Confidentiality notice: does it serve its purpose?
06 Oct 2022 | Rozsano V. Ayson
The use of email, whether for personal or business purposes, has now become an essential form of communication and a normal part of our daily lives. However, with our increased use of and dependence on email platforms, we have also come to appreciate the risks this particular communication channel comes with.
One such risk is the inadvertent disclosure of confidential information. It is said missent emails are the most common cause of security incidents today. This has made proper email use a legitimate data protection concern.
With organizations now expected to make sure that they have security measures for the protection of personal data under their control and custody, among the things they are supposed to do is maintain the confidentiality of personal data.
One security practice that businesses have come to adopt is the use of a confidentiality notice or disclaimer in their email templates. A statement usually found at the bottom of an email (similar to a footnote), a confidentiality notice is regarded by many as a way of protecting personal data featured in a missent email and/or its attachment. It informs people what they can and cannot do with the email or file they have just received.
For recipients, in general, a confidentiality notice warns them that they might not actually be the intended recipients of the email. It tells them the sender (or certain policies) considers the email and its content confidential, presumably stopping or deterring them from sharing the email further, or from doing something else that is unlawful or inappropriate in relation to the missent email. If the recipient belongs to the same organization as the sender, a confidentiality notice acts as a constant reminder to company personnel that they are bound to a confidentiality obligation.
There are those who say that a confidentiality notice also protects a company and its employees, or a professional who is bound to a certain code of conduct, from certain types of legal action. It does this by disclaiming some actions that are already beyond the control of the sender. It also minimizes the impact of the inadvertent disclosure of confidential information, which are often included in today’s email exchanges—be it in the email itself or in an attached file. They may consist of personal data, financial data, trade secrets, business plans or any other information the disclosure of which could result in harm to one or more parties. People could get hurt, companies could end up losing financial resources or at least a good reputation. Administrative fines may also await, depending on the data protection laws and regulations the sender is expected to comply with.
But for all its supposed benefits, a confidentiality notice is not without its cabal of critics and doubters. There are those who point out that, in most cases, it is actually ignored or not read by recipients. It is also extremely difficult to enforce them. If an email does get missent, there is no sure way the sender can determine if the recipient will comply with the instructions of the notice. Meanwhile, others insist that it does not carry any legal authority whatsoever. Recipients cannot really be held accountable for any action or inaction since there is often no binding contract between them and the senders. When it comes down to it, weblaw.uk stresses that the content of the communication and the surrounding circumstances are still what’s more important to the courts.
While acknowledging its limitations, proponents are quick to suggest ways to maximize the benefits of confidentiality notices. According to them, users—whether they are organizations or individuals—must carefully draft their notices. They should think real hard about what text they should include, considering things like the kind of data they usually transmit and the existing laws and regulations they are subject to. They must also consult other stakeholders regarding other additional materials that need to be featured in the notice.
For proponents, even if one were to admit the fact that the legal or persuasive value of confidentiality notices remains uncertain and is largely dependent on many factors, having confidentiality notices around is still useful. Carefully written ones still provide some protection to senders and at least gives recipients a barometer of how organizations (that use them) value their confidentiality obligations and the information under their care.
27 Nov 2022