Whether you’re a big company, small business, or a sole trader, one of the most important factors you need to consider is protecting your business’s privacy and confidentiality.
Your business’s confidential information is the edge you need over your competitors in today’s competitive environment.
After all, isn’t this what keeps your business going and thriving? It sure is.
This is where it’s essential to know how confidentiality and privacy makes a difference.
They both sound similar, don’t they? In some instances, they are, but they do play different roles.
To ensure that your business continues to thrive and you have a clear understanding of these terms and how they may impact your policy development, read along.
Let’s dive in.
What is the difference between privacy and confidentiality?
Before we get into the itty-bitty details of privacy and confidentiality for your workplace, it will be good first to understand the differences between the two terms.
Privacy and confidentiality differ in the type of information they can protect.
Confidential information is protected by how you’ve defined it in your employees’ contract or your company’s policies.
Whereas privacy and privacy laws protect personal information according to what is required under the following pieces of privacy legislation applicable in NSW, VIC and Western Australia:
- Australian Privacy Principles (APPs)
- Privacy Act 1988 (Privacy Act) – More information about the Privacy Act is available in the Office of the Australian Information Commissioner (OAIC)
- Freedom of Information Act 1992 (WA)
- Commonwealth Privacy Act.
In general, they differ in how they protect different types of information. Since they are defined differently, they are also enforced differently.
What is privacy in Australia?
In Australia, privacy refers to the protection of people’s rights to their personal information privacy, including:
- Phone numbers
- Healthcare – health information, health records and health service providers
- Address, email, telephone number, date of birth
- Medical records – personal health information
- Bank details
- Photos and videos
- IP address
- Disability and aged care information
- Family members information, carer and emergency contact details
The Privacy Act applies to individuals, commonwealth government agencies (gov) and businesses.
So if you run a business, chances are that you will come across the sensitive information listed above. Because of that, you need to understand your obligations around privacy.
Don’t know what your obligations are? These are all contained and governed by the Privacy Act.
What is the Privacy Act 1988?
Unlike confidentiality, privacy imposes obligations on you based on what is required under the Privacy Act.
So as a business owner, you may be required under Privacy Act to protect your customer’s personal information from:
- Unauthorised access
When you no longer need your customers’ personal information, you must destroy it or de-identify it.
How do you know if the Privacy Act applies to your business?
If your business has an annual turnover of more than $3 million, you must comply with the Privacy Act.
Even if your business has an annual turnover of less than $3 million, you may still have to comply with the Privacy Act.
This will depend on what business you have and run. Let us give you some examples. You’ll still be required to comply with the Privacy Act if:
- Your business is in the health sector. For example, therapists, gyms, weight loss clinics, child care centres and private education providers
- Your business sells or purchases personal information
- You are a contractor providing services under a contract with the Australian Government
- You are a credit provider/credit reporting body
- You are a residential tenancy database operator
So, how is this different to confidentiality? Let’s go through it now.
What is confidential information in Australia?
Privacy is governed by the Privacy Act, but confidentiality isn’t. This is a matter of common law.
It simply means that the way confidentiality is defined and enforced depends on how it is written into your employees’ contracts and your business policies.
You don’t need any specific laws to tell you how to do this. Most business owners, however, often include confidentiality clauses for the sake of protecting valuable business information.
You need to think about this to protect your business’s information.
For example, think about KFC. I’m sure KFC doesn’t want their 11 secret herbs and spices to become public knowledge. This is what keeps their business going.
What is defined as confidential information?
So, you’re probably asking yourself, ‘how do I know what is considered confidential information?
As mentioned before, confidentiality is more flexible than your privacy obligations because it is entirely up to you on how you define it in your company’s agreements and employment contracts.
You have the power to decide what would be considered confidential in your business and what isn’t.
Looking for some examples? If you write up an employment contract or business policy, confidential information can include:
- Disclosure of personal information
- Employee perks
- Client lists
- Trade secrets
- Sales numbers
- Customer information
- News about pending terminations
- Reasons for a firing
- Phone codes or computer passwords
- Customer details and confidential information
- Information that relates to the contract
- Information disclosed in the course of employment
Suppose your business deals with any of the things listed above. In that case, this information should be listed as confidential in your employee’s contracts and outlined in your business policies.
What isn’t considered confidential information?
One important thing to note is that not all information will be considered confidential, and there are certain exemptions.
Yes, that’s right, there is a fine line between the two. Here are some things not considered confidential:
- Information that’s entered the public domain and has become common knowledge. Even if it goes public, personal information will still be protected by the Privacy Act.
- Disclosure of facts in legal proceedings and court documents may destroy confidentiality
- Publication of information subject to personal confidence will usually destroy any duties of confidentiality
- Publications of differing versions of similar information destroy confidence
- Disclosing party has given written consent for the receiving party to disclose it
- Disclosure is required to provide the goods or services under the contract
- Disclosure is required by law, for example, in court proceedings
- Information disclosed to a professional advisor, like a lawyer
The main point here is that confidentiality in Australia is not explicitly regulated.
This is why it’s vital that you carefully draft a confidentiality clause appropriate for your business.
Confidentiality defined by the law
Even though no specific legislation governs confidential information, you can still take legal action if your business’s confidential information is breached.
To establish this, there are specific requirements. For instance, the information cannot be:
- In the public domain
- The relevant parties must have been informed of its confidential nature
- The information must have been received in the circumstances importing an obligation of confidence. For example
Why is privacy and confidentiality important?
Privacy and confidentiality are important whether it’s the personal information of customers, employee information that managers collect or proprietary information, which is otherwise called trade secrets.
Let’s go through them:
- Privacy and confidentiality could be the edge you need over your competitors in today’s highly competitive environment, which is why you need to protect it
- It is possible that your business could dry up if your former employee goes to work for a competitor and shares your client list
- You hire a contractor to create a software code for a new product, but they use the same code when hired for another company.
- When confidential information is not protected and secured, it can cause both losses to your business and unlock the possibility of fraudulent activity such as identity theft
- It’s important to maintain your duty of confidentiality because if you don’t, you could face legal action for breach of confidence
We’re sure breaches of privacy and confidentiality is the last thing you want happening to your business.
What if we told you there are a few things you can do to prevent this and ensure your business is protected? There are different privacy and confidentiality policies you can implement in your business.
Maintaining privacy and confidentiality in the workplace
Did you know that you can take legal and non-legal steps to ensure privacy and confidentiality is protected in and outside your workplace?
Sound like music to your ears? Let’s go through it.
1. Confidentiality Clause (Agreement)
When dealing with sensitive information, it’s a good idea to be clear from the start to protect your business’s information from being stolen by anyone who comes into contact with your business. This is important whether you bring in:
- New employees
- Service providers
- Customers onboard
This can be done through a Confidentiality Clause or otherwise known as a Confidentiality Agreement.
A Confidentiality Agreement is a legal document that you can use to disclose private or sensitive information to another party while legally forbidding the other receiving party from disclosing that information to any other person or entity.
This document is only enforceable if it is signed by you and the other party and places an obligation on one or both parties to keep specific information confidential.
Due to this, this document must be signed and dated before sharing or receiving confidential information. So you can use a Confidential Agreement if:
- You would like to (or need to) disclose confidential information
- You would like to stop confidential information (such as trade secrets) from falling into the wrong hands
- You would like to protect your confidential information
- You would like to have legal options available if your confidential information is compromised or disclosed
So if you’ve been reluctant to hire new employees or enter into contracts with other businesses because you don’t have a Confidentiality Agreement, why not create your own customisable Confidentiality Agreement ready for use in under 5 minutes.
It must also include provisions relating to when personal information can be accessed, transferred, shared and kept.
- You would like to inform your consumers, suppliers or contractors how you collect, use and respect information data;
- You would like to comply with Australian Federal laws on privacy; and
3. Mandatory restorative injunction
Injunctions are another way or remedy provided by the discretion of courts to protect your business confidential information. It is a way to prevent someone from doing something or make someone do something.
A mandatory injunction is a positive injunction and falls into the latter category. This means that the courts will require someone, for example, to fix something or restore something to its natural state.
More specifically, related to confidential information, a mandatory restorative injunction forces the defendant, such as an employee, to fix the damage committed by them.
For example, an employee will be required to remove information posted online if it is confidential information from your business. This is as they would have breached their Confidentiality Agreement.
4. Implement a Confidentiality Policy
Another great way to ensure that new, current and leaving employees understand their obligations to keep their confidential information secure is by implementing a Confidentiality Policy.
A Confidentiality Policy is a document that forms part of a business’s Human Resources Policies. It sets out:
- The responsibilities and obligations that an employee must follow when dealing with a business’s confidential information
- How employees and employers can deal with privacy complaints
- Reasonable steps to take in case sensitive information is lost/stolen (e.g. a Data Breach Plan)
Your employees must be informed about such a policy if you decide to enact it. The wording of your confidentiality policy must be precise if you intend it to form part of your employment contract.
Use words such as “abide by” and “comply with” to ensure your employees know that this policy is a promise.
5. Non-Disclosure Agreements/ Confidentiality Agreements
Non-Disclosure Agreements are two-way legal documents that your business can use to disclose confidential information to a receiving party while legally forbidding either party from disclosing that information to any third parties, be it a person or entity.
Non-Compete Agreements are similar legal documents that will protect your business from having its information exploited by an employee seeking a competitive advantage.
Reasons why you should implement or update your Non-Disclosure or Non-Compete legal documents:
- Prevent a situation where employees with access to your business’ private information use the information to start their own competing business in the same industry;
- You want to disclose new confidential information in negotiation and want it not to be in the public domain;
- You want to place new restrictions on the use of confidential information;
- You want to access new confidential information from a new business you want to join forces with; or
- You want to protect confidential information, including customer lists and trade secrets.
If you don’t want to worry about your employees possibly using your confidential information for their own purposes, consider adding or revising your existing Non-Disclosure or Non-Compete agreement to protect your private information.
6. IP Assignment Deeds
The freelance market has seen steady growth in recent years. Hiring freelancers has many advantages, including lower costs for outsourcing and hiring someone who is a specialist in their field of work.
However, you need to be careful when hiring contractors to produce creative assets.
This is mainly because of issues surrounding intellectual property and who owns it. When someone designs a creative asset, they are the owner. However, the creator of intellectual property will not always be the intended owner, as they may wish to sell or transfer their ownership rights to another person or persons.
This is where an Intellectual Property Agreement, otherwise known as an IP Assignment Agreement, will come into handy.
An IP Assignment Agreement transfers ownership of IP from one party to another, usually for a price. Apart from setting out the transfer in a legally binding contract, it also dictates the rights and obligations of both parties, along with relevant warranties and indemnities.
If an owner of a registered patent, trademark, design, or plant breed wishes to transfer their intellectual property ownership rights to another person, they can do so.
If you want to steer clear from any potential disputes and ensure your IP is protected so your business’s logo belongs to your business, an IP Assignment Agreement will do just that.
If this is something you haven’t done or considering, look at our IP Agreement to get started.
7. Employee Contracts
Confidentiality clauses in new employment agreements can educate new employees about your workplaces regulations surrounding confidential information.
These clauses ensure that new employees understand that they can’t use confidential information gained outside their employment.
Ensure your employees employment contracts are clear and precise to ensure your new employees understand these obligations and duties.
To protect your confidential information, you can take several practical steps during a worker’s employment. For example:
- Password-protecting all emails and folders;
- Allowing access only to confidential information that is relevant; and
- You should not allow employees to take files home without permission
- Have a clear policy regarding employee use of personal devices to access confidential information
- Monitor potential wrongdoing using a legally compliant surveillance policy. You may be able to monitor an employee’s work emails or monitor the printer usage of an employee.
Termination of Employment
When an employee decides to resign, their employment contract may contain provisions to protect confidential information.
This generally relates to the handing over any confidential information, accounts or company property.
A popular confidentiality clause relating to resigning employees is the Non-compete Clause. A non-compete clause will prevent a former employee from using confidential information, such as:
- Trade secrets
- Other intellectual property
- To start their own competing business
- Disclosure of such information to other competitors
Now, Non-compete Clauses are only enforceable if the court considers them necessary for the protection of your businesses interests, so it’s best to get them reviewed by a lawyer.
Post-Employment Breach of Confidentiality
A letter of demand can be sent to an employee if they have violated their confidentiality obligations after employment ends, asking that they:
- Do not use any confidential information
- An undertaking to delete or return relevant confidential information. A legal undertaking is a promise to do something or not do something.
You can apply for an interlocutory injunction with the help of a lawyer if the employee refuses to stop using your confidential information. It is a court order that can temporarily stop someone from doing something until the full case is resolved.
Our lawyers can help you decide whether to file a lawsuit for an injunction or breach of confidentiality in less urgent circumstances.
Other key questions around privacy and confidentiality
How long is a confidentiality agreement effective for?
It is not an essential element of a confidentiality agreement to impose a specific time frame.
It is recommended that your document should not contain a time frame and an obligation of confidentiality remain until the information is no longer classified as confidential and enters the public domain.
In cases where the parties decide to agree on a time limit, to ensure enforceability, the deadline must not go over what is reasonably necessary to protect the legitimate interests of your business.
Will my confidentiality agreement be enforceable overseas?
Like many contracts, the Confidentiality Agreement is only enforceable in the country or state specified in the agreement.
Similarly, this document is governed by the law/s in the respective country or state it is executed in.
If you intend to take legal action to enforce this Agreement or seek remedies for its breach, you will need to do so in the State or Territory Court where the document was executed.
Who else should sign a confidentiality agreement?
- Clients – When engaging with clients or potential clients, a business or entity may have the clients sign a confidentiality agreement when sensitive information is disclosed.
- Vendors – A business that relies on third-party vendors who may have access to their confidential information should notify and get the vendor to sign a confidentiality agreement during their business relationship to ensure their information is protected
- Contractors – Having an independent contractor sign a confidentiality agreement where they may have access to confidential information during their employment would prevent the contractor from acting on the information and protect the contracting entity.
- Investors – Investors may be asked to sign a confidentiality agreement when commercially sensitive information is shared between the parties to ensure the information does not go public and the information is protected.
What happens if the terms of my confidentiality agreement are broken?
A confidentiality agreement sets out a party’s rights in a breach by the other party. These rights may include:
- Obtaining an injunction in the event of an anticipatory breach (to prevent information from being released)
- Monetary compensation (damages) where a breach has already occurred
Understanding the differences between privacy and confidentiality is an integral part of your business’s growth and development.
You must protect your business information at all costs. There are various ways your business can maintain and strengthen its position on confidentiality.
For instance, having strong and clear employment contracts, implementing non-compete clauses or having a confidentiality policy.
If you suspect a former employee, contractor or supplier is using your business confidential information; you can ask them to stop or may wish to hire a lawyer.