Protect confidential information disclosed by email
Since the creation of email in the 1970s, email use has grown exponentially and is now the most popular digital and business method of communication used between companies, businesses and individuals.
In the US, email is the number one activity that smartphone users engage in on their smartphone, at about 78%.
This statistic is not surprising. Convenient and mostly free of charge, email presents an instantaneous way of exchanging information without having to worry about traffic jams for face-to-face meetings, postal delays, fax machines or an engaged phone line.
But what if you want to share confidential information with another party using email? Is it secure and is your information legally protected?
Just as email presents a huge convenience advantage over other methods of communication, it can also easily present a problem if you share confidential information with a party that does not respect confidentiality or take sufficient precautions to do so.
The email could be forwarded and re-forwarded to an alarming number of people over the course of a few minutes.
On top of this, unlike a physical presentation using a laptop during a pitch presentation, a Receiving Party of confidential information can easily save and choose to retain a copy of your confidential email for as long as they wish, without your knowledge.
Non-Disclosure Agreement (NDA)
The most common way to do protect information, either shared through email or not, is by using a non-disclosure agreement (NDA). This agreement is a contract that binds the Receiving Party of confidential information to keep the confidential information secret and not to use it without permission.
This NDA can be unilateral (or one-way), where only you intend to be sharing confidential information and the receiving party of your information (“Receiving Party”) is obliged to keep your confidential information secret.
A mutual NDA agreement, on the other hand, will be more appropriate if both of you and the other party plan to make disclosures of confidential information to each other and both of you agree to be bound to secrecy.
Confidential information can include documents, designs, sketches, analyses, source codes and marketing plans.
You define what “confidential information” is in this agreement. Here’s an example from Accuride Corp’s agreement that also expressly includes information provided in electronic form:
Protecting your confidential information is especially important if you intend to disclose any trade secrets.
Trade secrets are a special type of information that can range from formulas and techniques to special devices that allow a business to maintain a significant competitive advantage over others that is not easily discernible by competitors.
Reasonable efforts must also be made to protect the trade secret and this includes requiring parties who receive the trade secret to be bound to secrecy.
Famous businesses with successful trade secrets include KFC, Coca-Cola, Mrs Field’s Chocolate Chip Cookies and Google’s Algorithm.
Here’s an example of a clause from Coca-Cola’s agreement describing what constitutes a trade secret:
Using email disclosures
Since email has become almost the norm for most business communication, it’s highly understandable if you wish to send confidential information using email at some point.
Confidential information can be sent directly using text in the email itself or as an attachment to your email.
However, as mentioned before, there are inherent risks with using email.
Information can be easily and wrongly or mistakenly transferred to another party, just by the click of a mouse. Unlike physical documents that are limited by the number of copies available for distribution, emails can be forwarded easily to an enormous number of Inboxes within a short period of time.
There’s also the risk of hacking and theft of confidential information sent through the internet. Confidential information that is kept in a physical form could be stolen by a thief as well, but for example in Coca-Cola’s case, the thief would have to physically break into Coca-Cola’s vault to access its secret formula.
It’s a lot easier to steal confidential information online as hackers could work from a remote location anywhere in the world.
Bearing in mind these risks, if you choose to make confidential disclosures through email, your NDA can provide legal protection for these email disclosures if you provide for email disclosures in the scope/definition of confidential information in your agreement that you’ll sign.
Although it does happen, you should always ensure that you get the other party to sign your NDA before you email over any confidential information to ensure that the other party is formally notified of the requirement for confidentiality.
If you have already emailed through confidential information before the agreement has been executed, you should require confidentiality for past confidential information that have been shared already, in the definition of what is confidential information under the agreement.
In order to reduce your risk of exposure for confidential disclosures that you make through email, here are a few best practices that you should also bear in mind.
Include automatic confidentiality disclaimers in all your emails
You should place an automatic confidentiality disclaimer as a signature in all your emails.
Although this strategy is not foolproof, it will at least create awareness amongst the recipients of your email about the need for confidentiality.
Here are some good examples for different situations from My Signatures Online:
Warn the Receiving Party in advance
You should also warn the Receiving Party in advance to expect your email before you email them highly confidential stuff.
Not only is this useful in case they happen to have a bad habit of leaving their computer unlocked when they are away from their desk, but in case your email gets lost in cyberspace or ends up wrongly in someone else’s mailbox, the Receiving Party can notify you immediately if they don’t get your email.
A simple email to the Receiving Party in advance and asking them to acknowledge receipt of your confidential email should suffice.
It goes without saying that you should always double-check your email addresses before you actually press “Send.”
Insert “CONFIDENTIAL” in the subject line of your email
Make it a practice to include the bold word “CONFIDENTIAL” in the subject line of all your emails containing confidential information.
If the content of your email consists of both a combination of ordinary and confidential information, you may want to make an extra marking of “CONFIDENTIAL” next to information or paragraphs that are confidential to differentiate them from ordinary information.
Attachments should be marked as “CONFIDENTIAL”
If you intend to include attachments that are confidential, you can include the word “CONFIDENTIAL” in the naming of the attachment itself.
You can also mark content within the attachment as “CONFIDENTIAL.”
Here are some examples from SlideShare presentations that contain confidential information and how the creators are marking this.
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user) where the word “Confidential” is used throughout the presentation’s index:
Customer Lifetime Value in Digital Marketing where the words “Confidential & Proprietary” are used throughout the whole presentation’s index:
Optistruct Optimization 10 Training Manual where the words “Proprietary and Confidential Information Copyright (c) 2008 Altair Engineering, Inc. All rights reserved” are used in the presentation to denote confidentiality and copyright:
Sarawak Energy where the word “Confidential” is included in the title of the presentation and in the index of the presentation itself, the words “Private & Confidential – Do not duplicate or distribute without written permission” is used:
Here’s another screenshot:
J.D. Power – Mark Garrett where copyright is declared through the words “J.D. Power (c) 2016 J.D. Power and Associates, McGraw Hill Financial. All Rights Reserved” followed by the declaration “CONFIDENTIAL AND PROPRIETARY – For Internal Use” to denote confidential information:
Confidentiality obligations for employees, contractors and third parties
Due to the greater risk of confidential information being inadvertently shared or accessed by parties that may not be party to the signing of the NDA, you should include a clause that places an obligation on the Receiving Party of your information to carefully restrict access to the confidential information and to require those that they provide access to the information, to sign and agree to these non-disclosures restrictions as well.
Here’s an example of a clause in a Mutual Non-Disclosure Agreement from NewAppIdea:
Encryption allows you to hide confidential information that you send over the internet.
There are many different levels of encryption including encrypting email connections, encrypting email messages and encrypting stored email. Your existing email provider may already provide access to encryption capabilities such as Microsoft Outlook or you have the option of downloading either paid or free software or using add-ons.
There is some work involved in setting up encryption for email messages.
Both you and the other party would need to install security certificates on your computers and provide each other with a public key which are a string of characters, before you can start sending each other encrypted messages.
For more information about encryption and how to do it on your own, see this article by PC World on how to encrypt your email.
Invest in anti-virus software
Anti-virus software is a minimum requirement for most businesses that use online services. This software will notify you if you inadvertently download a malicious virus capable of scanning your computer for information or allowing a hacker entry into your system.
There are many different types of anti-virus software on the market. The popular ones are Norton Security, McAfee and AVG but there are a lot of other capable players on the market now as well. You should do your research to find one that suits you if you haven’t got one already.
Needless to say, the Receiving Party of your confidential information should also have a secure anti-virus software in place as it would be pointless to make effort on your end to protect the confidential information, only to have it stolen from the Receiving Party’s end.
Request that Parties delete emails after reading
You can also request that parties delete emails containing confidential information after reading them. If they need to keep a copy of that information, they should store it somewhere secure, preferably with online encryption or print out a copy of the information and keep it in a locked safe.
Obligations after termination of relationship
After the termination of your contractual relationship, it’s important to specify in your NDA what you want the Receiving Party to do with all your confidential information.
For example, you may wish them to return all physical copies of information back to you and you may request that they destroy all copies of information including emails and folders containing your confidential information and to provide you with evidence that they have done so.
Here’s an example of kind of clause from Accuride Corp’s Confidentiality and Non-Disclosure Agreement:
The exchange of confidential information through email is probably inevitable considering that email is much more convenient and quicker than most other traditional forms of communication and currently the most common method of communication between businesses.
If so, combining the suggested best practices above and a supportive NDA will help you navigate any inherent risks in using email.