2.3.1 Identifying business sensitive information

Was the information given in confidence?

To be confidential, the information must meet all the following criteria:

1. Confidential in nature, i.e. information that is not public knowledge and has a reason for being kept confidential (is not trivial)

2. Disclosed in circumstances that have an expectation of confidence. This obligation may either be:

   • Imposed by contract, including non-disclosure agreements

   • Implied because of the circumstances in which it was provided (such as information identified as confidential either explicitly or implicitly); or

   • Implied because of the special relationship between the parties concerned (such as that of employer and employee, doctor and patient).

3. Subject to a legally actionable breech of confidence if disclosed without permission

4. Cause detriment to the body who provided the information, if it is disclosed.

   • There should be an explicit case for detriment, such as disclosure damaging a competitive position or the ability to compete (i.e. negatively impacting key relationships, harming a negotiating position, assisting competitors)

Information provided in confidence should be protected whilst it retains its confidential nature (i.e. whilst it meets the above criteria).

General points

Confidentiality agreements are typically limited in time. If an agreement lasts for an indefinite period, consult the appropriate Legal Business Partner for a risk assessment.

Documents may have been marked confidential for internal handling, but this should not be taken at face value; they may not necessarily still be confidential.

Could disclosure cause reputational damage?

• Could the information cause reputational damage or prejudice third party confidence in the body? (i.e. criticism of a third party could damage their reputation and discourage potential customers.)

• Could the information damage the relationship between the body and a third party, such as a relationship with a supplier?

Could disclosure damage to effective conduct of the body's activities?

• Could the information have a detrimental impact on the body’s commercial revenue or threaten its ability to obtain supplies or secure finance? For instance, information on recent previous contract terms may harm a body’s ability to negotiate better terms with other suppliers.

• Could release of information inhibit the ability to conduct free and frank discussions in the future? For example, premature disclosure could inhibit external experts from providing their views and thereby risk future advice not being broad-based.

• Could release affect the supply of future information? For instance, disclosure of private advice received from a third party could discourage them from engaging with the body in future.

• Could the information weaken the body’s position in a competitive environment by revealing information that is market-sensitive or of potential use to its competitors?

Could disclosure infringe intellectual property rights?

• Could disclosing the information infringe a body’s IPR or reveal a trade secret? Examples of trade secrets may include formulas for specific products, manufacturing processes and marketing strategies. Patent information should be closed for the lifetime of the patent. A patent lasts for 5 years and can be renewed for up to 20 years. Patent details can be checked at www.ipo.gov.uk

To what extent is the information known outside the body?

• Has there been a public announcement of the information?

• Has the material been prepared for wider dissemination or publication?

• Are the third parties subject to the Freedom of Information Act and/or the Environmental Information Regulations? If so, the information might already be in the public domain through a mechanism such as a FOIA request or publication scheme.

How old is the information?

• Sensitivity, and therefore damage caused, will typically decrease over time. Information is often, but not always, only sensitive whilst an issue is live.

• Information is less likely to be sensitive if the body no longer exists or has significantly changed in the years since the information was created. i.e. BT still exists but it is no longer a public body.

General points

• It is important to assess draft documents and ideas that are discarded as well as final versions.

• Consider the granularity of the information. For instance, high-level financial information is less likely to be sensitive (especially as it is more likely to be published), whereas detailed breakdowns of budgets might be considered sensitive.

• Always consider potential damage to third parties mentioned in or affected by the information, not just the primary body.

• When considering potential damage, there should be a real possibility of it occurring due to disclosure; theoretical possibility is not enough to warrant a record’s closure.

• Decisions should be based on the effects of disclosure (i.e. would disclosure cause or be likely to cause harm) rather than the type of information.

Is the information protected by legal professional privilege?

To be protected by legal advice privilege, information must exist within confidential communications between a lawyer (external or in-house) and client for the purposes of seeking or giving legal advice.

• Does the material contain legal advice rather than business advice? Lawyers, including in-house lawyers, can give both business and legal advice, so documents to or from a lawyer are not necessarily privileged. Broadly speaking, legal advice is advice as to what should prudently and sensibly be done in the relevant legal context.

• Is the information still confidential? Confidentiality can be lost when the information has been circulated widely, such as to a large email chain, or made publicly available.

• Does the advice relate to a live issue or has enough time passed since the advice was given so that it is no longer sensitive? Legal privilege does not expire, but the age and sensitivity of the advice will be a factor for the privilege holder to consider.

Prvilege can be lost if the information is publicly disclosed. It can also be waived by the privilege holder. In the case of organisations, the holder is usually considered to be those responsible for obtaining or receiving the legal advice (often in-house legal counsel).

• Could the disclosure of information regarding a deceased person have a detrimental effect on the mental health of surviving relatives? This is covered in more detail...

• Could the disclosure of information have an adverse effect on public health? For example, could it create a health scare?

• Could the disclosure of information lead to people being physically endangered, threatened or harassed? For example:

  • Information relating to sites of controversial scientific research which may lead to them becoming targets for sabotage. Records should be closed for the timespan of the research.

  • Information about the location of individuals or groups which could lead to these people becoming targets for harassment and intimidation (i.e. people working in animal experimentation or abortion clinics)

Could disclosure of the information undermine judicial control over access to information about court proceedings?

• Is the information held only by virtue of being contained in a court record? For instance, in a contractual dispute, a copy of the contract submitted as evidence is not considered a court record as it was originally created for a different purpose.

• Disclosure should not occur until after legal proceedings have concluded. It is highly unlikely judicial control will be undermined by the disclosure of historical records.