Links from this article:
my post on data security

I am often asked to either draft or review non-disclosure agreements. Within a standard agreement I will typically come across or include a clause on the standard of care required for safeguarding confidential information.

The clause might be worded as follows:

Confidential information is handled, at minimum, in the same way that the recipient would handle their own confidential information [or “in no event less than reasonable degree of care”, or in “strict confidence”, or at the “highest standard of care];  neither party shall be liable for the inadvertent or accidental disclosure of confidential information if such disclosure occurs despite the exercise of such care. 

The language noted above is not appropriate in all circumstances, but can be modified to suit the custom needs of the disclosure and recipient.

I was recently asked about the steps required in safeguarding information.  For the safeguarding of information stored electronically, please refer to my post on data security.

With respect to the safeguarding of information stored in physical files, I spent some time considering the recommendations of the Privacy Commission in response to complaints made against businesses on their handling of confidential information, to come up with the following  list of recommendations:

  • Ensure separation of confidential information storage/processing and open areas (such as your office reception area);
  • Ensure that access to confidential information storage and processing areas is key-controlled;
  • Ensure locked and guarded access to confidential information stored offsite: i.e.

    ensure information in storage is held off-site in a secure fenced facility, where entry is controlled by a security guard;

  • Ensure that a system exists for the monitoring and tracking of access to confidential information;
  • Ensure pre-screening and training of employees who have access to confidential information (with respect to training, employees should be oriented on their obligations to maintain the confidentiality and security of confidential information); and
  • Ensure that confidentiality protocols for accessing and storing confidential information are set out in a company code of conduct, along with protocol to notify employee supervisors in the event that confidential information is inadvertently stolen, lost, or unauthorized disclosures are made.

Consider taking the steps noted above (among other commercially reasonable measures) to protect the confidential information that is entrusted to you.

 

–  –  –

This article is provided for informational purposes only and does not create a lawyer-client relationship with the reader. It is not legal advice and should not be regarded as such. Any reliance on the information is solely at the reader’s own risk. Clausehound.com is a legal tool geared towards entrepreneurs, early-stage businesses and small businesses alike to help draft legal documents to make businesses more productive. Clausehound offers a $10 per month DIY Legal Library which hosts tens of thousands of legal clauses, contracts, articles, lawyer commentaries and instructional videos. Find Clausehound.com where you see this logo.