scope, timings and budget putting you in control
For those one-off projects such as M&A or compliance yet delivered the My Inhouse Lawyer way. We agree scope, timings and budget before each piece of work begins