What Is Confidential Information? A UK Business Guide

If you run a small business, you probably share sensitive information every day - with staff, suppliers, contractors, investors, and customers.

But when something goes wrong (a leak, a dispute, an employee leaving, a competitor suddenly “mirroring” your offer), the big question becomes: what is confidential information, and how do you prove it was meant to stay private?

In this guide, we’ll break down what confidential information means in a UK business context, what usually counts (and what doesn’t), and the practical steps you can take to protect your business from day one.

What Is Confidential Information In A Business Context?

In simple terms, confidential information is information that:

• is not public (or not generally known),
• has value to your business because it’s private, and
• is shared in circumstances that imply it should be kept secret (for example, during work, negotiations, or within a trusted relationship).

In the UK, there isn’t one single “confidential information” law that neatly defines everything. Instead, confidentiality is protected through a mix of:

• contract law (what your contracts say about confidential information),
• equitable duties of confidence (a legal duty that can arise even without a written contract), and
• trade secrets protections (including protection under the Trade Secrets (Enforcement, etc.) Regulations 2018, where the information meets the legal criteria for a trade secret).

For most small businesses, the practical takeaway is this: you’re usually in the strongest position when you’ve clearly identified what is confidential, limited access to it, and written it into your agreements and policies.

Confidential Information vs Personal Data

It’s also worth separating two terms that often get mixed up:

• Confidential information is broader - it can include business strategy, pricing, supplier terms, and more.
• Personal data is information about an identifiable person (for example, customer contact details). That’s regulated by UK GDPR and the Data Protection Act 2018, and usually needs a properly drafted Privacy Policy.

Some information can be both (for example, a private customer list containing names and purchase history). In that case, you need to protect it under both confidentiality principles and data protection rules.

What Typically Counts As Confidential Information? (Practical Examples)

So, what does confidential information look like in real life? For small businesses, it often includes information that gives you an edge, would harm you if shared, or is intended to stay within your business.

Common examples include:

• Customer and lead lists (especially where they’re curated and not publicly available)
• Pricing models, discount structures, and margin data
• Supplier arrangements, including rates, rebates, and contract terms
• Product roadmaps, upcoming launches, and feature plans
• Internal processes, templates, scripts, training materials, and know-how
• Financial information such as forecasts, cash flow, and budgets
• Sales and marketing strategy (campaign plans, audience data, messaging tests)
• Non-public business metrics (conversion rates, churn rates, performance dashboards)
• Contract terms with clients (particularly in B2B work where terms vary deal-by-deal)

If you regularly work with freelancers, consultants, agencies, or development partners, you’ll usually want confidentiality provisions built into your service documentation - for example, a tailored Service Agreement can spell out what information is confidential, how it can be used, and what happens when the engagement ends.

What About “Trade Secrets”?

Trade secrets are often treated as the “high value” category of confidential information - the kind of information that would seriously damage your business if misused or disclosed.

For example:

• a unique formula, method, or process you’ve developed
• a proprietary algorithm or internal scoring system
• a confidential pricing calculator that underpins your margins
• your private supplier network and negotiation playbook

In the UK, a trade secret generally needs to be secret, have commercial value because it’s secret, and be subject to reasonable steps to keep it secret. This is why stronger protection steps (access controls, strict contractual obligations, and clear policies) matter: if you treat sensitive information casually, it can be harder to show later that it was truly protected as confidential (or as a trade secret).

What Doesn’t Count As Confidential Information (And Why This Matters)

This is where a lot of business owners get caught out.

Not everything you’d like to be confidential will be treated as confidential - especially if it’s already public, or if you haven’t taken reasonable steps to protect it.

Information is less likely to be confidential if:

• it’s genuinely public (published online, in marketing materials, or otherwise widely available)
• it’s “general skill and knowledge” gained through experience (for example, a staff member becoming better at sales over time)
• you share it without restrictions (for example, sending a supplier price list around casually without any confidentiality terms)
• it’s independently developed by the other party without using your information
• it’s already known to the recipient before you disclosed it

This matters because, in a dispute, you’ll usually need to show that:

• the information had the “quality of confidence” (it wasn’t public), and
• it was shared in circumstances that created an obligation of confidence, and
• there was unauthorised use or disclosure causing harm (or creating a real risk of harm).

From a practical perspective, it’s much easier to enforce confidentiality when you’ve done the boring-but-important groundwork: clear contracts, clear labelling, and tight access controls.

How Do You Protect Confidential Information In Your Business?

Protecting confidential information is a mix of legal documents and day-to-day business habits. If you only do one without the other, you leave gaps.

1) Use The Right Contracts (And Don’t Rely On Handshakes)

If you share non-public business information without a written agreement, you’re taking an avoidable risk. Even though confidentiality duties can exist without a contract, contracts make expectations crystal clear and can give you stronger, clearer enforcement options.

Depending on the relationship, you might use:

• a Non-Disclosure Agreement (often used before pitching, partnering, or sharing sensitive plans)
• confidentiality clauses inside a commercial contract (for example, a services or supply agreement)
• employment documentation that sets out confidentiality obligations

When you hire staff, confidentiality is usually addressed in an Employment Contract, often backed up by policies in your staff handbook (especially for IT use, data handling, and security).

2) Define “Confidential Information” Properly

A common mistake is using a vague definition like “everything is confidential”. That sounds strong, but it can be too broad to be practical (and harder to apply fairly).

A better approach is to define confidential information in a way that is:

• broad enough to cover what matters (commercial, technical, financial, operational information), but
• clear enough that everyone understands what they must protect.

Many businesses also include sensible carve-outs (for example, information that is already public, or that must be disclosed by law).

3) Control Access Internally (Need-To-Know Only)

Courts and regulators tend to look at whether you treated the information as confidential in practice.

Simple but effective controls include:

• restricting sensitive folders to relevant team members only
• using role-based access in software tools
• separating “management-only” financial data from general company documents
• requiring strong passwords and multi-factor authentication
• having a clear offboarding process when someone leaves (return of devices, removal of access, confirmation of deletion)

If you allow staff to use personal devices for work, be careful - data can easily be copied, synced, or retained. A clear acceptable use approach and data handling rules can reduce the risk (and support your position if a dispute arises).

4) Mark Sensitive Documents Clearly

Labelling isn’t magic, but it helps.

For example, adding “Confidential” to:

• pitch decks
• pricing schedules
• supplier terms
• product roadmaps

…makes it far easier to show everyone understood the information was not for wider sharing.

5) Consider Your IP And Ownership Clauses

Confidential information and intellectual property (IP) are closely linked. For example, you might share confidential designs or know-how with a contractor who is building something for you.

In that situation, you’ll often want both:

• confidentiality clauses (don’t disclose or misuse), and
• IP ownership clauses (who owns what gets created).

If you’re collaborating with another business, a properly structured Collaboration Agreement can cover confidentiality, ownership, and what happens if the relationship ends.

Common Business Scenarios Where Confidentiality Risks Come Up

Most confidentiality problems don’t start with “bad people”. They start with unclear expectations and loose systems - and then things snowball.

Here are a few common scenarios where small businesses should be extra careful.

Pitching To Investors Or Strategic Partners

If you’re raising money or exploring a partnership, it’s normal to share projections, customer metrics, and strategy.

Before you hand over anything sensitive, consider whether you need a Mutual Non-Disclosure Agreement (especially where both sides will share confidential information during discussions).

Also consider what you can safely share in stages - for example, high-level metrics first, deeper detail later once the relationship progresses.

Working With Contractors, Agencies, And Freelancers

Contractors often need access to your systems, brand assets, and internal information to do their job.

But remember: contractors are not employees, and they may be working with multiple clients at once. You’ll want clear clauses covering:

• confidentiality obligations
• limits on use (only for your project)
• return/deletion of information at the end
• IP ownership (so you actually own what you pay for)

Employees Leaving (Especially Senior Staff Or Sales Roles)

This is one of the biggest real-world confidentiality flashpoints.

When someone leaves, your risk often relates to:

• client relationships and pipelines
• internal pricing and margin info
• strategy and plans

A well-drafted employment contract will usually contain confidentiality obligations that continue after employment ends, and may also include restrictions (like non-solicitation) where appropriate.

It’s also wise to follow a consistent exit process so you can show you took confidentiality seriously all along (not just when someone resigns).

Online Reviews, Social Media, And Marketing Content

Your team might post behind-the-scenes content, “day in the life” videos, or client success stories - all great for marketing, but easy places to accidentally reveal confidential information.

Having clear internal guidelines on what can and can’t be shared can save you headaches later, especially if you work in sensitive industries or B2B services.

Key Takeaways

• In a business context, confidential information is non-public information with commercial value that’s shared in circumstances where it should be kept secret.
• Confidential information often includes customer lists, pricing, supplier terms, internal processes, financial forecasts, and strategy documents.
• Information is less likely to be confidential if it’s public, widely known, treated casually, or simply part of someone’s general skill and experience.
• Your strongest protection usually comes from combining practical controls (access restrictions, labelling, offboarding) with the right legal documents.
• Using an NDA, strong confidentiality clauses, and well-drafted employment and contractor agreements can help you prevent disputes and enforce your rights if something goes wrong.
• If you handle personal data alongside confidential business information, you’ll also need to think about UK GDPR compliance and documentation like a Privacy Policy.

If you’d like help protecting your confidential information with the right contracts and practical legal setup, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.