Information is the most valuable asset you possess in today’s business economy.
Two adjectives are consistently used when talking about business information: proprietary and confidential
Proprietary information is about ownership of the information. For example, information proprietary to you is information owned by you and information proprietary to a customer/prospect/partner or supplier is owned by that respective entity.
So calling information “proprietary information” tells you that is owned by someone (it’s not public), but doesn’t tell you who owns it. You would think that would matter to how you handle proprietary information, but it doesn’t.
You have an obligation to prospects/customers/partners and suppliers to be just as diligent with how you handle information proprietary to them as you have with information proprietary to you.
The second adjective applied to business information is confidential. Confidential means that there are some restrictions on how that information can be accessed or distributed.
As with any property, the owner defines the rules by which the property can be used by others. Therefore, with proprietary information, the owner defines who can access or distribute the information, what information can they access or distribute, where can they access or distribute it, when can they access or distribute, and how can they access or distribute it.
You can imagine that the information owner can place any combination of crazy restrictions on its access. However, to make control of information practical in a business context, information owners define a small number of information confidentiality levels (or information classifications) and describe the access and distribution rules for each level. The simplest classification is two levels: non-confidential and confidential. However, some companies define four or five levels of confidentiality.
In earlier times, businesses primarily distributed information on paper, and stamped the word “confidential” on any document of that classification.
In our modern sharing culture created by the internet, information is so easy to create, distribute, and re-redistribute, owners often forget to mark confidential information as such.
Marking something as confidential is as simple as prefacing the information with the word “confidential” and you should do this. However, just marking a document as confidential does not detail the restrictions around its access or distribution.
Here are practical guidelines on how to handle confidential information you create, you have access to, or you receive. These guidelines are consistent with different NDAs and confidentiality agreements, but do not supersede the requirements specified in a particular agreement:
- Only use confidential information for its stated purpose
- Only disclose confidential information to parties affiliated with its stated purpose
- If the confidential information is proprietary to another party, delete the information upon that party’s request or after it has fulfilled its stated purpose
For example, just because you have an NDA with another party, that does not mean you can give them all of your company’s confidential information, unless that is required to meet the stated purpose.
To abide by the above rules, you need to understand the purpose for the confidentiality of information you possess (or to communicate the purpose if you are the author), and understand who is, and who is not, affiliated with the stated purpose.
If you feel that the restrictions around the information need to be clarified beyond the general guidelines listed above, to avoid doubt in the minds of the recipients, preface the information with your unique restrictions or state the purpose for its confidentiality.