Confidentiality Disclaimer. Those are two words that can be very intimidating. What exactly is a confidentiality disclaimer, and what are you supposed to do with one?
Even if you aren't a lawyer, you probably understand what "confidential" means. Whether the word has come up in a chat with one of your friends or during an important meeting with your boss, keeping something confidential means one thing -- not sharing the information you've just been given.
A disclaimer is used when someone wants to avoid legal liability. For example, when you watch a TV show, look carefully at the credits. You'll probably see that there's a disclaimer in the fine print.
For example, take a look at this disclaimer from MGM:
The part at the end where it says, "The characters and incidents portrayed and the names used herein are fictitious, and any similarity to the name, character or history of any person is entirely coincidental and unconditional," is MGM's disclaimer.
In layman's terms, it means the creators of the show didn't model their characters after any real people.
So, if a guy in this show acts just like your Uncle Fred, it's purely a coincidence -- and that would be MGM's response if Uncle Fred tried to sue them.
OK, so you understand confidentiality, and you understand disclaimers. So how do the two go together?
Confidentiality disclaimers are used on important documents -- both online and off -- to try to limit the legal liability of the sender. They're included in hopes that a judge will agree that the sender did everything he could to protect the information. That way, if the document accidentally winds up in the wrong hands, the sender may not face such a large legal threat as he would have without the disclaimer in place.
That's why most confidentiality disclaimers specifically mention accidental recipients. For example, look at the message that John Doe included at the bottom of his email for anyone who "received this email in error":
Some disclaimers will even instruct the mistaken recipient to destroy the information so that no one else can see it:
Confidentiality disclaimers may also include details about exactly how the information should be used. That way, if someone decides to misuse the information in any way, the sender isn't legally responsible for what happens as a result.
For example, look at the confidentiality disclaimer that asset management company Fasanara Capital uses:
In layman's terms, that last sentence means that this information isn't designed to convince you to buy or invest in anything. If you decide to use it as your reason to invest in a specific security or asset, the company is not liable for what happens to your money because you misused their information.
While they show up on all kinds of documents, confidentiality disclaimers are most common in emails.
After all, the contents of an email can be forwarded to countless other people in a matter of mouse clicks.
If you want to see a confidentiality disclaimer at work, look carefully at some of your important emails. If there's a confidentiality disclaimer, you'll probably find it towards the bottom.
Here's an example:
While this language may look like something that only a lawyer would need to use, that's not the case.
Bankers, accountants, financial advisors, doctors, business partners, startups looking for capital, companies that are merging, and anyone else who has access to important, sensitive information likely uses a confidentiality disclaimer in their emails.
Large companies tend to use them, too, even if they don't fall under one of the examples we just mentioned.
In many of these cases, the company would rather be safe than sorry. Including a confidentiality disclaimer at the bottom of every email reminds recipients that the information is sensitive and needs to be treated as such. That reminder alone may prevent future trouble from popping up.
Bottom line -- there are almost as many different kinds of confidentiality disclaimers as there are people who use them.
Some confidentiality disclaimers are narrow in scope. For example, a lawyer may use a short confidentiality disclaimer aimed solely at anyone who mistakenly receives an email from him because he's bound by professional ethics to uphold attorney-client privilege.
Or, a company may include a confidentiality disclaimer that specifically addresses any discussion of trade secrets that may be included in the document.
For example, the recipes for Coca-Cola or a Big Mac's Secret Sauce are trade secrets that require some extra protection if you're going to be sending out any information that pertains to them!
Some confidentiality disclaimers are much broader and include things like any misstatements about a person, any employee opinions that the parent company doesn't agree with, and even viruses that may accidentally have come through with the email.
If you run a business and you want to make sure that your employees are all sending emails with the proper confidentiality disclaimers on them, you don't have to rely on them to set everything up. You can actually do all of the legwork yourself.
If you're the Administrator of your company's Office 365 service, you can create a confidentiality disclaimer that will appear on every single outbound message. If you don't have Office 365, ask your IT department for help. They should be able to automatically add a confidentiality disclaimer to every outgoing email on your server.
If you run a smaller business without an IT department and you want some help setting up the right disclaimer, you're in luck. Email confidentiality disclaimers are so popular that there are templates for creating them.
Check out this one from Exclaimer, which allows you type any disclaimer language you want into the editor.
Or, if you'd rather not spend money on a template, you can simply type your confidentiality disclaimer into the signature part of your email.
However, while most email confidentiality disclaimers can be found in the signature or footer, you may want to move yours up to the top of your emails. That way, the disclaimer is the first thing the recipient sees instead of the last thing.
And don't forget about your internal communication. After all, confidentiality applies to everyone who has access to sensitive information, whether they work at your company or not.
You can use a universal confidentiality disclaimer that goes out on all of your communications with your co-workers.
Or, you can create different disclaimers depending on what department the recipient works in, what project the recipient is working on, or what level the recipient is on (ex: senior-level management vs. a junior associate).
But confidentiality disclaimers don't just apply to emails. There's another type of document where you're going to see a lot of confidentiality disclaimers pop up -- business plans.
Whether they're printed out or sent out electronically, business plans contain all kinds of sensitive information, so it makes sense to include a confidentiality disclaimer on them.
In fact, keeping the content of your business plan confidential is so important that the experts at Qutball-Hoda suggest putting a confidentiality disclaimer at the very beginning of your business plan and even including it in your Table of Contents:
AllBusiness.com lists a confidentiality disclaimer as one of their top tips for properly formatting your business plan. The example they use takes things a step further by listing the name of the person who's receiving the plan (John A. Smith), and it even requires his signature.
Because your business is only a plan right now, it's vital that anyone who sees any of your ideas be warned with a confidentiality disclaimer.
That includes the loan officer at your bank, potential business investors, professional colleagues that you approach for advice, along with potential manufacturers, vendors, wholesalers, and product importers.
Remember -- before you have any kind of copyright or patent protection, ANYONE can steal your idea and start their own business. That's why it's so important to cross your T's and dot your I's with confidentiality disclaimers.
Do you really need to get a signature, though?
It may seem like overkill now, but if you ever need to take someone to court for violating your confidentiality disclaimer, your case will be much stronger if there's an actual signature. It proves that the other person saw and agreed to your confidentiality terms and then breached them.
But are these disclaimers really enforceable? After all, you probably haven't been arrested for removing a mattress tag! Do they actually protect you from liability?
Here are some examples:
What about specific countries? Are there laws that relate to confidentiality disclaimers?
Because email is so widely used -- and has the biggest possibility of being easily misused -- most of the laws on confidentiality disclaimers relate to emails.
The Federal Information Security Modernization Act (FISMA) is the updated version of the Federal Information Security Management Act of 2002. It applies to government information. In order to comply with it, there has to be a confidentiality disclaimer in all emails that include such information.
Government information also falls under the Freedom of Information Act (FOIA). This law allows for either the full or partial release of information that's controlled by the federal government. Since email is such an easy way for the government to comply with FOIA requests, there needs to be a disclaimer just in case the wrong information is released.
American financial institutions -- including banks, securities firms, and insurance companies -- have to comply with The Gramm-Leach-Bliley Act (GLB). Among other things, these institutions are required to include confidentiality disclaimers on all of their emails.
Depending on the exact type of business, either the Securities and Exchange Commission (SEC) or the Federal Trade Commission (FTC) is responsible for enforcing The GLB Act.
Any business that has access to a patient's medical data has to follow The Health Insurance Portability and Accountability Act (HIPAA), and part of HIPPA compliance includes using a confidentiality disclaimer. HIPAA also requires these businesses to inform their patients about the risks associated with transmitting their personal medical information.
The UK does not have any specific laws that relate to confidentiality disclaimers.
However, according to Out-Law, British courts have the discretion to ignore them. As a result, the confidentiality disclaimer you place at the bottom of your emails may or may not limit your legal liability if something goes wrong.
If your company monitors email data and/or email content, you'll have to comply with the Telecommunications Regulations of 2000. Specifically, all of your outgoing emails will have to include a disclaimer that says, "(Name of Company) may monitor email traffic data," or "(Name of Company) may monitor email traffic data and also the content of email for the purposes of (list the reasons - like employee training, for example)."
That way, recipients know that the information is being seen by more than just the sender -- and it's not quite as confidential as they may have otherwise thought!
There are no specific laws in Canada that require confidentiality disclaimers.
However, the experts at Tech Soup Canada say that including a confidentiality disclaimer in your emails is a good idea. Why? They say that if an email recipient sees one of these disclaimers, he's less likely to run out and try to sue you. Consider it to be a "placebo effect" for your emails.
And when it comes to confidentiality, violating a disclaimer could actually turn into legal trouble for the recipient.
However, there are no absolutes in Canadian courts. You may be able to lessen your liability, but you may not.
The EU created Directive 95/46/EC to protect the privacy of personal data when it's being collected, processed, or transmitted.
However, the European Commission has also told courts that it can ignore any "unreasonable contractual obligation" if the consumer has not freely negotiated it.
In other words, the confidentiality disclaimer you use may or may not stand up in court if the recipient didn't explicitly agree to it.
Even if you're not in an industry or a country that requires the use of a confidentiality disclaimer, it certainly won't hurt you to start using one.
If nothing else, it shows that you take sensitive information very seriously, and no one will ever be able to fault you for that.