Duty of Confidence: What Startups and SMEs Need to Know

When you’re building a startup or growing an SME, your edge often comes down to information.

It might be a product roadmap, a customer list, a pricing model, a codebase, a supplier relationship, or even the “secret sauce” behind how you deliver your service faster than competitors.

That’s where Australia’s duty of confidence rules become so important. In simple terms, it’s a legal concept that may help protect confidential information from being used or disclosed without permission - even if you don’t have a formal contract in place (although having one is usually the best approach).

Below, we’ll break down how a duty of confidence works in Australia, what you may need to prove if something goes wrong, and the practical steps you can take to protect your business.

What Is A Duty Of Confidence (And Why Should Your Business Care)?

A duty of confidence is an obligation to keep certain information confidential and not misuse it.

In the startup and SME context, it usually comes up where:

• you share valuable business information with someone (an employee, contractor, supplier, potential investor, or collaborator), and
• that person uses it for their own benefit, or shares it with others, without your permission.

Unlike privacy law (which is about personal information), a duty of confidence is typically about your business information - commercially sensitive information that gives your business value.

If you want to get the foundations right from day one, it also helps to understand the broader distinction between privacy and confidentiality, because these obligations are often confused (and they’re not the same thing).

Examples Of Information That Can Be “Confidential”

Confidential information can include:

• customer and prospect lists (and buying behaviour)
• supplier lists and negotiated pricing
• product designs, formulas, prototypes, and technical documentation
• source code, system architecture, and internal tools
• marketing strategies, launch plans, and pricing models
• internal financials and forecasts
• business processes, playbooks, and templates

One practical way to think about it is: if a competitor got this information, would it cost you time, money, or market position?

When Does A Duty Of Confidence Apply In Australia?

In Australia, a duty of confidence can arise in different ways:

• Through a contract (for example, a confidentiality clause in an employment agreement, contractor agreement, or NDA).
• Through the relationship and circumstances (for example, where information is clearly shared in confidence and the other party knows - or should know - it’s confidential).

This is why it’s risky to rely on “handshake” arrangements when you’re sharing sensitive information. In some situations you may have protection under a duty of confidence, but it can be fact-dependent and harder, slower, and more expensive to enforce than a well-drafted written agreement.

What Usually Needs To Be Shown (In Plain English)

While the legal tests can get technical, most duty of confidence claims boil down to three key ideas:

• The information was confidential (not public, not widely known, and it had value because it was secret).
• It was shared in circumstances importing confidence (for example, it was marked confidential, disclosed in a private pitch, shared in a “need-to-know” context, or disclosed under an NDA).
• There was unauthorised use or disclosure (the recipient used it, shared it, or exploited it beyond what you permitted).

From a business owner’s perspective, the important point is this: the more you treat information as confidential in practice, the easier it is to later show it was confidential.

What About Ideas Versus Information?

A common startup question is: “Can I protect my idea?”

It’s usually easier to protect specific confidential information (like a detailed plan, a document, a dataset, a prototype, or a design file) than a general idea.

So if you’re pitching, collaborating, or outsourcing work, focus on documenting and controlling what you share - not just the concept in your head.

How Do You Build A Practical “Confidentiality System” In Your Business?

Startups and SMEs move fast, so confidentiality needs to be simple and repeatable.

Here are practical steps that make a real difference (and also strengthen any future argument that information was shared under a duty of confidence).

1. Define What You Treat As Confidential

You don’t need a 20-page policy to get started. Even a simple internal list helps, such as:

• customer and supplier data
• pricing and margins
• product roadmap and technical documentation
• anything marked “confidential” in your systems

Where appropriate, add labels in documents like “Confidential” or “Commercial-in-Confidence”.

2. Limit Access (Need-To-Know Only)

If everyone can access everything, it’s harder to argue the information was treated as confidential.

Consider:

• restricting access to key folders and tools
• role-based permissions in your CRM and project management tools
• separate folders for sensitive commercial terms and financials

3. Set Clear Rules For Staff And Contractors

Many confidentiality issues happen when someone leaves, changes roles, or starts a competing venture.

Having the right documentation in place matters. For example, an Employment Contract usually includes confidentiality obligations and helps set expectations from day one.

For contractors and freelancers, it’s equally important to ensure the confidentiality terms are clear, especially if they’re working across multiple clients.

4. Be Careful With AI Tools And External Platforms

Using generative AI or third-party platforms can accidentally expose confidential information (for example, by pasting sensitive data into prompts or uploading private documents into tools that retain data for training or analytics).

If your team is using AI day-to-day, a Generative AI use policy can help you set safe boundaries and reduce the risk of accidental disclosure.

Common Startup And SME Scenarios Where Duty Of Confidence Matters

The duty of confidence often becomes relevant at key business “pressure points” - when you’re moving quickly and sharing information to grow.

Pitching To Investors Or Strategic Partners

Pitch decks, data rooms, and financial projections can contain highly sensitive information.

Even if you can’t always get an NDA signed before early conversations, you can still protect yourself by:

• sharing high-level information first, then more detailed information later
• marking sensitive documents as confidential
• keeping records of what you shared, when, and with whom

And where it’s commercially realistic, putting an Non-Disclosure Agreement in place before you share the details can significantly reduce ambiguity.

Outsourcing Development, Marketing, Or Operations

Many businesses outsource core work - software development, branding, SEO, paid ads, customer support, bookkeeping, you name it.

Outsourcing can be a growth accelerator, but you need to be clear about what the service provider can do with the information you share.

For example, your contractor shouldn’t be reusing your templates or internal playbooks for another client, and they shouldn’t be disclosing your internal pricing or strategy.

Ex-Employees Or Contractors Taking Your Playbook

This is one of the most common “real world” confidentiality risks for SMEs: someone leaves and takes internal knowledge with them.

Some know-how and general skill will always travel with a person. But if they take specific confidential information (like a customer list, a pricing model, or internal templates), that’s where duty of confidence and contractual confidentiality terms become highly relevant.

Co-Founders And Early Team Disputes

When the business is small, everything is shared informally. If relationships break down, founders sometimes argue over who owns what information, what can be used for a new venture, and what must remain confidential.

This is why it’s important to set expectations early, and to support that with the right governance documents. In many startups, a Shareholders Agreement can clarify confidentiality obligations and what happens if a founder exits.

What Legal Documents Actually Help You Enforce Confidentiality?

Think of a duty of confidence as a baseline protection - but contracts are what usually make protection clearer, faster to enforce, and easier to prove (noting enforceability will still depend on the facts and evidence).

Here are the documents startups and SMEs commonly use to protect confidential information (depending on your model and how you operate).

Non-Disclosure Agreement (NDA)

An NDA is one of the most direct tools to protect confidential information before you share it.

It typically covers:

• what information is confidential
• what the recipient can use it for (and what they can’t)
• how long confidentiality lasts
• exceptions (like information already public)
• return or destruction of confidential materials

Depending on the situation, you might use a one-way NDA (where only your information is protected) or a mutual NDA (where both parties are sharing sensitive information). If you’re collaborating, a Mutual Non-Disclosure Agreement can make negotiations smoother because both sides are protected.

Employment And Contractor Agreements

For most SMEs, your biggest confidentiality exposure is day-to-day operational access: staff, contractors, and advisors who can see commercial and customer information.

Clear confidentiality clauses in your employment and contractor paperwork can reduce confusion, set expectations, and give you stronger options if a dispute arises.

IP And Licensing Documents (Where Confidential Information Is Shared With Permissions)

Sometimes you actually want to share valuable material - but only under controlled conditions.

For example, if you’re licensing content, designs, or materials to another party (or receiving content from them), the agreement should define what’s shared and how it can be used. A Copyright Licence Agreement can be useful where copyright material is involved, particularly if that material is commercially valuable and tied to confidential business know-how.

Privacy Policy (When You’re Handling Customer Personal Information)

It’s easy to assume confidentiality is only about your “business secrets”, but for many SMEs, data is both a compliance and trust issue.

If you collect personal information (for example, via an online store, enquiry form, mailing list, or customer onboarding), you’ll often need a Privacy Policy. While privacy obligations are not the same as a duty of confidence, having the right privacy foundations reduces overall risk and signals to customers (and partners) that you take information handling seriously.

Practical Tip: Don’t Forget The “Operational” Side

Legal documents work best when your day-to-day behaviour matches them.

If your NDA says information must be protected, but your team shares it in public Slack channels, forwards it to personal email accounts, or stores it in unsecured folders, you’ll have a mismatch that can undermine enforcement.

Key Takeaways

• A duty of confidence may protect your business’s confidential information when it’s shared in circumstances where it’s clearly meant to be kept secret.
• Confidential information is usually commercially valuable information that isn’t public, such as pricing, customer lists, product plans, technical documentation, or internal processes.
• While a duty of confidence can exist without a contract, enforcement is often more fact-dependent and having written agreements (like NDAs and employment contracts) generally makes confidentiality obligations clearer and easier to prove.
• Practical steps like “need-to-know” access controls, labelling sensitive documents, and keeping records of what you share help strengthen your position if something goes wrong.
• Confidentiality risks often show up during growth moments - pitching, outsourcing, hiring, and founder transitions - so it’s worth setting up protections early.

This article provides general information only and is not legal advice. If you’d like advice on protecting your business with the right confidentiality documents and legal structure, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.