Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
What Should a Confidentiality Form Include?
- 1. Who Are the Parties (And Who Else Is Covered)?
- 2. A Clear Definition of “Confidential Information”
- 3. The Purpose Limitation (How They Can Use the Information)
- 4. Non-Disclosure Obligations (How They Must Protect It)
- 5. Exclusions (What Is Not Confidential)
- 6. Time Period (How Long Confidentiality Lasts)
- 7. Return or Destruction of Information
- 8. Ownership and Intellectual Property
- 9. Remedies if There’s a Breach
- Key Takeaways
If you run a small business, you’ll inevitably share valuable information with people outside your “inner circle”. That might be a contractor helping you build your website, a supplier quoting on manufacturing, a potential investor asking for your numbers, or even a new hire who needs access to your systems on day one.
The issue is that once information leaves your business, it becomes harder to control. And if your confidential information is misused (even accidentally), it can cost you customers, revenue, and a lot of time trying to fix the damage.
This is where a confidentiality form can make a real difference. It’s a simple, practical legal tool that helps you set expectations early, reduce risk, and make it easier to act if something goes wrong.
Below, we’ll walk you through what a confidentiality form is, when you should use one, what to include, and how to use it properly in an Australian business context.
What Is a Confidentiality Form (And Is It the Same as an NDA)?
A confidentiality form is a written agreement where someone agrees to keep your confidential information private and only use it for a limited, permitted purpose.
You’ll often hear it called a “confidentiality agreement” or “non-disclosure agreement (NDA)”. In practice, these terms are commonly used interchangeably.
The key point is this: the form creates clear legal obligations about confidentiality, so you’re not relying on goodwill, assumptions, or verbal promises.
Why a “Form” Matters for Small Businesses
Many small businesses start off operating informally. You might send a quote, jump on a call, and share details without thinking twice. But as soon as you share things like customer lists, pricing strategies, or product ideas, you’re taking a risk.
A confidentiality form helps you:
- Set clear boundaries about what can and can’t be done with your information
- Protect key business assets (including intellectual property and trade secrets)
- Create a paper trail if you ever need to enforce your rights
- Build trust with partners and contractors by being clear and professional
Do You Need a Confidentiality Form If You Already Have a Contract?
Sometimes yes, sometimes no.
Many commercial contracts include confidentiality clauses. If you already have a well-drafted agreement that covers confidentiality properly, you may not need a standalone confidentiality form.
But a standalone confidentiality form can be useful when:
- you want to share information before the “main” agreement is finalised
- you’re not sure whether a larger agreement will be signed at all (for example, early-stage negotiations)
- you want a quick, specific document focused only on confidentiality
When Do Australian Businesses Typically Need a Confidentiality Form?
There’s no single moment when every business “must” use a confidentiality form. Instead, it’s about recognising higher-risk situations where your business information could be exposed, copied, or reused.
Here are some common scenarios where having a confidentiality form in place is usually a smart move.
1. Hiring Employees or Onboarding Contractors
If someone is going to access your systems, client information, pricing, internal documents, marketing plans, or product roadmap, confidentiality should be addressed from the start.
Often, confidentiality obligations are included in an employment agreement. If you’re hiring, it’s worth having a properly drafted Employment Contract so expectations are clear and enforceable.
If you’re engaging freelancers or contractors, a separate confidentiality form is also common (especially if you’re sharing sensitive information before a broader contractor agreement is signed).
2. Talking to Potential Investors or Business Buyers
If you’re raising capital or considering selling your business, you may be asked to share:
- financials and projections
- supplier terms
- customer acquisition strategy
- operational processes
- business plans and market research
A confidentiality form helps reduce the risk that the other party uses your information to compete with you, approach your customers, or replicate your model without doing a deal.
3. Collaborating With Another Business
Joint ventures, referral arrangements, co-marketing campaigns, and shared projects often require both sides to reveal internal information.
Even if the relationship is friendly, misunderstandings happen. A confidentiality form makes sure you’re aligned about what is confidential and how it can be used.
4. Outsourcing Key Work (Developers, Designers, Agencies, Bookkeepers)
When you outsource, you might share admin access, customer data, product information, or backend documentation.
This is especially relevant if your service provider will have access to personal information. Confidentiality is part of the picture, but you’ll also want to think about privacy compliance and whether you need a Privacy Policy and other privacy documentation in place.
5. Testing a New Product, Service or Process
Beta testers, early customers, and pilot partners can be incredibly valuable. But if your product is genuinely innovative, those early disclosures can also create risk.
A confidentiality form can help you share just enough to test and validate your idea, without losing control of it.
What Should a Confidentiality Form Include?
A confidentiality form doesn’t need to be long to be effective, but it does need to be clear.
Overly generic templates can create problems, because what counts as “confidential” and what you want to stop someone from doing can vary significantly between industries and relationships.
Here are the clauses and concepts we typically recommend covering.
1. Who Are the Parties (And Who Else Is Covered)?
Start with the basics:
- your business name (and correct legal entity)
- the other party’s name (individual or entity)
- who can receive the information (for example, their employees or advisers)
It’s surprisingly common to sign a form with the wrong party name, especially if someone operates through a company or trust. Accuracy matters, because it affects enforceability.
2. A Clear Definition of “Confidential Information”
This is the heart of your confidentiality form.
A good definition often includes information that is:
- not public
- commercially valuable
- shared in connection with a particular project or purpose
It’s also common to list examples, such as:
- client lists and customer data
- pricing and quoting models
- financial information
- business plans and marketing strategy
- systems, processes and know-how
- product designs, formulas, prototypes, code and documentation
The more specific you are about what you’re actually protecting, the easier it is to enforce later.
3. The Purpose Limitation (How They Can Use the Information)
A confidentiality form shouldn’t just say “keep it secret”. It should also say what the recipient can do with the information.
For example, you might allow use of the information only to:
- prepare a proposal or quote
- provide services to you
- evaluate a potential investment or acquisition
- deliver a joint project
This is important because misuse isn’t always “spreading secrets”. Sometimes it’s using your information for a different purpose than you intended (like using your customer insights to pitch your customers).
4. Non-Disclosure Obligations (How They Must Protect It)
This clause sets the standard of care expected. Common obligations include:
- not disclosing the information to third parties (except permitted people)
- taking reasonable steps to protect it (for example, password protection, secure storage)
- only sharing it internally on a “need to know” basis
If you’re dealing with sensitive personal information, you’ll want confidentiality obligations to align with your privacy processes too (especially if a data breach occurs).
5. Exclusions (What Is Not Confidential)
Most confidentiality forms include carve-outs for information that:
- is already public (without fault of the recipient)
- was already known to the recipient before disclosure
- is independently developed without using your confidential information
- must be disclosed by law (for example, a regulator requirement)
These exclusions make the agreement fair and workable, and they reduce disputes about information that isn’t realistically protectable.
6. Time Period (How Long Confidentiality Lasts)
Some confidentiality obligations last for a fixed period (for example, 2–5 years). Others last indefinitely, especially for trade secrets.
What’s “right” depends on what you’re sharing. A short-term marketing plan might not need indefinite protection, but a proprietary method, formula, or dataset often does.
7. Return or Destruction of Information
If the relationship ends or the deal doesn’t go ahead, you’ll usually want the other party to:
- return documents and materials, or
- destroy them (including copies), and confirm destruction if requested
This helps reduce the chance that your information sits in someone’s inbox or cloud drive for years.
8. Ownership and Intellectual Property
A confidentiality form should make it clear that you remain the owner of your confidential information and any associated intellectual property.
If you’re sharing materials like designs, documents, code, or written methods, this clause helps prevent arguments later about who owns what.
9. Remedies if There’s a Breach
If someone breaches confidentiality, the damage can be hard to “undo”. That’s why confidentiality forms often include wording acknowledging that you may seek urgent court orders (injunctive relief) to stop ongoing disclosure or misuse.
Even if you never go to court, having this clause can help signal that confidentiality is serious and that you intend to enforce it.
How Do You Use a Confidentiality Form Properly (Without Slowing Down Your Business)?
Many business owners like the idea of confidentiality in principle, but worry about adding friction to deals and projects.
The good news is: using a confidentiality form doesn’t have to be complicated. You just need a simple process.
Step 1: Identify “Trigger” Moments
Decide when your team must use a confidentiality form. For example:
- before sharing customer lists or pricing strategy
- before granting access to systems or shared drives
- before sharing financials with potential buyers/investors
- before starting a collaboration where your methods or know-how will be shared
This avoids the common problem of remembering confidentiality only after information has already been disclosed.
Step 2: Sign First, Share Second
It sounds obvious, but it’s one of the biggest mistakes we see.
If you share confidential information first and get the form signed later, you can still end up with protection, but your position may be less clear (and you may have a dispute about exactly when the obligations started, or what was covered at the time).
As a practical workflow: send the confidentiality form early, and make information-sharing conditional on signing.
Step 3: Keep the Form Consistent With Your Other Documents
Your confidentiality form shouldn’t contradict your other contracts.
For example:
- If you’re engaging a contractor, the confidentiality form should align with your contractor agreement and any IP ownership terms.
- If you’re hiring staff, confidentiality should match what’s in your employment documentation and workplace policies.
- If you’re dealing with customer data, confidentiality should align with your privacy practices and disclosures.
Where you have multiple documents in play, consistency is what keeps your risk low.
Step 4: Limit Access Internally Too
Confidentiality isn’t only about “other people”. It’s also about how your business handles information day-to-day.
Consider practical steps like:
- giving access only to team members who genuinely need it
- using role-based permissions in your software
- keeping a clear folder structure (and avoiding “everyone can access everything”)
- maintaining version control for key documents
This strengthens your position if there’s ever a dispute, because it demonstrates that you treated the information as confidential in the first place.
Step 5: Use the Right Tool for the Relationship
A confidentiality form is a great tool, but it’s not always the only tool you need.
Depending on the relationship, you might also need:
- a service agreement (so scope, payment, IP and liability are clear)
- employment documentation (for staff access to systems and customers)
- customer-facing terms (so you control how your services are delivered)
If you’re unsure what combination is best, it’s usually worth getting advice early rather than trying to patch things later.
Common Mistakes With Confidentiality Forms (And How to Avoid Them)
Confidentiality forms are simple, but they’re often used in ways that make them less effective.
Using a One-Size-Fits-All Template
A generic confidentiality form can be too vague, too broad, or not suited to Australian law and your specific use case.
If the definition of confidential information isn’t clear, it becomes harder to prove that the information was protected and misused.
Not Identifying the Correct Party
If you’re dealing with a contractor who operates through a company, the agreement should usually be with that company (or otherwise ensure the individual is bound).
This is especially important when you’re dealing with third parties who may subcontract the work to others.
Relying on Confidentiality Alone When You Need Stronger Protections
Confidentiality helps stop disclosure and misuse, but it doesn’t automatically solve everything.
For example, if you’re sharing an idea for a product, confidentiality helps, but you may also need to protect your intellectual property properly (such as trade marks, copyright, or contractual IP assignment clauses).
Forgetting to Use It Early Enough
Confidentiality should be addressed before the disclosure, not after.
Once information is out, it may be difficult to control, even if you later get a signature.
Assuming It’s Enforceable Without Evidence
If a dispute happens, practical evidence matters.
Keeping records of what was shared, when it was shared, and under what agreement can make enforcement significantly easier.
Key Takeaways
- A confidentiality form helps protect your business when you need to share sensitive information with employees, contractors, collaborators, investors, or potential buyers.
- It works best when it clearly defines what “confidential information” is, how the recipient can use it, who they can share it with, and how long the obligations last.
- Signing first and sharing second is one of the simplest ways to strengthen your position and reduce risk.
- Your confidentiality form should be consistent with your other legal documents (like an Employment Contract and your Privacy Policy) so your obligations don’t conflict.
- Common mistakes include using overly generic templates, naming the wrong party, or relying on confidentiality alone when you also need IP and contract protections.
If you’d like a consultation on putting the right confidentiality form in place for your business (and making sure it fits with your contracts and processes), reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
Note: This article is general information only and isn’t legal advice. If you’d like advice for your specific circumstances, you can speak to a lawyer.
