When the secret is out, what can you do?

Dealing with breaches of confidence and misuse of confidential information

Adam Chaffer
Associate

Over 426 years ago, Sir Francis Bacon observed that ‘knowledge is power’, a phrase which is as relevant now as when he first penned it. Today, as then, for a business it could mean the difference between financial prosperity and failure.

In this article, we will consider what can constitute ‘confidential information’, the extent to which that information can be protected, and the practical steps a business can take when there has been a breach.

The extent of confidentiality?
The notion of ‘what is confidential information’ can be extremely wide and will depend largely on what that business does and how it does it. Practically speaking, almost any type of information can be subject to a veil of confidentiality and misuse of that information can be a breach provided that three requirements are met;

1. the information itself must have the necessary ‘quality of confidence’;
2. it must have been given in circumstances importing an obligation of confidence; and
3. there must be an unauthorised use of that information which causes a detriment to the person who holds the right to that information.

A business is likely to want to monitor closely the information it deems to be confidential because the protection afforded by the law is constrained by the realities of the commercial world. When information becomes out of date or the commercial value of it diminishes, the protection of the veil of confidentiality ceases.

The influence of protective mechanisms such as non-disclosure agreements or confidentiality clauses can diminish over time and it can be operationally impractical to monitor such agreements due to the financial and logistical burden it would create. Further, the protection of confidential information carried indirectly by exiting employees is likely to last only as long as their restrictive covenants, which in themselves will only be valid if the duration, scope and territory are reasonable in nature.

For a business wishing to monitor and ensure effective controls on confidential information it would be beneficial to undertake regular confidentiality reviews of the information and process to ensure that it remains relevant and effective.

For confidential information which is a trade secret (that is information which is commercially valuable which provides the holder with a competitive advantage), the Trade Secrets (Enforcement) Regulations 2018 provides a statutory regime for protection, in addition to that which is afforded through the traditional legal and technological security measures

What to do where you suspect there has been a breach of confidence or a misuse of confidential information?
The golden rule for any situation where a business suspects that there has been a breach of confidence is to act promptly and speak to a solicitor specalised in this type of work. Time in these situations becomes vital and delay can undermine the protections which a business can take in situations where there has been a breach.

The common causes of a breach occur when either information is disclosed to an unauthorised third party or the information is used for an unauthorised purpose. To establish this, a business is going to need evidence. It is therefore beneficial that any meeting with your solicitor on this point is attended by those in the business who have knowledge of IT and human resources. If there is insufficient evidence to establish a breach, or that evidence has not been promptly obtained, it can often undermine the steps that a business may want to take to protect their confidential information.

Acting upon a breach
A business can take steps to enforce the rights in their confidential information against the person misusing the information, the recipient of the information, or even a third party who directly or indirectly becomes a recipient of that information.

A business that can successfully establish that there has been a breach, and that some damage has or will occur as a result of that breach, is likely to be entitled to an injunction, an account of profits and an inquiry into damages. Prior to seeking these remedies from a court, a party seeking to enforce the breach will need to take specific time-sensitive steps to protect their position, which make it commercially imperative to engage with IT, HR (if relevant) and take advice as promptly as possible.

Practical steps to maintain confidentiality
For a business there are several practical steps which can be taken to ensure that valuable confidential information remains confidential, including:

1. limit access to confidential information, on a ‘need to know’ basis;
2. keep records of what you hold that needs to be kept confidential and who has access to confidential information, and review/update those records regularly;
3. ensure that employee, consultant and agency contracts contain clear and appropriately drafted confidentiality provisions; and
4. where appropriate, ensure that third parties visiting your premises sign non-disclosure agreements, and are accompanied by a member of staff at all times.

In addition to the points above, it is beneficial for a business to also review regularly its security measures both physical and electronic, and also provide training to employees on protecting confidential information. Well maintained compliance on these points adds a further dimension of protection beyond just the legal framework of confidentiality.

Conclusion
When your business has worked hard to succeed, it is important that you take the necessary steps to protect the information behind that success. The practical steps which can safeguard that information, once implemented, can ensure that there are adequate checks and balances to redress situations where a breach arises.

Equally, it is important for a business to appreciate that when a breach or misuse of confidential information occurs there are certain steps which must be taken promptly to protect that information, prevent further dissemination, and then to recover any loss which the breach may cause.

For further information or if we can help with any of the issues set out above, please contact us via our website or call 0191 232 8345.