Confidentiality law

Confidentiality law

Related services


Confidentiality law

The law of confidentiality is useful in the commercial world as it recognises that certain information that has been divulged in circumstances imposing an obligation of confidence should be protected. The requirements are considered further below. The scale of confidentiality varies greatly and starts with trade secrets at one end, e.g. the recipe for a market-leading product. At the other end of the scale of importance comes the firm, which does not want its competitors to know how many customers it has or who these customers are. Breach of confidentiality does not depend on an express contract between the parties (although non-disclosure agreements are often used to ensure certainty) and it has the following three elements:

  • The information must have a necessary quality of confidentiality itself. For the information to be considered confidential, it must appear to have a confidential quality to it. A good indicator of whether information is confidential is whether it is labelled as such on the outside of a folder or if it contains a confidential watermark running through it. The consequences of the information being released into the public domain may also be relevant to the decision as to whether the information has the necessary confidential quality. For example, in areas such as patents or the registering of designs, certain information becoming public knowledge prior to the patent or design being registered would have huge consequences for the application. In a case such as this, the information would be treated clearly as confidential due to the nature of the outcome of that information being released into the public domain.
  • The information must have been imparted in circumstances importing an obligation of confidence. When secret information is dealt with in a commercial setting, it is usually the case that an obligation of confidence is created by an express contractual provision. These are called non-disclosure agreements and are a standard business practice across many different fields. If the obligation of confidence is not expressly provided then in certain cases there will be an implied duty of confidence. An example of where this would arise is in an employment setting, as employees are considered to owe an implied duty of confidence concerning trade secrets and such like to their employers.
  • There must have been an unauthorised use of the information to the detriment of the party communicating it

Quality of confidentiality

For information to be of a confidential nature, it has to be sufficiently important and have involved some thought or effort on the part of the person who had the idea. It cannot just be a general concept. The test for this is as follows:

  • The information must be such that the owner believes disclosure would be injurious to them or would be advantageous to their rivals or to others
  • The owner of the information must believe it to be confidential or secret and not already in the public domain
  • The owner's belief in the above must be reasonable
  • The information must be judged in the light of usages and practices of the particular trade or industry concerned

Obligation of confidence

In the absence of an express contractual term imposing confidentiality, there are a number of circumstances that can give rise to an obligation of confidence. The most obvious ones are between solicitor and client, doctor and patient and between an employer and his or her employee during the course of employment.

In less obvious situations, the test used to determine whether the circumstances will give rise to an obligation of confidence is whether, at the time of receipt of the information, the circumstances were such that it would be obvious to a reasonable person that the information was confidential.

Although the original recipient of information may owe a duty to the owner of the information to keep that information confidential, the obligation of confidentiality will not necessarily extend to a third party who acquires the information from the original recipient. This is particularly true if the third party does not know that the information is confidential. In these circumstances, it is possible that the third party can use or disclose the information as they wish, even though the original recipient of the information breached the duty they owed to the owner by disclosing the information to the third party. However, if such third party acquires or receives information in circumstances in which he or she knows, or ought reasonably to know, such information is confidential, such third party may also be bound by the obligations of confidentiality until the relevant information becomes available to the general public.

Unauthorised use

Information that remains locked in the mind of the person who obtains it cannot cause a problem. It is only when there is unauthorised use of the information that the law of confidentiality steps in. For example, the information may have been supplied to another party in order for that party to do a specific task, for example, personal information may be passed to an employee of a company for the sole purpose of entering the data into the company computer system. If they were to do just that, it would constitute the authorised use of the information. If, however, that person was to use the information for any other purpose such as disclosing it to others, that would constitute an unauthorised use of the information.


The remedies for breach of confidence consist of injunction (or, in Scotland, interdict), damages, or an account of profits, and delivery up or destruction of documentation containing the relevant information.


There are several defences to a claim of breach of confidentiality available to the recipient of information. These include where the recipient can show that the information is no longer confidential because it is now public knowledge through no act of the recipient (the recipient cannot be allowed to benefit from his or her own wrongdoing).

In addition, there is the defence of public interest. The court will not respect an obligation of confidence if it is in the public interest that confidential information is made known to the public.


Suing for an alleged breach of an implied duty of confidence should be considered a last resort, primarily because you cannot know with certainty before you begin proceedings that the court will find that a duty of confidence can in fact be implied at all, or what the extent of that duty will be considered to be in your particular case. Imposing specific ways to protect confidential information on the recipient is of far more use than suing for breach of an implied duty of confidence. Practical steps include adopting a procedure for retention and destruction of documents, marking documents that are confidential, and entering into non-disclosure agreements.