Your browser (Internet Explorer 7 or lower) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.


Navigate / search

Cyber Liability: Determining What Information is Confidential

By Dan Hanson

May 7, 2013

We have discussed the obligation to protect the confidential information of others, but we haven’t in great detail discussed what is considered confidential information. Clearly, for an organization to understand their risk to a confidential information breach, it first has to understand what type of information may be considered confidential.

Confidential information is any information your organization has an obligation to protect that may result in financial, or other harm, to an individual or organization if it were compromised. Some obvious examples are credit card numbers, social security numbers, driver license information, bank account, healthcare information, and financial records.

Quite often we find that businesses do not consider the intellectual property they hold that belongs to their clients, potential clients, vendors, and the information they may hold as a result of potential M&A. This information can be much more costly if it should leak out.

Consider a multi-billion dollar company that comes out with a new phone. Prior to launch, they approach the following parties in advance:

  • A components manufacturer that develops the one key piece in the technology that makes this phone unique
  • A case manufacturerthat develops the special case that is able to adapt around this unique technology that will differentiate the phone and potentially make it a top seller
  • Retailers that will be in on the marketing campaign right before the holiday buying season
  • Ad and PR firms that will design the TV, radio and print ads that will create the buzz to make it a top seller

If any of these vendors were breached and lost the highly guarded secret of the new phone, it would potentially cost the phone manufacturer millions or billions of dollars. These vendors have an obligation to protect the confidential information of others.

Most businesses hold a tremendous amount of information of others that they are obligated to protect. If the information were to leak out, at the very least it would be embarrassing to the business, and, in many cases, it would result in the obligation to notify others or even result in class action law suits.