Confidentiality: Are you keeping your IP and data safe?

Your intellectual property and your own data are amongst the most valuable assets your business has. Customer lists, passwords, recipes, bespoke code, funding applications and business plans are just a few examples of confidential information you should be keeping as secure as possible.

We’ll take a look at keeping your own IP and data safe in this overview guide. To measure yourself against our IP and data-handling checklists, and to ensure you’ve got the right measures and protections in place, take a look at our IP guide and our suite of data protection guides.

And it’s not just your own confidential information that needs to be kept safe.

The laws on data are growing ever stricter and more exacting too – particularly regarding customer data, such as names, contact details, order details, and other sales activity that’s shared with you.

How you ask for, handle, use, and store customer data, online or offline, is all subject to legal obligations that you must comply with to avoid fines and other undesirable legal consequences. You might handle these types of data, but you do not necessarily own them or have unconstrained freedom to determine what to use them for.

Having your confidential information taken or distributed can cause your business huge problems – such as voiding your patent applications or providing competitors with your trade secrets.

There are essentially only four scenarios in which it’s ok for your confidential information to be shared:

• If you’ve granted permission

• If it’s in the best interests of the public (usually something that only a court or regulator can determine, not just anybody)

• If it’s required by law (e.g. as part of an investigation or court action)

• If it’s naturally entered the public domain (e.g. if you’ve sold products to customers who are publicly displaying them, so it’s clear they are your customers and what they are buying from you)

In any other situation, it is not ok and you are entitled to prevent that information from being shared in any way, including by legally obliging others to take on responsibility for protecting it too.

To prevent this from happening to your business, there are two main areas you need to concentrate on: how you share your information and how you work with the people you share it with.

• Draft non-disclosure agreements for all parties to sign – NDAs clearly set out what information mustn’t be openly shared with other.

• Make use of employment contracts – clearly state confidentiality terms, restrictive covenants (what kind of work employees can’t do during their period of employment with you or for a set timescale after leaving the company), and the consequences of breaching the terms

• Have a clear, well-communicated position on confidential information (the best way to do this is to spell it out clearly in employment contracts and/or any supporting data and/or information related employment policies.

  Then ensure all staff and contractors or other workers understand what you consider to be confidential and non-disclosable

• Have a clear and accessible data management policy which defines appropriate storage locations for information. This should ensure that all staff, contractors or other workers understand which tools and software are to be used to store different types of information

• Limit access to information: ensure that employees only have access to information and systems that they need access to

• Carry out thorough reference checks on new hires – to prevent entering business relationships with untrustworthy individuals

• Train employees about how information could be unintentionally leaked – such as leaving their computers open around other people, discussing the information with colleagues in public, losing their mobile equipment in public places or not acting reasonable in keeping it safe from theft, etc.

• Manage leavers and equipment they've used effectively: collect all equipment and confidential information from leavers of the company before they leave the building on their final day – whether they are employees, freelancers, or other workers

• Don’t let leakages go unchecked or unactioned – otherwise you might be at risk of tacitly consenting to, contributing to, or worsening the disclosure situation

Even if you follow all of the above advice, it’s still possible that someone lets something slip.

As long as your information is classed as a business secret, (it’s not public knowledge or public property, and it doesn’t have consent to being shared), it’ll be protected by the law of confidence. It will also be protected by the contract law, providing you have confidentiality terms in documents such as your employment contracts and NDAs.

In practice, this won’t undo the fact of the leak or the damage that you may suffer as a result.

But it will provide you with the right to compensation for the damage that you suffer and, potentially, with the ability to mitigate that damage from spreading and having greater impact.

How much and what form that compensation takes will depend on whether you have contractual protections in place or you’re relying on the more general law of confidence. Your remedies may potentially even extend to application of some of the criminal laws, such as those relating to conspiracy, industrial espionage and/or theft – though these types of action can be costly to pursue.