Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
When you’re building a business, your “secret sauce” is rarely just one thing. It might be a pricing model, a list of suppliers, a product roadmap, a method you’ve refined over years, or even the way you talk to customers.
All of that value can walk out the door surprisingly easily if you don’t treat it as confidential from day one.
In this guide, we’ll break down what “confidential” means in a business context, what information is usually considered confidential in Australia, and the practical (and legal) steps you can take to protect trade secrets, intellectual property (IP) and sensitive commercial information.
The goal is simple: you should be able to collaborate, hire, pitch and scale without accidentally giving away your competitive advantage.
What Does “Confidential” Mean For A Business?
In plain English, confidential information is information you treat as private and restricted, because your business would be harmed if it was shared without permission.
In a small business context, “confidential” generally means:
- Not public (and not generally known in your industry)
- Commercially sensitive (it has real value because it’s not public)
- Shared in a limited way (only with people who need it, for a business purpose)
- Handled with protections (contracts, policies, systems and access controls)
It’s worth noting that in Australia, confidentiality isn’t just a “nice to have”. Depending on the situation, businesses may rely on:
- Contract (for example, confidentiality clauses and non-disclosure agreements)
- Equitable obligations (the common law concept of “breach of confidence”, which can apply in some circumstances even without a written contract)
- Privacy and regulatory rules (for example, where the information is personal information and privacy obligations apply)
But here’s the practical catch: the more clearly you define what’s confidential and how it must be handled, the easier it is to prevent leaks and enforce your rights if something goes wrong.
What Counts As Confidential Information In A Small Business?
One of the biggest misunderstandings we see is business owners assuming “everyone knows it’s confidential”. In reality, if you want something treated as confidential, you should be able to clearly describe it.
Common examples of confidential information for Australian small businesses include:
Trade Secrets And Know-How
- Formulas, recipes, product specifications and manufacturing processes
- Systems, workflows, scripts, methods, frameworks and templates you’ve developed
- Internal training materials and operational manuals
If your advantage comes from doing something in a unique way (even if it’s not patentable), it’s often best protected as confidential know-how.
Commercial And Financial Information
- Pricing models, margins, discount structures and quoting tools
- Budgets, forecasts, cashflow information and funding strategies
- Business plans and growth strategies
This type of information can be extremely valuable to a competitor (or even to a customer negotiating against you) if it leaks.
Customer, Supplier And Partner Information
- Customer lists and customer purchasing patterns
- Supplier lists, rates and terms
- Referrer relationships and partner arrangements
Even if the individual names aren’t “secret”, the curated list, the terms, and the relationship details often are.
Product, Marketing And Launch Information
- Product roadmaps and feature plans
- Upcoming launches, campaigns and influencer partnerships
- Brand strategy, messaging and positioning documents
Leaks here can cause real damage: competitors can copy your launch, undermine your pricing, or rush out a similar product first.
Personal Information And Sensitive Data
If you handle customer or employee personal information, that’s not only confidential in the everyday sense - it can also trigger legal compliance issues. Whether the Privacy Act 1988 (Cth) applies will depend on your business and the circumstances (including things like turnover thresholds and whether you’re in a regulated category), and some industries have additional rules.
In many businesses, your contracts and your Privacy Policy work together: one explains how you handle personal data publicly, and the other sets strict rules internally and with service providers.
What Is Usually Not “Confidential”?
Confidential information is typically not information that:
- Is already public (for example, on your website or public social media posts)
- The other party already knew before you disclosed it (and they can prove it)
- Is independently developed without using your information
- Must be disclosed by law (for example, to regulators, courts, or under certain reporting obligations)
This is why well-drafted confidentiality clauses often include exclusions like these - it reduces arguments later about what the agreement actually covers.
How Do You Protect Confidential Information In Contracts?
Confidentiality is one of those areas where “we’ll keep it informal” can backfire quickly. If you share sensitive information with anyone outside your business (or even within it), contracts are usually your first line of defence.
Here are the key legal documents and clauses that commonly protect confidential business information.
Non-Disclosure Agreements (NDAs)
An NDA is designed to help protect confidential information before (and sometimes after) you share it, especially when you’re exploring a relationship like:
- supplier negotiations
- potential partnerships
- investor discussions
- software development or product manufacturing
- joint ventures and collaborations
A tailored Non-Disclosure Agreement usually sets out:
- what information is confidential (often with a broad definition)
- the permitted purpose (why the other party can use it)
- who they can disclose it to (for example, staff/advisers on a “need to know” basis)
- security obligations (how they must store and protect it)
- return/destruction obligations when discussions end
- how long obligations last
For many small businesses, an NDA is most useful before you hand over anything meaningful. An NDA won’t automatically prevent misuse (and enforcement will depend on the facts), but it can set clear ground rules and give you stronger options if something goes wrong.
Confidentiality Clauses In Your Customer And Supplier Contracts
NDAs are great, but they aren’t the only tool. Often, confidentiality is built into the agreement that governs the relationship (for example, a service agreement, supplier agreement, or statement of work).
If you sell services, a strong set of Business Terms can help you set boundaries around what a customer can do with your materials, pricing, deliverables and internal processes.
If you operate online, your website/app terms can also help set expectations for how users must treat information and content. For example, your Website Terms and Conditions can include restrictions on copying, scraping, reverse engineering, and unauthorised use of content.
Employment And Contractor Agreements
If you hire staff or engage contractors, this is one of the most important places to “get confidentiality right”. Why? Because your team will often have access to the most sensitive information you have.
Your Employment Contract can include confidentiality obligations that apply:
- during employment (day-to-day handling rules)
- after employment ends (ongoing confidentiality and return of company property)
For contractors, you’ll usually want similar confidentiality protections, plus clear IP ownership terms (because contractors often create deliverables that you need to own and control).
Founder, Investor And Internal Governance Documents
Confidentiality issues aren’t only “external”. They can also arise between co-founders, shareholders and directors - particularly during a dispute or an exit.
Depending on how your business is structured, documents like a Shareholders Agreement can set rules around information access, who can disclose what, and what happens when someone leaves the business.
Similarly, your Company Constitution can play a role in governance and decision-making, which often affects how sensitive information is handled and who can approve disclosures.
What Should A Strong Confidentiality Clause Actually Include?
While every business is different, strong confidentiality clauses often deal with:
- Definition: a clear (often broad) description of “confidential information”
- Purpose: limiting use to an agreed purpose only
- Non-disclosure rules: who can receive it and under what conditions
- Security standards: minimum steps the recipient must take to keep information confidential
- Compelled disclosure: what happens if disclosure is required by law
- Return/destruction: obligations when the relationship ends
- Term: how long confidentiality obligations last
- Remedies: acknowledging the harm caused by breach and your right to seek urgent relief (like an injunction), where available
Good drafting is about reducing grey areas. If a clause is vague, it can be harder to enforce when it matters most.
How Do You Keep Information Confidential In Day-To-Day Operations?
Contracts are essential, but they aren’t enough on their own. If your business treats confidential information casually, it becomes much harder to argue later that the information was truly confidential and valuable.
Here are practical steps that can make a big difference.
1. Identify Your “Confidential Core”
Start by listing the information that would genuinely hurt your business if it leaked. For many small businesses, this includes:
- pricing models and margins
- customer lists and lead sources
- supplier terms
- product roadmaps
- internal SOPs and templates
This list helps you decide what must be locked down and what can be shared more freely.
2. Use “Need To Know” Access
A simple rule: if a person doesn’t need the information to do their job, they shouldn’t have it.
- Restrict folder access (especially to finance, strategy and customer databases)
- Limit admin permissions in tools like CRM, accounting platforms and cloud storage
- Remove access promptly when someone changes roles or leaves
3. Label Confidential Information Clearly
This doesn’t need to be complicated. Adding “Confidential” to documents, proposals and emails (where appropriate) can help demonstrate you consistently treated the information as confidential.
It also reduces the “I didn’t realise” excuse.
4. Have Clear Team Rules (Not Just Verbal Expectations)
Even a short internal policy can help, especially as your team grows. You want rules on things like:
- using personal devices for work
- forwarding work emails
- storing files in personal cloud accounts
- discussing work in public places
- using AI tools with sensitive client or business data
If you’re engaging contractors, make sure confidentiality expectations appear in writing, and not just in onboarding conversations.
5. Protect Your Intellectual Property (So You Don’t Rely On Confidentiality Alone)
Not everything should be protected as confidential forever. Some value is better protected through formal IP rights.
For example:
- If your advantage is your brand (name, logo, tagline), you may want to register your trade mark.
- If you create content, designs, software or marketing materials, you’ll want clear IP ownership terms (especially with contractors and agencies).
Confidentiality protects secrecy. IP registration protects ownership. Many businesses need both.
6. Be Careful With Pitches, Demos And “Friendly Chats”
It’s normal to want feedback on an idea, especially early on. But if you’re sharing sensitive details with potential partners, suppliers, or investors, pause and ask:
- Can I explain this at a high level first?
- Do I really need to share the underlying method or data yet?
- Should we sign an NDA before I disclose the details?
This approach lets you move quickly while still keeping your most valuable information confidential.
What Happens If Confidential Information Is Leaked (And What Should You Do)?
Even with the best systems, leaks can happen. A contractor might reuse your template for another client, a staff member might forward files to a personal email, or a partner might “repurpose” your idea after talks fall apart.
If you suspect confidential information has been disclosed or misused, you’ll usually want to move quickly and calmly.
Step 1: Preserve Evidence
- Save emails, messages and documents
- Record timelines while they’re fresh
- Keep copies of contracts that include confidentiality obligations
Early evidence can be crucial if you need to enforce your rights later.
Step 2: Contain The Issue
- Remove or restrict system access immediately (where appropriate)
- Change passwords and revoke permissions
- Ask for deletion/return of documents in writing
Containment reduces ongoing damage and shows you treat the information as confidential.
Step 3: Check Your Legal Position
Your options depend on what happened and what documents you have in place, including:
- Whether there is an NDA or confidentiality clause
- Whether the information actually qualifies as confidential (and how you treated it)
- Whether IP rights are involved
- Whether personal information is involved (privacy and notification issues)
In some situations, you may be able to seek urgent court orders (like an injunction) to stop use or disclosure, or pursue compensation. In other situations, your options may be more limited, and a well-drafted legal letter and negotiated outcome may resolve the issue quickly without formal proceedings.
Step 4: Reduce Future Risk
After the immediate issue is managed, it’s usually worth reviewing:
- whether your contracts need tightening
- whether access controls and offboarding processes are strong enough
- whether key assets should be protected through registered IP (like trade marks)
Often, a leak is a signal that the business has outgrown its “informal” processes - which is a common (and fixable) growing pain.
Key Takeaways
- Confidential information is any non-public, commercially sensitive information that could harm your business if disclosed without permission.
- Common confidential assets include trade secrets, pricing models, customer and supplier information, internal processes, and product roadmaps.
- Protecting confidential information usually starts with the right contracts: NDAs, confidentiality clauses in commercial agreements, and strong employment/contractor terms.
- Day-to-day confidentiality also depends on practical controls like “need to know” access, clear labelling, internal rules and good offboarding processes.
- Don’t rely on confidentiality alone where IP registration is more appropriate - for many businesses, trade mark protection is a key part of the strategy.
- If a leak happens, act quickly: preserve evidence, contain access, and get advice on your enforcement options.
If you’d like help protecting confidential information in your business with the right contracts and legal strategy, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
