It is commercially important to keep confidential information confidential: a confidentiality (or non-disclosure) agreement contains an acknowledgement of that by the parties and sets out how they must handle the information they receive within their own organisation and the consequences of failure to do so.
Commercially confidential information covers more than just individual personal information which is protected by the Privacy Act: it includes business, financial, marketing and systems information.
Most confidentiality agreements contain an indemnity by the recipient for losses arising from a breach. An indemnity can be used to expand the scope of losses otherwise recoverable at law.
If you are disclosing confidential information it is important to mark it as confidential.
And if you receive confidential information it is important that you maintain a list of all employees to whom the confidential information is provided.
If confidential information is being exchanged as part of a tendering process or as part of due diligence the parties need to agree on what will happen to the information if the transaction does not proceed. Will it be returned or destroyed? How long must it be kept confidential for after the exchange?
Market-sensitive confidential information in particular must be safeguarded.
ASIC’s Report 393 Handling of confidential information: Briefings and unannounced corporate transactions (REP 393) recommended that “Listed entities, regardless of their size, must take responsibility for the management of their own confidential, market-sensitive information. Poor practices in this area can have legal ramifications in terms of compliance with the continuous disclosure obligations in the Corporations Act. In addition it can have serious implications for the entity’s transaction and its overall reputation.”
In Australian Securities and Investments Commission v Newcrest Mining Limited [2014] FCA 698 the Federal Court imposed a $1.2 million penalty on Newcrest Mining Limited for contravening its continuous disclosure obligations.
Confidential information given to Government
In Clifford Chance and Department of Industry [2014] AICmr 61 the Privacy Commissioner decided that FOI access should not be given for information provided to the Department of Industry as it was confidential.
The Australian Information Commissioner has issued Guidelines under the FOI Act. In relation to the confidentiality exemption, the Guidelines provide:
“A breach of confidence is the failure of a recipient to keep information, which has been communicated in circumstances giving rise to the obligation of confidence, confidential. The FOI Act expressly preserves confidentiality where that confidentiality would be actionable at common law or in equity.
To found an action for breach of confidence (which means s 45 would apply), the following five criteria must be satisfied in relation to the information:
•it must be specifically identified
•it must have the necessary quality of confidentiality
•it must have been communicated and received on the basis of a mutual understanding of confidence
•it must have been disclosed or threatened to be disclosed, without authority
•unauthorised disclosure of the information has or will cause detriment.”