Protecting your business – confidentiality

In any industry, trade secrets and confidential information are often integral contributors to a business’s success, as they strive to outperform their competitors. With this in mind, it is important for entrepreneurs to understand how the law applies to trade secrets and confidential information, as well as taking adequate steps to ensure that this sensitive information is protected.

How can a breach of confidentiality occur in a business?

If any individual who works within your business uses private information collected whilst working for you in a way that could damage your business, you can use enforceable confidentiality restrictions to protect the business.

Confidentiality restrictions include confidential information which is critical to your business, such as information relating to:

• trade secrets – these must be commercially valuable, known only to a limited group of persons, and be subject to reasonable steps taken by the rightful holder of the information to keep it secret. For example confidential formulae, or how a certain process is completed. Trade secrets are not under a time limit, so can therefore be protected during and following employment. It is not necessary to have a specific clause in the employment contracts relating to trade secrets, as this obligation is implied into every employment contract for the trade secrets to be protected;
• confidential information – this must have a necessary ‘quality of confidence’, the information must be imparted in circumstances importing an obligation of confidence, and for a breach to occur there must be unauthorised use or disclosure of the information that is detrimental to the owner of the information. Confidential information includes information such as sensitive financial information and business plans; and
• employee skill or knowledge – this is any information that allows employees to do their job and so they have learned it as a result of the processes. If it includes knowledge that the employee had before starting to work for your business or is common knowledge within the industry then it is unlikely to be protected.

What practical steps can I take to ensure my business is protected from confidentiality breaches?

To avoid breaches of confidentiality by employees, one measure which can be taken is to include an express (rather than only implied) duty of confidentiality and good faith in the contracts of your employees. In doing this, from the start of the relationship with the employee, their obligations have been made clear in respect of confidential information and the consequences of breaching it. Both parties will be able to know where they stand and should the employee need to clarify any elements of the clauses then they are able to do so before accessing the confidential information in question. Restrictive covenants will also protect employers from confidentiality breaches by preventing former employees from competing with your business or dealing with any contacts made as a result of working with the business. These clauses are usually limited to a reasonable period after leaving your business, and refer to a reasonable geographical area. If the restriction is unreasonable, however, it will not be enforceable – restrictive covenants must go no further than protecting legitimate business interests.

It is important that employers make it expressly clear which information is confidential. Steps which can be taken to ensure it has been demonstrated to employees which information is considered confidential include:

• tailoring contracts to your own business by including a specific definition of confidential information, and including reference to any document that is given to an employee on the basis that it is confidential;
• only share the most sensitive confidential information with staff that are required to know the information as part of their job role. It is key to strike a balance between not circulating sensitive information too widely, and not allowing other employees to feel excluded or as though they are not trusted;
• clearly mark confidential information as such – for example in email headers or on the top of paper files;
• use password protection to keep data secure, or if it is stored manually then physically lock it away;
• monitor employee access to company data as well as use of electronic devices that belong to the business. It is also important to ensure that no breaches of the GDPR or right to employee privacy occur in doing so; and
• in the case of a breach or a potential breach, there must be a clear and widely understood reporting procedure.

Please contact our employment solicitors should you need any assistance with drafting clauses or documents to protect your confidential information.