In Short
- Clearly specify what constitutes confidential information in your agreements to ensure all parties understand their obligations.
- Use non-disclosure agreements (NDAs) to legally bind parties to confidentiality, protecting sensitive business information.
- Be aware of the legal actions available if a breach of confidence occurs, including injunctions and claims for damages.
Tips for Businesses
Protect your business’s confidential information by defining it in contracts and using NDAs when sharing sensitive data. Regularly review and update these agreements to keep them effective. In case of a breach, promptly seek legal advice to understand your options and minimise potential damage.
As a business owner, you must identify and understand when you label information ‘commercial in confidence’. Essentially, this means you consider the information confidential and should not share it with the public or another person without the other party’s consent. Usually, you intend such information for a specific internal purpose within your company or a commercial arrangement. This approach allows businesses to communicate that certain information requires careful treatment and protects their privacy, with applicable legal consequences for breach. This article will discuss the best ways to protect your business’ confidential information and what to do if there is a breach of confidence.
What is Confidential Information?
Confidential information refers to any information or document that a party wishes to keep private and is not currently in the public domain. Accordingly, the information must be:
- easily identifiable; and
- not be of public knowledge.
Confidential information includes any information the recipient has received throughout the commercial relationship, including:
- trade secrets such as manufacturing processes, business methods, and new products (before filing a patent);
- business information such as marketing plans and strategies;
- personal information, including information or an opinion about an identifiable person;
- any new or emerging business relationships;
- intellectual property such as source code;
- financial statements; and
- internal processes.
How Do I Protect My Business’ Confidential Information?
Let us explore the key ways you can protect your confidential information.
Confidentiality Agreement
A confidentiality agreement, commonly called a non-disclosure agreement (NDA), is an agreement between the owner of confidential information and the party to whom they share it. Confidentiality agreements are helpful when engaging in preliminary discussions before entering into a formal relationship.
When drafting or reviewing a confidentiality agreement, it is crucial to consider whether a one-way or mutual agreement is more appropriate.
A one-way agreement protects only the disclosing party’s information, while a mutual agreement protects both parties’ confidential information. The choice depends on whether both parties will be sharing sensitive information. Additionally, it is essential for the disclosing party to carefully review the agreement to ensure it adequately covers all types of confidential information they might share, including trade secrets, financial data, and proprietary processes. This review helps prevent potential loopholes that could leave valuable information unprotected.
Confidentiality Clauses Within a Contract
When entering into a formal relationship that involves continual disclosure of confidential information, including a confidentiality clause within your contract is essential. Key agreements that should include these clauses are employment agreements, contractor agreements, manufacturing agreements, and any other agreements where you share information that is important to your business and should not be shared with another party without your approval.
Typically, a confidentiality agreement or clause will need to identify the following:
- parties to the agreement;
- information which is to be kept confidential;
- obligations to maintain secrecy, along with any exceptions;
- permitted scope of use of the confidential information; and
- consequences of failing to comply with the agreement.
Duty of Confidence
Even in the absence of a written agreement, there may still be an equitable duty of confidence. This does not need to be explicitly stated in a contract. It is sufficient if there is an evident obligation to treat the information as confidential.
If you discover that the larger pharmaceutical company had begun its own research project on a similar method, a court may find a duty of confidence existed despite the lack of an agreement because:
- the information you shared was clearly confidential in nature as it related to cutting-edge medical research; and
- you shared the information in a circumstance that implied confidentiality (i.e. during a business meeting about a potential partnership).
The large pharmaceutical company should have known that your information was intended to be kept secret. Although relying on the equitable duty of confidence is an option, it is best practice to protect your confidential information with a written agreement and not solely rely on the equitable duty of confidence. Additional steps you can take to protect your interests include:
- marking the document as confidential; and
- limiting access to confidential information to only the people who need to see it.
How Do I Determine if There Has Been a Breach of Confidence?
You must provide proof if you suspect a breach of confidence and wish to take legal action. In determining this, a court will evaluate the following factors.
1. Was the Information Truly Confidential?
It is not enough to write ‘Confidential’ on your documents. The court will assess whether the information is well-known or genuinely not public knowledge. If the court finds that other people or businesses possess the same content, it will likely not meet the confidentiality requirements. However, a document may not be marked ‘Confidential’, due to the nature of its contents, such as a database of client information. It may still be considered confidential and subject to confidentiality obligations.
On the other hand, an untitled spreadsheet containing your performance metrics and future marketing strategies may be considered confidential, even if you do not mark it as such. This is because it contains sensitive information that could cause harm if shared with a third party without your consent.
2. Was There an Obligation of Confidence?
It is crucial to determine the nature of the relationship between the parties to determine if an obligation of confidence exists. If there was a written contract or you implied to the recipient that they should keep the information confidential, you can be satisfied that there was an obligation of confidence.
3. Has There Been an Unauthorised Breach?
If the other party shared your confidential information without your knowledge or consent, this would be considered an unauthorised breach.
4. Did the Breach Cause Significant Loss?
The information the recipient has shared without your consent may be of high commercial value and cause loss or damage to your business.
What Do I Do if There Has Been a Breach?
After confirming a breach has occurred, you may wish to take legal action against the other party. As going to court can be a costly and lengthy process, it is advisable to proceed using the following steps:
1. Send a Cease and Desist Letter
This letter should outline the nature of the breach, the damages suffered as a consequence or the potential damages. In addition, you must specify your demands, that is, the cessation of the breaching activity or compensation. Your letter should also outline the potential consequences if the other party does not meet your demands, such as further legal action.
2. Negotiate Outside of Court
Suppose the other party rejects your assertion. In this case, it may be helpful to undertake formal or informal negotiations. For example, many parties find formal mediation to be beneficial.
3. Formal Legal Proceedings
If all else fails, consider formal legal action. If proceedings are successful, there are two possible outcomes:
- Injunction: this will prevent the other party from using or further disclosing the confidential information; and
- Damages: this is monetary compensation for any losses caused by the breach.
Taking legal action should be a last resort, and initial efforts should be made to attempt to resolve the matter outside of court.

This factsheet explains what a data breach is and when one is serious, your reporting obligations, and limiting an NDB’s impact.
Key Takeaways
Confidential information takes many forms, and you should always take the necessary steps to protect this information. Contractual obligations can help protect your confidential information and deter the recipient of the information from disclosing it without your consent. If the other party breaches their contractual obligations, you may have a legal right to receive compensation for damages.
If you need assistance with ensuring your confidential information is protected, our experienced data and privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
Frequently Asked Questions
‘Commercial in confidence’ refers to sensitive information that must not be shared without the owner’s consent. It is intended for internal use within a business or a specific commercial arrangement to protect privacy.
To protect confidential information, use confidentiality agreements (NDAs), include confidentiality clauses in contracts, and consider marking documents as confidential. Limiting access to the information also helps safeguard it.
We appreciate your feedback – your submission has been successfully received.