May 12, 2020

What's next | Confidentiality, Privacy & Data Processing

We recently published an article discussing the importance of relationships as business and society come to terms with the ‘new normal’ and how our assumptions need to be challenged. We said we would put out further discussion documents and checklists on a range of topics. Click here to see the full list.

In this article we explore confidentiality, privacy and data processing.

When parties come together for a common purpose such as a collaboration, or a supply of goods or services, confidential information is likely to be exchanged in order to fulfil that purpose. Parties can establish various arrangements to address how that information will be stored and used. The two most common ways for commercial parties are (i) through a standalone confidentiality or non-disclosure agreement, or (ii) through the contract between them containing confidentiality provisions.

Broadly there are two types of confidential information – (i) commercially sensitive information; and (ii) personally sensitive information(i.e. personal information). Both types of information will be subject to the terms of any agreement between the parties. In addition, because of legislation such as the Privacy Act, the second category carries with it additional obligations to, and certain rights for, the individual concerned.  

In our discussion below, we also look at aspects of data processing arrangements. These arrangements typically have two main focuses: (1) duties around the way in which personal information will be treated and (2) the service of processing data. We write in more detail on the service aspect of these arrangements separately. However,it makes sense to look at the information treatment aspects here.

When parties enter into a relationship creating obligations of confidentiality, there will be a set of assumptions. We set out below some assumptions made and questions posed in relation to those assumptions. These include how the parties operate, where they will be located, and how they will treat confidential information. Circumstances may have changed dramatically for you or your counterpart as a result of the‘new normal’.

What are the assumptions and things to consider for confidentiality arrangements?
What are the assumptions and things to consider in relation to privacy?
What are the assumptions and things to consider for data processing arrangements?

We have considered the issue of people changing the location that they operate from as a separate topic. You can check out the following article from Lisa Paz on ways in which working from home can affect customer/supplier relationship.

So, what’s next?

There is no right or wrong answer to the above questions.The answer will depend on a raft of factors relevant to your unique set of circumstances. The answer will often be more complicated than the letter of the contract you have.

However, underpinning the considerations is the need to understand what you need to do to protect your information, what obligations you have to third parties in relation to that information, how you need to use it and how your partners may need to use it. With this in mind you can then address how changes can be made to the agreed relationship to accommodate the “new normal” that we find ourselves in.  

We welcome your observations on the above list. If there are any other topics you want to see covered in more detail, please do let us know. We are also more than happy to have a chat on the topic of this article – feel free to get in touch.

In the video below Simon and I discuss some things to consider in relation to Confidentiality, Privacy and Data Processing.

Social media image credit: Rishi Deep

No items found.

Article Link


Get in Touch