Code of Confidentiality Policy Writers

What are Code of Confidentiality Policies?

A code of confidentiality policy sets out how organisations protect sensitive information and ensure it is only accessed, used and shared appropriately.

Confidential information can include personal data, business records, financial details, intellectual property and client information.

A clear policy ensures employees understand their responsibilities, prevents unauthorised disclosure, and helps maintain trust with customers, partners and stakeholders.

What Do Code of Confidentiality Policies Cover?

A code of confidentiality policy typically includes:

• Definition of confidential information and examples relevant to the organisation

• Responsibilities of employees, contractors and third parties in safeguarding information

• Procedures for storing, accessing and sharing confidential data securely

• Restrictions on disclosing information without proper authorisation

• Requirements for handling personal data in line with data protection laws

• Rules around discussing sensitive information in public or informal settings

• Procedures for reporting breaches or suspected misuse of confidential information

• Disciplinary consequences of breaches of confidentiality

• Links to data protection, IT security, privacy and whistleblowing policies

A clear policy helps staff understand what information is considered confidential, why it must be protected and how to handle it safely.

It also supports compliance with the UK GDPR, the Data Protection Act 2018 and contractual obligations that require organisations to safeguard sensitive information.

By embedding confidentiality into everyday working practices, organisations can reduce risk, protect reputation and demonstrate their commitment to respecting privacy and safeguarding sensitive data.

Legal Basis

Confidentiality obligations sit across the implied duty of confidence (common law), express contractual terms (the Code of Confidentiality), the Data Protection Act 2018 and UK GDPR, the Trade Secrets (Enforcement, etc.) Regulations 2018 (which require "reasonable steps" to protect a trade secret), the Public Interest Disclosure Act 1998 (which protects qualifying whistleblowing disclosures from confidentiality enforcement), and sector codes such as the Caldicott Principles in healthcare and FCA SYSC for financial services.

Common Compliance Pitfalls

• Wide confidentiality clauses that conflict with the PIDA 1998 right to disclose.
• "Reasonable steps" undocumented, undermining trade-secret protection.
• Inappropriate use of NDAs to suppress harassment complaints (now constrained by the Higher Education (Freedom of Speech) Act 2023 in HE settings, and increasingly by EHRC and SRA guidance).
• Confidentiality not extended to contractors, agency workers and consultants.
• No process for return or destruction of confidential information at end of engagement.

What Policy Pros Delivers

Our Code of Confidentiality package includes the main policy, an employee confidentiality undertaking, a contractor confidentiality schedule, a leaver return-or-destroy procedure, a whistleblowing-aware drafting note, and integration points with the data protection and trade secrets registers.