Protecting confidential commercial information is vital for any business operating in today’s data-driven economy.
Whether it’s client databases, internal pricing strategies or operational know-how, failing to safeguard sensitive business information leaves you vulnerable to competitive misuse, reputational harm and regulatory risk. While intellectual property law provides protection in specific cases – through trademarks, patents or copyright – many forms of valuable information fall outside these legal categories. This is where the law on confidentiality comes into play.
If you're unsure whether your business has adequate protections in place, our data protection solicitors can help you assess risk, implement preventative measures and act swiftly if a breach occurs.
Here are 5 ways to protect your confidential commercial information:
We'll be covering:
- Define and identify what counts as confidential information
- Use contracts to legally protect sensitive business data
- Seek remedies if confidentiality is breached without a contract
- Strengthen security practices to prevent data misuse
- Manage confidential information when employees leave
- Don’t wait for a breach to realise what was at stake
Define and identify what counts as confidential information
If you don’t want confidential information leaking out and being misused by competitors, first establish whether the information is in fact confidential. If the information is confidential, the law protects it from being used unfairly by those who have obtained it. The information must not already be in the public domain or be a matter of public knowledge. Any recipient of the information must also have received the information with the knowledge that it is being provided on a confidential basis.
Confidential information might include budgeting and marketing plans, financial information, and business projections. Because team members can disclose this information in the course of their work inadvertently, it’s essential to provide staff with training on what information is and isn’t confidential.
Use contracts to legally protect sensitive business data
The duty to respect confidentiality can arise in three main circumstances. It can:
- Be imposed in a written contract between the relevant parties.
- Be implied by the circumstances in which disclosure is made.
- Arise because of the special relationship between the party disclosing the information and the party receiving it.
The most straightforward way to impose a duty of confidentiality is to set it out in writing in a confidentiality or non-disclosure agreement, or in any relevant contract between the parties concerned. Such a provision should be included in employment contracts, agency arrangements, consultancy contracts and joint venture agreements. This is because the way the general law protects confidentiality is sometimes unclear.
Seek remedies if confidentiality is breached without a contract
Without a written contract, a duty to respect confidentiality can still be imposed under the general law if the recipient of the information can reasonably be expected to have realised that they were receiving the information in confidence.
Alternatively, the nature of the relationship between the parties can result in a similar duty being imposed, for example, if the parties are employer and employee, solicitor and client or doctor and patient.
Where a right to confidentiality exists, you can apply to the court for an injunction to prevent the recipient from making unlawful use of the information and from disclosing it to others. However, the option of an injunction is only available where the breach of confidentiality has yet to occur. If the information has already been used or disclosed, then, apart from an injunction to restrain future use, your best remedy is more likely to be to seek financial damages to reflect the profit made by the party in breach, or the loss you have suffered because of the breach.
Confidential commercial information may also be protected under the Trade Secrets (Enforcement, etc.) Regulations 2018, depending on the nature of the material and the breach.
Strengthen security practices to prevent data misuse
Legal action, such as applying for an injunction to protect your commercially sensitive information, is a fairly blunt instrument. Win or lose, you’re still likely to incur significant costs. So, it's essential to consider the practical steps you can take to prevent confidential information from being improperly obtained and used in the first place. Measures include the use of passwords, encryption, and keeping documents out of public view. As we have mentioned, data protection laws also impose obligations to safeguard private data.
Manage confidential information when employees leave
During the course of employment or a consultancy arrangement, individuals often accumulate a substantial amount of information that may be stored across various personal devices or remote locations. This is particularly true given the rise in remote work. It’s worth taking the time to ensure that all confidential information is deleted from any devices retained by departing employees or consultants, as well as from all hard copies handed back.
We have seen numerous examples of how businesses have only appreciated the need to safeguard their confidential information after it has been unlawfully disclosed, leading to court action or intervention by the Information Commissioner's Office Taking the time to consider what confidential information a business possesses, who has access to it and what provisions are in place (both legal and practical) to prevent wrongful disclosure can save much time, expense, and risk further down the line.
Don’t wait for a breach to realise what was at stake
Confidential information can be exposed in seconds, but the consequences often last much longer, especially if a data protection failure results in enforcement action or litigation. From ensuring your contracts impose clear confidentiality obligations to reviewing your internal processes, the best defence is a proactive one. If you’re unsure where your vulnerabilities lie or need support navigating data protection law, our experienced data protection solicitors can help. We work with you to audit your systems, strengthen your legal frameworks and protect the information that keeps your business competitive.