The Overlooked Legal Tool That Can Safeguard Your Most Sensitive Business Information

Confidence, as a legal concept, plays a vital yet often overlooked role in protecting non-public information. Unlike contract-based mechanisms like NDAs, the law of confidence operates independently, offering a flexible and powerful tool for businesses to safeguard sensitive data.

Confidence is a legal institution in its own right and independent of contract law. This is a critical point, as it means that obligations of confidence do not arise from contractual obligations.

Related: 4 Actions Start-Up Founders Need to Take (But Often Overlook) to Protect Their Business

What distinguishes the law of confidence from similar legal protections, such as copyright, trademark or patent law, is that confidence is a common law principle, whereas the others are statutory protections. In simple terms, common law is a living body of law that evolves with societal circumstances and may be interpreted — or even overridden — by the courts based on the specifics of each case.

An obligation of confidence is established between persons as soon as one person discloses information to another, where a reasonable person would understand that the information is not publicly accessible.

This obligation may arise explicitly, when the information is shared in a direct conversation, or implicitly, such as when someone becomes aware of the information accidentally. In both cases, the duty of confidence is established between the parties.

As soon as confidence is established between persons, the receiving party must exercise due care to protect the information received, using appropriate means.

What is critical here is that protecting what you disclose to another person does not necessarily require signing a non-disclosure or even a non-circumvention agreement. As long as your communication is in a form that can be logged and clearly indicates the exchange of non-public information, the obligation of confidence is established between the parties.

The intentional use of the generic term non-public — rather than confidential — serves as a broader and more inclusive notice. It signals to others that they should not limit their attention to information explicitly labeled as confidential, but instead exercise their best judgment in identifying what is not publicly available. This framing encourages a higher standard of due care in handling such information.

An example of when confidence obligations are established implicitly is through a notice included in an email signature.

When your email states that you are communicating non-public information, this notice can create an obligation of confidence — even if the email is received by someone by mistake. In such cases, the recipient is generally expected to delete the message and disregard its contents, thereby fulfilling their duty to mitigate the breach and uphold the established obligation.

Related: Avoid These 6 Mistakes in Safeguarding Proprietary Information

Confidence in business relationships

Entrepreneurs may establish a context of confidence and impose obligations on the other party from a perspective that is both interesting and rarely discussed.

When a business enters into any contractual relationship, a form of confidence should also be established regarding the degree of information it is entitled to access in order to fully benefit from that relationship.

Having access to the appropriate level of information builds confidence and provides the certainty needed to understand what is happening with business partners — especially when those developments may directly impact the relationship.

Confidence obligations are established between parties in a business relationship when their discussions clearly reflect the necessity of exchanging non-public information owned by each party — especially if that information could reasonably impact the relationship and its underlying purpose.

Non-disclosure, non-circumvention and confidence

When we examine the context of confidence from the perspective of non-disclosure and non-circumvention agreements, we find that overlaps often occur. Non-circumvention is particularly critical, as the receiving party of non-public information may attempt to use that information for their own benefit or for the benefit of others.

Using the term "confidence" to establish obligations for non-public information — rather than relying on the term "confidential," which forms the core of NDAs and NCAs — is more reliable as a unilateral act.

While NDAs and NCAs are typically bilateral agreements that require formal acceptance by the receiving party, confidence obligations can be established unilaterally.

These obligations arise when non-public information is disclosed in a manner that reasonably conveys an expectation of privacy and discretion.

In the context of confidence, the receiving party's acceptance is not required for the obligation to be established.

Sometimes, entrepreneurs and businesses may choose to maintain the information that constitutes their competitive edge as a trade secret, rather than applying for a patent to protect their innovative processes.

The critical difference between a trade secret and a patent is that the underlying information in a patent becomes public, with the aim of encouraging further innovation built upon the patented idea as prior art. In contrast, establishing obligations of confidence is the most appropriate means of preserving the secrecy of valuable informational assets that make a business distinct.

Another critical point is that, while data protection primarily addresses breaches of confidence in personal data and is built upon privacy principles, confidence as a legal concept provides a more general form of protection. It extends to all instances of non-public information, regardless of the type of data or the means through which it is shared.

Related: 5 Situations That Require a Non-Disclosure Agreement

In cases involving breaches of confidence, courts heavily rely on the surrounding circumstances to determine whether an obligation of confidence existed. Therefore, it is crucial for entrepreneurs and business executives to implement a rigorous need-to-know policy.

Courts are unlikely to uphold claims of breach of confidence if non-public information was disclosed to someone who had no legitimate need to know it.

In every claim for breach of confidence, the claimant must demonstrate not only that a duty of care was owed to them — by establishing the existence of confidence obligations — but also that this duty was breached, and that the breach resulted in damage to the claimant.

Understanding and applying the principles of confidence empowers parties to establish obligations even without formal agreements. As legal and business environments evolve, confidence remains a dynamic and reliable means of protecting informational assets and maintaining trust in professional relationships.