Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
When you’re running a small business, you’ll often need to share sensitive details with people outside your team - a potential investor, a supplier quoting on your new product, or a consultant helping you refine your pricing model.
In those moments, you might mark documents “Commercial in Confidence” and hope that’s enough to protect them. But is it?
In this guide, we explain what “commercial in confidence” means in Australia, when to use it, and the practical legal steps to actually protect your information. With the right approach, you can collaborate confidently while keeping your valuable know‑how safe.
What Does “Commercial In Confidence” Mean In Australia?
“Commercial in confidence” (sometimes written “commercial-in-confidence” or “commercially confidential”) signals that the information is sensitive to your business and shouldn’t be shared beyond the intended purpose.
It’s a label - a way of putting the recipient on notice that the contents are confidential.
However, the label alone usually isn’t a legal shield. If a dispute arises, Australian courts will look at broader factors: Was the information actually confidential (i.e. not public and valuable)? Was it shared in circumstances importing confidence? Did the recipient know or ought to have known it was confidential? And most importantly, did you put proper legal protections in place?
It’s also helpful to distinguish confidentiality from privacy. Privacy laws protect personal information about individuals. Confidentiality protects business information such as pricing, customer lists, processes, trade secrets and strategy. They often overlap in practice, but they’re not the same. If you handle customer data, you’ll likely need a Privacy Policy as well as confidentiality measures. For more on the difference, see Sprintlaw’s explainer on privacy and confidentiality.
When Should A Small Business Use Commercial‑In‑Confidence Notices?
Use the “Commercial in Confidence” label whenever you’re sharing information that has business value and isn’t public. That might include:
- Product designs, roadmaps, prototypes or unique processes.
- Pricing models, margin analysis, costings and supplier terms.
- Customer lists, sales strategies and marketing plans.
- Financial forecasts, funding plans and investor decks.
- Software architecture, data schemas and proprietary code snippets.
Typical situations include early supplier quotes, investor conversations, due diligence for a potential partnership, tender submissions, or briefing a contractor on a new project.
What About Tenders And Government Submissions?
Many public sector tenders invite “commercial-in-confidence” information and explain how it will be handled. Still, don’t assume the label guarantees secrecy. Read the tender terms carefully and, where appropriate, include a tailored confidentiality schedule or request specific redactions for publication.
What Shouldn’t You Mark “Commercial In Confidence”?
Anything already public (for example, content on your website) or information you intend to publish widely (like a press release) shouldn’t be marked confidential. Over‑labelling can dilute credibility and make genuine confidentiality harder to enforce.
Is “Commercial In Confidence” Legally Binding? Make It Enforceable
On its own, “Commercial in Confidence” is a helpful signal, but it isn’t a magic bullet. To make confidentiality enforceable, it’s worth putting binding obligations in place before you disclose sensitive information.
Use An NDA (Or Confidentiality Deed)
A Non‑Disclosure Agreement (NDA) or confidentiality deed sets out exactly what’s confidential, how it can be used, who it can be shared with, and what happens if it’s leaked. This is the most reliable way to protect your commercial confidentiality.
In practice, many businesses use a mutual NDA if both sides will share information, and a one‑way NDA where only one party is disclosing. Deeds can be helpful in certain scenarios (for example, where there’s no clear exchange of value) because they don’t require consideration to be enforceable. If you’re deciding between an agreement and a deed, it can help to understand what a deed is under Australian law.
Back Up With Contract Clauses
Confidentiality doesn’t only live in NDAs. Strong confidentiality clauses in your main contracts (like a Services Agreement, manufacturing contract, or licence) can cover information disclosed during the broader relationship. For ongoing stakeholders, include confidentiality in your Employment Contract or Contractor Agreement so obligations apply from day one.
Limit Access And Keep Records
Courts consider your own behaviour. If you share documents widely without safeguards, it weakens your position. Restrict access on a need‑to‑know basis, password‑protect sensitive folders, and keep a record of what was shared, when, and to whom. These practical steps support your legal protections.
How To Share Confidential Information Safely: A Practical Process
You don’t need to overcomplicate this. A simple, repeatable process can dramatically reduce your risk while keeping momentum with partners and suppliers.
1) Identify What’s Truly Confidential
Before any meeting or data room upload, list the items that carry real commercial value or could cause harm if leaked. That clarity helps you avoid oversharing, and it’s the starting point for your NDA scope.
2) Put The Paperwork In Place First
Send your NDA for signature before you disclose. If you’re already working under a contract, check whether the confidentiality clause covers the new information and, if not, add a short addendum. Make sure the counterparty actually signs - it sounds obvious, but it’s a common miss.
3) Label Appropriately And Use Secure Channels
Mark documents “Commercial in Confidence” and add a brief footer reminding recipients of the NDA or contract obligations. Use secure sharing tools rather than email attachments where possible, require login, and set view/download permissions sensibly.
4) Apply The “Need‑To‑Know” Rule
Share the minimum necessary to achieve the purpose. If you’re seeking a quote, do they need the full customer list, or will a redacted sample do? Smaller bundles of information are easier to control.
5) Keep An Audit Trail
Maintain a log of what was shared and when. For larger projects, note who accessed files and for how long. If anything goes wrong, that audit trail can make the difference in responding quickly and proving your case.
6) Plan For The “What If”
If confidential information overlaps with personal information (for example, a customer dataset), build incident response into your plan. A practical, tested Data Breach Response Plan will help you act fast and meet legal obligations if a breach occurs.
7) Strengthen Internal Controls
Confidentiality starts at home. Clear internal rules about how your team handles sensitive information, backed by an Information Security Policy, reduce accidental leaks and show partners that you take security seriously.
Key Legal Documents To Protect Commercial Confidentiality
Depending on your business model and who you’re sharing information with, these documents commonly form your confidentiality toolkit.
- Non‑Disclosure Agreement (NDA): Defines what’s confidential, how it can be used, who it can be shared with (e.g. advisers who are also bound by confidentiality), how long obligations last, and what happens on termination (return or destruction). Start with a well‑drafted Non‑Disclosure Agreement and tailor it to the purpose.
- Main Services Or Supply Contracts: Include robust confidentiality and IP clauses in your core contracts (services, manufacturing, distribution). If you provide services, a clear Service Agreement should cover confidentiality, data security, and permitted disclosures.
- Employment Contract And Policies: Confidentiality should be baked into your Employment Contract and supported by practical workplace policies. Consider acceptable use rules and exit procedures (e.g. returning devices and data).
- Contractor Agreement: Many leaks happen via contractors. Your Contractor Agreement should include confidentiality, IP ownership or licence terms, and clear limits on sub‑contracting and data handling.
- Privacy Documentation (If Personal Data Is Involved): If confidential information contains personal information, ensure your Privacy Policy and related notices match what you’re doing. Clients and partners will expect this when data is in scope.
- Information Security Materials: An Information Security Policy sets out how your team stores, accesses and disposes of sensitive data. It supports your contractual promises and operational discipline.
What Should Your Confidentiality Clauses Cover?
Whether inside an NDA or a broader contract, look for these essentials:
- Definition of “Confidential Information”: Clear but not overly narrow - include written, oral and electronic information, plus notes and analyses derived from it.
- Purpose Limitation: The recipient can only use the information to evaluate a proposal, provide the services, or another agreed purpose.
- Permitted Disclosures: Usual carve‑outs to professional advisers who are bound by confidentiality, or disclosures required by law or a regulator (ideally with notice to you).
- Exclusions: Information already public (without breach), already known to the recipient, independently developed, or rightfully received from a third party.
- Security Measures: Reasonable steps to protect information, including access controls and secure storage.
- Return/Destruction: What happens when the relationship ends or on request - return or destroy confidential materials and confirm in writing.
- Duration: Often 2-5 years; trade secrets may warrant longer periods.
- Remedies: Acknowledgement that damages may be inadequate and you can seek urgent injunctive relief (to stop the leak quickly).
Can You Rely On “Commercial In Confidence” Labelling Alone?
It helps, but it’s rarely enough by itself. A clear label supports your case that the recipient knew the information was confidential, but your position is much stronger when it’s backed by an NDA or contract clause and sensible security practices.
Key Takeaways
- “Commercial in confidence” is a useful signal, but real protection comes from combining clear labelling with binding contracts and practical security.
- Use an NDA or strong confidentiality clauses before disclosing valuable non‑public information, and tailor them to your purpose.
- Confidentiality and privacy are different: if personal data is involved, ensure your Privacy Policy and data practices are up to scratch.
- Limit access, share on a need‑to‑know basis, and keep an audit trail - practical controls support your legal position.
- Bake confidentiality into core relationships via your Employment Contract, Contractor Agreement, and service or supply contracts.
- Prepare for the “what if” with an Information Security Policy and a tested Data Breach Response Plan where personal information is in scope.
If you’d like a consultation on setting up robust “commercial in confidence” protections for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.
