Australia: Guard Your Confidential Information

• Confidentiality of information is essential to any business
• Breaches of confidentiality can be extrememly costly
• One-off measures are ineffective in the long run – design a comprehensive confidentiality system
• Your aim is not to bubble-wrap your business, but to know and manage risks

What else could Michael have done to protect valuable information? Here, we provide a practical guide to protecting confidential business information.

Keen to ensure that his new product would be price competitive, Michael had decided to source some of its components by tender. In order to enable tenderers to accurately price their submissions, Michael gave them copies of the design drawings, subject to a confidentiality agreement. This agreement contained the usual confidentiality obligations including a clause requiring tenderers to return all drawings at the end of the tender period. However, in a rush to meet product deadlines, the task of contacting tenderers to ensure the drawings were returned slipped to the bottom of Michael’s priority list.

A few months later, Michael discovered that an unsuccessful tenderer had leaked the design drawings to a competing company. Not surprisingly, this news caused much internal panic at Michael’s company and he was called in by the CEO to explain his actions. Fortunately for Michael and his employer, the competitor wanted to do the right thing. They returned all copies of the drawings to Michael with their assurances that they would not use them.

Michael was lucky, but he learned his lesson. Confidentiality agreements, no matter how welldrafted, are worthless without comprehensive management of the flow of confidential information. As Michael discovered, ‘our contractual rights against the disgruntled tenderer didn’t really mean much when our main competitor had already seen the design for our key product for the next year!’

To prevent your confidential information from falling into the wrong hands, your aims as a manager are to:

• Know what confidential information you have and understand its importance to your business.
• Monitor and restrict the purpose for which access to that confidential information is granted.

How can these aims be put into effect and sustained across your business? Here are four key steps.

The strictest confidentiality regime is worthless if your staff do not fully understand why it exists and how it operates. This does not only mean informing them of the steps involved and their particular responsibilities. Instead, make your staff feel invested in the system’s success by communicating your organisation’s goals and what role your staff can play in achieving them. This training can be delivered in-house, or you might consider engaging an outside expert, who could bring a fresh, objective perspective. Staff might be more open than they would with a manager.

Confidentiality procedures are often introduced in a ‘piecemeal’ manner, leading to a lack of clarity and possible conflicts. To reduce the risk of leaks, implement acomprehensive and well-thoughtout set of procedures. They must be clear and easy to follow, and if properly implemented they will become integral parts of your business culture. While the most effective systems are designed from beginning to end by experts, certain simple measures can stand on their own. Consider, for example, marking documents as confidential; keeping desk and office spaces clear of confidential information by locking them overnight; ensuring all electronic information is passwordprotected and installing copy checks on highly sensitive information.

It is wise to regularly check that the confidentiality regime is still effective and being adhered to. This is a check that your confidentiality procedures still cover all your business processes. Organic growth in a certain business area may have rendered its confidentiality procedures inefficient, and the procedures are being ignored. Larger organisations can do this survey as part of their regular audit process, or you might consider surveying individual employees or business areas on a rotating roster, or asking team leaders to do so. Maybe offer an award for the person who has most effectively executed the confidentiality regime.

If you become aware of a breach of confidentiality, act immediately. One of the best ways to ensure your business does not become a victim of information theft is to develop a reputation for vigorous protection of confidential information. Obtain all the information you can about what has occurred, and seek legal advice to avoid any further damage.

• Remember that a confidentiality agreement is not a universal solution, but a part of a greater confidentiality strategy.
• Be very clear about what information is to be treated as confidential. When in doubt, what is regarded as confidential information should be broader rather than narrower. Ideally, it should cover all information you provided to the other party that is actually confidential in nature.
• Identify the uses to which the information can be put and limit the scope of such uses.
• Identify who may be given access to the information, eg the other party's lawyers.
• Where appropriate, specify whether copies of the information may be made. Provide yourself with a right to the return of originals, and the return or destruction of any copies.
• Set a time limit for considering the information, or a date for its return.
• You might require a different agreement to deal with a different contracting party. To ensure your agreement fits the situation, have it checked by qualified lawyers.
• Control your confidentiality agreement, perhaps with a document control system. Do not allow employees to make even minor changes without prior approval.
• Require contracting parties to have particular confidentiality procedures in place, or require undertakings from specific employees or subcontractors. Before any new confidentiality situation, eg a new contract, do a risk analysis. While the contract runs, monitor the other party.
• Be aware of your rights at common law and equity as well as your contract rights.

• Clearly mark all documents containing confidential information "confidential".
• Before giving anyone your confidential information, ask yourself whether that information needs to be disclosed to all. If in doubt, don’t disclose it until you have received legal advice.
• Treat the information as confidential even at the point of destruction, by providing locked disposal bins or shredders for the disposal of any confidential information.
• Require everyone who has access to the information to sign a written confidentaility agreement before they are given access.

This publication is intended as a first point of reference and should not be relied on as a substitute for professional advice. Specialist legal advice should always be sought in relation to any particular circumstances and no liability will be accepted for any losses incurred by those relying solely on this publication.