Protection of Confidential Information

I am often asked to either draft or review non-disclosure agreements. Within a standard agreement I will typically come across or include a clause on the standard of care required for safeguarding confidential information.

The clause might be worded as follows:

Confidential information is handled, at minimum, in the same way that the recipient would handle their own confidential information [or “in no event less than reasonable degree of care”, or in “strict confidence”, or at the “highest standard of care]; neither party shall be liable for the inadvertent or accidental disclosure of confidential information if such disclosure occurs despite the exercise of such care.

The language noted above is not appropriate in all circumstances, but can be modified to suit the custom needs of the disclosure and recipient.

I was recently asked about the steps required in safeguarding information. For the safeguarding of information stored electronically, please refer to my post on data security.

With respect to the safeguarding of information stored in physical files, I spent some time considering the recommendations of the Privacy Commission in response to complaints made against businesses on their handling of confidential information, to come up with the following list of recommendations:

  • Ensure separation of confidential information storage/processing and open areas (such as your office reception area);
  • Ensure that access to confidential information storage and processing areas is key-controlled;
  • Ensure locked and guarded access to confidential information stored offsite: i.e. ensure information in storage is held off-site in a secure fenced facility, where entry is controlled by a security guard;
  • Ensure that a system exists for the monitoring and tracking of access to confidential information;
  • Ensure pre-screening and training of employees who have access to confidential information (with respect to training, employees should be oriented on their obligations to maintain the confidentiality and security of confidential information); and
  • Ensure that confidentiality protocols for accessing and storing confidential information are set out in a company code of conduct, along with protocol to notify employee supervisors in the event that confidential information is inadvertently stolen, lost, or unauthorized disclosures are made.

Consider taking the steps noted above (among other commercially reasonable measures) to protect the confidential information that is entrusted to you.

Written by Rajah. Rajah Lehal is Founder and CEO of Rajah is a legal technologist and technology lawyer who is, together with the Clausehound team, capturing and sharing lawyer expertise, building deal negotiation libraries, teaching negotiation in classrooms, and automating negotiation with software.