Many companies have separate policies defining what information is ‘confidential’ and setting out an employee’s obligations

Confidential information can include trade secrets, product designs, financial information, business strategies, marketing plans, customer or supplier information — anything the company has acquired or developed, often at great cost, that is valuable and important for its success and must be kept secret.

What is not confidential information is anything already in the public domain — i.e., anything that is publicly available. If you can find it on the Internet, it is almost certainly not confidential. Therefore, any intellectual property, such as patents, industrial designs, copyright (if they have been registered) is not confidential information either, although it is often very valuable.

Many companies have separate policies defining what information is “confidential” and setting out an employee’s obligations, in the form of written agreements, to protect such information and not disclose it to any third parties, especially competitors. If there is no written agreement, an employee would have an implied obligation not to disclose or use confidential information, but the advantage of written agreements is that they ensure employees have a clear understanding of what their obligations are.

The definitions of confidential information usually specify what information the company wants to protect, which, if disclosed, could cause significant harm to the business. These definitions are often expansive, listing obvious items such as financial reports and marketing plans, but might also include generic words, such as “data” or “documents,” which would only be protected if they contain confidential information.

Some confidential information provisions have exclusions permitting use or disclosure of, for example, information that is in the public domain, compellable by legal process or used with the permission of the company.

While it is important to have written agreements defining a company’s confidential information, it is just as important that a company take concrete steps to protect it — such as keeping electronic information password protected, maintaining paper copies under lock and key and making such information only available on a need-to-know basis.

If the company displays a cavalier attitude towards protecting its confidential information, there is a risk a court may find it is no longer considered confidential. Courts will strive to protect confidential information from improper use or disclosure by, say, former employees who might use it to compete with the company they left. There are powerful remedies, such as injunctions, that would guard against this.

If the company seeks the protection of the courts, it is essential that it a) precisely defines the confidential information it seeks to protect; b) explains why it is confidential; and c) seeks a protective order to prevent its disclosure through the litigation process.

It may be surprising to many that the Supreme Court of Canada found in R. v. Stewart that for the purposes of theft under the Criminal Code, there is no property in confidential information — meaning someone stealing confidential information cannot be charged with theft.

However, a company usually has contractual (in employment agreements or policies protecting confidential information) or equitable rights (such as breach of confidence or breach of fiduciary duty) to protect its confidential information.

It is important to ensure that a company’s confidential information is properly identified and protected to avoid litigation. In this electronic digital age, it is all too easy — and perilous — to have your family jewels whisked away in a heartbeat.