“Confidential Information” The Boundaries of Secrecy in the Digital Age
“Confidential information” once meant papers locked in a drawer. Now it means data zipping across servers, screenshots, and cloud drives. As courts and companies struggle to define what confidentiality means in an age of instant sharing, this article explores how law, technology, and ethics are redrawing the line between secrecy and transparency.
The idea of confidentiality is as old as trust itself. In law, it has always been about keeping information private when someone has given it to you in confidence. The classic English case Coco v. A.N. Clark (Engineers) Ltd (1969) set out the test: information must be confidential in nature, shared in circumstances implying an obligation of confidence, and used without authorisation to the detriment of the person who shared it.
That tidy rule worked well in the age of paper files and sealed envelopes. But in the digital world, information no longer sits still. It moves through email servers, messaging apps, and cloud storage — copied, cached, and backed up countless times. Once data escapes, it can be replicated infinitely. The result is that the law is trying to govern something that was never designed to stay put.
When confidentiality meets connectivity
Modern life has made confidentiality harder to contain. Employees use personal phones for work, share files across time zones, and talk about projects in hybrid workspaces where Alexa might be listening. Even with the best intentions, the boundary between “inside” and “outside” information has blurred.
The law is adapting, but slowly. Courts still rely on the traditional tests, yet the context has changed so dramatically that the same rules now produce very different results. Is a leaked PowerPoint shared in a WhatsApp group still “confidential”? What if it was posted to a private Slack channel? What if an AI system trained on it generates content that indirectly reveals its contents?
These questions are no longer theoretical. Every year, more disputes hinge on the way technology interacts with old notions of secrecy.
Statutes step in
Recognising that traditional common law can only go so far, legislators have stepped in to protect confidential and sensitive information. In Europe, the Trade Secrets Directive (2016) gave companies a harmonised right to protect commercially valuable information that is not generally known and has been subject to reasonable steps to keep it secret. In the United States, the Defend Trade Secrets Act (2016) created a similar federal cause of action.
These laws acknowledge that confidentiality is no longer absolute. To qualify for protection, a company must show that it took proactive steps to secure the information — encryption, access control, contractual non-disclosure obligations. Secrecy, in other words, is something that must be earned through effort.
The whistleblower dilemma
But secrecy has limits. Whistleblowing, journalism, and the public’s right to know all challenge the notion that information can be permanently locked away. European courts have repeatedly held that the right to freedom of expression can outweigh contractual confidentiality when disclosures expose wrongdoing.
The EU Whistleblower Protection Directive (2019) codifies that balance: employees who reveal confidential information to report misconduct are shielded from retaliation if the disclosure was necessary and proportionate. The same principle appears in case law such as Attorney General v. Guardian (Newspapers) Ltd (No. 2), better known as the Spycatcher case, where the courts accepted that once information is public, attempts to restrain publication become futile.
The lesson is simple: the law of confidence is not a gag. It is a mechanism for fairness, not a weapon to silence accountability.
Employers and employees in the digital workplace
In the workplace, confidentiality is both essential and fragile. Employment contracts often contain sweeping clauses that require staff to keep information private “during and after” employment. Yet in practice, remote work and collaboration tools have stretched these obligations to their limits.
Employees frequently use their own devices or third-party software to share documents. They also use AI assistants to summarise or draft text, often without realising that this might upload client material to external servers. Regulators in the UK, Singapore, and the EU have already warned that feeding sensitive data into generative AI systems could breach data-protection and confidentiality laws.
Companies are responding by updating their internal policies and training. The focus has shifted from punishing leaks to designing systems that make leaks less likely — secure messaging, encryption, and “least privilege” access controls. The best compliance programs now look more like cyber-security frameworks than HR manuals.
Confidentiality in the age of AI
Artificial intelligence adds a new twist. Large language models are trained on enormous datasets that may contain confidential or copyrighted information scraped from the internet. When an AI system reproduces snippets of that data, who is at fault — the developer, the user, or the model itself?
Courts have yet to settle these questions, but the direction of travel is clear. The more a company relies on AI, the greater its duty to understand what data is being processed and how it might resurface. In effect, the principle of confidentiality is expanding from “what you disclose” to “what your systems might inadvertently reveal.”
Redefining what it means to keep a secret
As technology evolves, so does the meaning of secrecy. Confidentiality is no longer a binary concept. It exists on a spectrum, shaped by the steps an organisation takes to preserve control.
At one end are trade secrets guarded by rigorous security and legal protections. At the other are everyday communications where privacy depends on trust rather than technical barriers. Between the two lies a vast grey zone — from internal documents to customer data to research files - where the true test of confidentiality is whether the holder treated the information with respect and care.
The future: from secrecy to stewardship
The modern challenge is not just to hide information but to handle it responsibly. Courts and regulators are moving toward a standard of stewardship — rewarding those who can show they took reasonable precautions, balanced interests fairly, and acted in good faith when things went wrong.
For lawyers, this means reframing advice. The safest client is not the one who locks everything down, but the one who knows what must be protected, why it matters, and how to prove it acted responsibly. In an era where data leaks are inevitable, reputation depends less on secrecy and more on integrity.
Confidential information has moved from the shadows of secrecy into the spotlight of compliance and technology. What was once an equitable duty between two parties is now a test of corporate governance and public ethics.
The law still protects secrets, but it no longer assumes they can stay secret forever. The new measure of responsibility is not silence, but stewardship — the ability to manage information in a way that preserves trust when privacy cannot be guaranteed.
The Legal Integrity Project Editorial Team