Posted inTechnology

The Common Law of Confidence: Protecting Confidential Information in a Modern Era

The Common Law of Confidence: Protecting Confidential Information in a Modern Era

The common law of confidence sits at the crossroads of privacy, commercial ethics, and professional responsibility. It provides a flexible, equitable framework for safeguarding information that is shared in trust and is intended to remain confidential. In an era of rapid data exchange, reputational risk, and complex employer–employee and client–professional relationships, the common law of confidence helps courts balance interests in secrecy, innovation, and public accountability. This article surveys the core ideas, traces the doctrine’s evolution, and explains what the common law of confidence means for businesses, professionals, journalists, and individuals today.

What is the common law of confidence?

The common law of confidence is a body of principles developed by the courts to protect information that is confidential in nature. It operates independently of statutory data protection regimes, providing remedies when confidential information is disclosed or misused without consent. At its heart, the doctrine recognizes that trust is fundamental to many kinds of relationships—between doctors and patients, lawyers and clients, employers and staff, journalists and sources—and that disclosure of confidential information can cause real harm even if the information is not a trade secret or a legally protected fact in the ordinary sense.

The classic test: three elements of breach in the common law of confidence

In its landmark formulation, the common law of confidence requires three interconnected elements. These elements originated in the traditional Coco v AN Clark framework and continue to guide modern judgments, albeit with refinements in context and scope:

  • The information has the quality of confidence. It must be information that is not trivial or general knowledge, and that would not normally be disclosed to the world. The information’s confidential character can arise from its nature (for example, trade secrets, client lists, or medical records) or from the way it is treated by the parties (explicit or implicit assurances of secrecy).
  • The information was disclosed in circumstances importing an obligation of confidence. This means there was a relationship or context in which confidence is expected—such as between professionals and clients, employers and employees, or doctors and patients—or the information itself was imparted on the basis that it would be kept confidential.
  • There was an unauthorized use or disclosure of the information. The revelation or exploitation of the information by someone who knew of the obligation to keep it confidential typically constitutes breach, unless a valid defense applies (for example, consent, public domain, or a legitimate public-interest override in some cases).

These elements create a flexible standard. The doctrine covers not only explicit secrets but also more subtle knowledge and know-how that is acquired through trust and professional duty. Modern cases often emphasize the qualitative aspect of the information and the factual context in which it was disclosed, rather than insisting on a narrow category of “secret” information.

Two tracks within the doctrine: relationship-based and information-based confidentiality

The common law of confidence recognizes two main routes to claim protection:

  • Relationship-based confidentiality. This arises when a fiduciary or other professional relationship imposes an obligation of confidence. Examples include lawyer–client, doctor–patient, accountant–client, and employer–employee relationships. In these cases, the confidence is a natural corollary of the duties that the relationship creates, even if the information is not a formal trade secret.
  • Information-based confidentiality. This applies where information itself carries a special character—such as a business secret, a unique method, or commercially sensitive data—and has been disclosed under circumstances that imply confidentiality, regardless of the deeper relationship between the parties.

These tracks intersect in practice. A commercial company might rely on both a fiduciary-like relationship with its employees and the confidential nature of its product designs, while a journalist might rely on a strong public-interest narrative alongside a confidential source’s status within a relationship of trust.

Defenses and limitations: public interest, consent, and the public domain

Not every disclosure of confidential information constitutes a breach of the common law of confidence. The doctrine recognizes important defenses and limitations that reflect competing values, such as freedom of expression and public accountability. Key considerations include:

  • Consent. If the information was disclosed with the consent or authorization of the confidant, the obligation of confidence can be discharged.
  • Public domain or prior knowledge. If the information is already in the public domain or widely known, its confidentiality may fail, limiting or negating a claim.
  • Public interest and legitimate aims. In some contexts—most notably journalism and investigative reporting—courts weigh the public interest in disclosure against the harm caused by breaching confidence. The Guardian cases and subsequent authorities illustrate how this balancing exercise operates in practice, though it is not a carte blanche defense in every situation.
  • Statutory protections and competing regimes. Data protection law, trade-secret regimes, and contractual covenants can interact with the common law of confidence in nuanced ways. Where statutory regimes provide protection, they may complement or limit reliance on the common law doctrine.

Historical development and leading ideas

The common law of confidence has evolved through a series of influential decisions. Coco v AN Clark (Engineers) Ltd is widely cited as the foundational case articulating the triad of elements. It set the template for recognizing that information can be confidential and that unauthorized disclosure is actionable where an obligation of confidence exists. Over time, courts have refined the doctrine to address modern circumstances—corporate data, digital information, and professional communications—without abandoning the core intuition that trust and discretion underlie many fruitful relationships.

In later decades, cases such as those addressing public-interest defenses and privacy rights have added texture to the doctrine. Courts have made clear that breach of confidence is not merely a private wrong but a mechanism that can facilitate legitimate public purposes when appropriately balanced against other societal interests. The resulting body of law, known as the common law of confidence, remains adaptable to new technologies, new business practices, and evolving norms about privacy and disclosure.

Remedies: enforcing the common law of confidence

When a breach of confidence is established, courts generally offer remedies designed to prevent further harm and to restore the confidant’s interests. The principal remedies include:

  • Injunctions. A court may restrain further disclosure or use of confidential information, sometimes on an interim basis while the case proceeds, and sometimes on a final basis that lasts as long as confidentiality remains meaningful.
  • Damages. Monetary compensation may be awarded for loss suffered due to the breach, including harm to reputation, loss of business, or other quantifiable harms stemming from misuse of confidential information.
  • Account of profits or constructive trusts. In some contexts, the wrongdoer’s profits from the use of confidential information may be recovered, or the information itself placed in a trusted status to prevent unjust enrichment.
  • Delivery up and destruction. Courts may order the return or destruction of confidential materials to prevent ongoing misuse.

The choice of remedy often reflects the nature of the confidential information and the degree of ongoing risk. For example, a trade secret or a unique algorithm may warrant a robust injunction against further dissemination, while less sensitive information might be addressed with damages or a limited injunction.

Practical implications for today

For professionals, businesses, and media organizations, the common law of confidence remains a critical supervisory framework. Consider these practical implications:

  • Contracts and internal policies. While not strictly required, contracts that expressly address confidentiality can simplify disputes. Internal policies, employment contracts, and client agreements can clarify what information is protected and how it may be shared.
  • Staff onboarding and data handling. Clear expectations about handling confidential information reduce the risk of inadvertent breaches. Training and secure information practices support the resilience of organizations against claims of breach of confidence.
  • Journalism and source protection. The public interest in reporting matters of significant social concern must be balanced against the obligation to protect confidential sources. This balancing act is a practical reality for newsrooms navigating the common law of confidence alongside privacy and freedom of expression concerns.
  • Data protection and confidentiality. The modern environment often requires harmonizing the common law of confidence with GDPR, the Data Protection Act, and sector-specific rules. Whether in health, finance, or technology, organizations should treat confidential information with care and document justified grounds for any disclosure.

The evolving landscape: what the doctrine means in a digital world

Conclusion

The common law of confidence provides a robust, flexible framework for protecting confidential information in a wide range of relationships and contexts. By focusing on the quality of information, the existence of an obligation of confidence, and the impact of unauthorized disclosure, the doctrine helps courts tailor remedies to the specific harms involved. For practitioners, a solid grasp of the common law of confidence supports prudent data governance, ethical decision-making, and responsible communication. As technology, regulation, and public expectations continue to evolve, the common law of confidence is likely to adapt further, preserving trust as a cornerstone of professional and commercial life.