When you’re building a business, you’re inevitably going to share sensitive information with other people - employees, contractors, suppliers, investors, and even potential buyers.
That’s exciting (it usually means you’re growing), but it can also be risky. If the wrong person uses your confidential information for the wrong purpose, it can cost you customers, profit, and time you’ll never get back.
This 2026 update reflects how commonly businesses now share information digitally (cloud tools, remote teams, recorded calls, AI workflows) and why it’s more important than ever to get your confidentiality clauses right from day one - and to understand what enforcing them actually involves in practice.
Let’s break down what a confidentiality clause is, what it should cover, and what you can do if someone breaches it.
What Is A Confidentiality Clause (And What Does It Protect)?
A confidentiality clause is a section of a contract that requires one or both parties to keep certain information private and to only use it for a permitted purpose.
In plain English: it’s the part that says, “You can access this information, but you can’t share it or use it against me.”
Confidentiality clauses commonly appear in:
- employment agreements
- contractor agreements
- supplier or distribution agreements
- partnership or shareholder arrangements
- NDAs (non-disclosure agreements)
- business sale documents (when buyers need access to your financials and customer lists)
For example, an Employment Contract often includes confidentiality obligations because employees may see customer data, pricing, internal processes, and strategy while doing their job.
What counts as “confidential information” depends on your business, but it often includes:
- Customer information (names, contact details, buying history, preferences)
- Supplier and pricing information (costs, margins, special deals)
- Business plans and strategy (go-to-market plans, expansion plans)
- Financial information (profit margins, budgets, revenue)
- Product information (formulas, prototypes, designs)
- Marketing data (campaign performance, conversion rates)
- Operational know-how (processes, systems, internal documents)
- Software and technical information (code, architecture, system access)
If you’re dealing with personal information (like customer details), confidentiality also overlaps with privacy law. You may need the right policies and processes under the Privacy Act 2020 - and in many cases a clear Privacy Policy as part of your broader compliance setup.
Confidentiality Clauses vs Privacy Obligations
It’s easy to mix these up, so here’s a simple way to think about it:
- Confidentiality is mainly about protecting business information through contracts (private agreement between parties).
- Privacy is about legal obligations for handling personal information (a legal duty under the Privacy Act 2020).
In real life, you often need both. For example, your staff should contractually agree not to disclose customer data and your business should have systems in place to keep that data secure.
When Do You Need A Confidentiality Clause (And When Is An NDA Better)?
If you’re sharing sensitive information as part of an ongoing relationship, a confidentiality clause usually sits inside the main contract.
If you’re sharing information before you’ve decided whether you’re doing a deal at all, an NDA is often the cleaner option.
Common Scenarios Where A Confidentiality Clause Makes Sense
- Hiring employees who’ll have access to internal systems and customer information.
- Engaging contractors to build, design, consult, or market your business (especially when they’ll see your strategy and data).
- Working with suppliers and disclosing product specs, pricing, or volumes.
- Entering a partnership or joint venture where each side shares commercial information.
In many businesses, it’s also smart to reinforce confidentiality in a broader set of workplace rules, especially where devices, remote work, and cloud tools are involved.
Common Scenarios Where An NDA Is Better
- Pitching to an investor or exploring funding options.
- Testing a collaboration with another business before you finalise the terms.
- Discussions with a potential buyer before you hand over financials and customer lists.
- Early-stage product discussions where you’re sharing an idea, prototype, or formula.
An NDA can be standalone and purpose-specific, which often makes enforcement simpler because the whole document is focused on confidentiality.
Tip: Don’t Rely On “Handshake Confidentiality”
A lot of disputes start with, “We agreed it was confidential” - but nothing was written down. Even if you might have legal options in some circumstances, it’s much harder (and more expensive) to prove what was agreed, what information was covered, and what remedies apply.
Getting it in writing early is one of the simplest ways to protect your business.
What Should A Strong Confidentiality Clause Include?
A confidentiality clause isn’t just about saying “keep this secret”. If it’s vague, it can be difficult to enforce. If it’s too broad, it might be challenged as unreasonable in practice.
A well-drafted confidentiality clause usually covers the points below.
This is the foundation. Your clause should define what information is confidential, and ideally describe it in a way that makes sense for your business.
Many agreements define confidential information as:
- information marked as confidential
- information that would reasonably be understood to be confidential given the circumstances
- certain categories of information (financials, customers, trade secrets, etc.)
It’s also common to spell out what isn’t confidential, such as information that is already public, or information independently developed without using confidential information.
Confidentiality isn’t only about “don’t disclose”. It’s also about limiting use.
For example, if you share pricing and supplier terms with a contractor so they can create a quoting system, the permitted use might be “for providing the services” - and not for launching their own competing business.
This is particularly important when you’re dealing with consultants, agencies, and external service providers. If the relationship is governed by a Service Agreement, confidentiality and permitted use should be tailored to what they actually need to do.
In practice, people sometimes need to share information internally - for example, with staff or subcontractors.
A strong clause usually controls this by saying disclosure is permitted only to:
- employees, contractors, or advisors who need the information
- people who are bound by equivalent confidentiality obligations
- anyone required by law (for example, where disclosure is legally compelled)
This helps you manage “accidental sharing” and makes it harder for someone to justify passing your information around informally.
4. Security And Handling Requirements
Confidentiality is often breached unintentionally - a laptop left unattended, a spreadsheet emailed to the wrong address, or shared folders with the wrong permissions.
Consider including practical obligations such as:
- keeping information secure and using reasonable care
- not copying information unless necessary
- not uploading information into unsecured tools
- promptly notifying you if there’s any suspected data breach
If your business involves personal information, these security obligations also support your Privacy Act compliance.
5. Duration: How Long Does Confidentiality Last?
Some confidentiality obligations last only during the agreement. Others continue after the relationship ends.
For many businesses, confidentiality should continue after termination because the risk doesn’t end when the person leaves. Customer lists and pricing are often most valuable right after a team member or contractor moves on.
That said, the timeframe should be reasonable in context. Some confidential information loses value quickly; other information (like trade secrets) can remain valuable for years.
To make confidentiality “real”, your clause should cover what happens to information when the relationship ends - especially if someone has documents, files, or access credentials.
Common options include:
- returning documents and materials
- deleting electronic copies (including backups where feasible)
- confirming in writing that information has been destroyed or returned
This is particularly important if the person had access to cloud tools (Google Drive, Notion, Xero, CRMs, project management platforms).
7. Relationship With Restraints (Non-Competes / Non-Solicits)
Confidentiality clauses often work alongside restraint clauses (like non-solicitation of customers or staff). They’re not the same thing, and one doesn’t automatically replace the other.
- Confidentiality stops disclosure and misuse of information.
- Restraints limit competitive conduct (and must be carefully drafted to be enforceable).
If you want to restrict competitive conduct, you may need a tailored Non-Compete Agreement (or an employment restraint clause) designed for your circumstances.
How Do You Enforce A Confidentiality Clause In New Zealand?
Enforcement starts long before you go to court. If a confidentiality clause is drafted clearly, used consistently, and supported by good internal practices, you’re in a much stronger position if something goes wrong.
Here’s how enforcement usually works in stages.
This sounds obvious, but it’s a common problem. Before you can enforce confidentiality obligations, you need to be able to point to a binding agreement and show:
- who is bound by it
- what information is protected
- what the recipient was permitted to do with it
- how the breach occurred
If the clause is vague (for example, “keep everything confidential” with no definition), enforcement becomes harder because the other side can argue they didn’t know what was covered.
Step 2: Act Quickly To Limit Damage
If you suspect a confidentiality breach, speed matters. The longer confidential information is out in the world, the harder it can be to control.
Practical steps often include:
- revoking access to systems (email, CRM, shared drives)
- changing passwords and API keys
- preserving evidence (emails, downloads, messages, audit logs)
- asking the other party to stop using/disclosing the information immediately
It’s also important not to “overreact” in a way that creates new risks (for example, making threats you can’t back up). Getting tailored advice early can help you respond firmly and professionally.
Many confidentiality disputes are resolved with a formal letter (often called a letter of demand) that:
- sets out the confidentiality obligations
- explains the suspected breach
- demands the person stop using/disclosing the information
- requires return or deletion of the information
- requests written undertakings (a signed promise to comply)
This step is often effective because it shows you’re taking the issue seriously and you’re prepared to escalate if needed.
Step 4: Seek An Injunction (If You Need To Stop Ongoing Misuse)
If the breach is ongoing - for example, a former contractor is actively using your customer list - you may need urgent court action to stop it. That’s where an injunction can come in.
An injunction is a court order that requires a person to do (or not do) certain things - like stopping disclosure, returning documents, or ceasing use of your confidential information.
This is one of the key reasons why a well-drafted clause matters. If you can clearly show the court what is confidential and what obligations exist, you’re generally in a stronger position when seeking urgent remedies.
Step 5: Claim Losses (Damages) Where Appropriate
In some cases, you may also seek damages (financial compensation) if you’ve suffered a loss because of the breach.
That could include things like:
- lost profits from customers being poached using confidential information
- costs of responding to the breach (forensic IT, legal fees in some circumstances)
- losses connected to reputational damage (depending on the facts)
Quantifying losses can be complex, so it’s important to gather evidence early and get advice on what you can realistically claim.
What Makes Confidentiality Clauses Hard To Enforce (And How You Can Avoid Those Traps)
Most confidentiality disputes aren’t won or lost because someone “did something wrong” - they’re won or lost because the agreement and the evidence do (or don’t) support your position.
Here are some common enforcement traps we see, and how you can avoid them.
1. The Clause Is Too Broad Or Too Vague
Clauses that try to cover “everything” can backfire. If you label all information as confidential (even information that is public or trivial), the other side can argue the clause is unreasonable or unclear.
Fix: Define confidential information clearly, with categories that reflect your business reality.
If you leave your customer list in an unlocked shared folder accessible to everyone, it’s harder to argue it was genuinely confidential.
Fix: Use basic “confidentiality hygiene”:
- limit access on a need-to-know basis
- use permissions and audit logs
- mark key documents as confidential
- include confidentiality reminders in onboarding
3. Ownership And IP Aren’t Clear
Sometimes the dispute isn’t just “did they disclose information?” - it’s “who owns what?”. This is common with product development, marketing assets, software builds, and content creation.
Fix: Make sure your agreements deal with IP ownership and assignments properly, not just confidentiality. Depending on the relationship, you may need an IP assignment or tailored contract terms.
4. You Used A Template That Doesn’t Match Your Situation
Generic templates can miss key details (like return/deletion obligations, permitted use, or what happens when subcontractors are involved). They can also include overly broad restrictions that don’t fit how you actually operate.
Fix: Treat confidentiality clauses like a business-critical tool - because they are. Getting a lawyer to draft or review the clause is usually much cheaper than trying to enforce a poorly drafted one later.
5. You Didn’t Consider The Relationship Type (Employee vs Contractor)
Employees and contractors raise different legal and practical issues. For example:
- employees often need access to systems day-to-day, and you’ll want clauses aligned with your workplace policies
- contractors may work with multiple clients, so the permitted use and conflict-of-interest aspects matter more
Getting the right agreement in place helps manage those risks. For example, if you’re engaging a contractor, a tailored contractor agreement can be a cleaner fit than trying to “force” contractor terms into an employee template.
Key Takeaways
- A confidentiality clause is a contract term that stops someone from disclosing or misusing your sensitive business information and usually limits how they can use it.
- Confidential information can include customer lists, pricing, financials, trade secrets, marketing strategy, and internal processes - and it often overlaps with privacy compliance when personal information is involved.
- A strong confidentiality clause clearly defines confidential information, limits permitted use, controls who information can be shared with, requires secure handling, sets a sensible duration, and deals with return/deletion of information.
- Enforcement in New Zealand typically starts with preserving evidence and sending a formal notice, and may escalate to urgent remedies like an injunction or a claim for damages in serious cases.
- Confidentiality clauses are harder to enforce when they’re vague, overly broad, inconsistent with how you treat information in practice, or copied from templates that don’t match your business.
- Confidentiality often works best alongside other protections (like well-drafted service/contractor agreements and appropriate restraints), so your legal documents should be tailored to your actual risk areas.
If you’d like help putting the right confidentiality clauses in place (or enforcing one that’s been breached), you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.
