Why It’s Important To Maintain Confidentiality In The Workplace (2026 Updated)

Confidentiality can feel like one of those “obvious” workplace ideas - until something goes wrong.

Maybe a team member shares a customer list with a friend. Maybe a contractor leaves with your pricing model. Or maybe a manager discusses a performance issue in a place where others can hear. Even if no one meant harm, the fallout can be expensive (and messy) for your business.

This updated guide is written for today’s workplaces - where remote work, cloud tools, shared devices, and fast-moving teams make confidentiality both more important and easier to accidentally break.

In this article, we’ll walk you through what confidentiality actually means in an employment context, why it matters, what New Zealand law expects, and the practical steps you can take to protect your business from day one.

What Does “Confidentiality” Mean In A Workplace?

In simple terms, confidentiality in the workplace means keeping certain information private and only using it for legitimate work purposes.

That sounds straightforward, but it’s worth spelling out what counts as “confidential information” in a real business setting. It’s often much broader than people assume.

Common Examples Of Confidential Workplace Information

Confidential information might include:

• Customer information (names, contact details, purchase history, preferences)
• Pricing and quoting information (rate cards, supplier costs, discount rules)
• Business strategies (launch plans, marketing plans, budgets, forecasts)
• Trade secrets and know-how (processes, formulas, training systems, workflows)
• Intellectual property (designs, code, templates, product prototypes)
• Internal HR information (performance issues, disciplinary matters, investigations)
• Commercial arrangements (supplier terms, reseller agreements, partnership deals)
• Security information (access codes, alarm procedures, cybersecurity settings)

Some of this information is obviously sensitive (like customer data). Other examples are more subtle - for instance, a “rough” draft of a new product idea shared in a team chat can still be highly confidential if it gives competitors a head start.

Confidentiality Is Not Just “Don’t Tell Competitors”

A common misconception is that confidentiality only matters if information ends up with a competitor. In reality, confidentiality can be breached when:

• information is shared internally with people who don’t need it;
• information is discussed in public (including online meetings where others can overhear);
• files are stored insecurely (like personal devices with no password); or
• information is used for someone’s personal benefit (even if it never leaves the business).

When you treat confidentiality as a “need-to-know” principle, you’re much more likely to build systems that actually work.

Why Is Confidentiality So Important For Your Business?

Confidentiality isn’t just about being cautious. For many businesses, it’s a core asset.

Your competitive advantage might be your client relationships, your pricing structure, the way you deliver your service, or the data you’ve spent years collecting. If that walks out the door, it can be hard (or impossible) to put back.

It Protects Your Commercial Value

Confidential information often equals commercial value. Think about what would happen if:

• a former employee took your customer list and started offering the same service;
• a staff member leaked your pricing so clients negotiated harder;
• a contractor reused your templates and processes for another client; or
• your business plan or financials were shared externally.

Even if you’re a small business, these risks are real - and they often show up when you’re growing, hiring quickly, or bringing in external contractors to help.

It Helps You Comply With Privacy And Data Obligations

Confidentiality overlaps heavily with privacy. If your business collects personal information about customers, clients, or staff, you’ll likely have obligations under the Privacy Act 2020 to take reasonable steps to protect that information from loss, misuse, or unauthorised disclosure.

That’s where having a clear Privacy Policy (and making sure staff follow it) becomes a practical part of confidentiality, not just a website formality.

It Builds Trust And Strengthens Workplace Culture

Confidentiality isn’t only about protecting the business - it’s also about protecting your people.

If employees feel like sensitive information (like performance concerns, health issues, or complaints) is being shared casually, trust drops quickly. That affects morale, retention, and productivity.

On the flip side, when confidentiality is handled well, staff are more likely to raise issues early and engage in honest conversations - which usually means fewer disputes later.

It Reduces Legal And Reputational Risk

Confidentiality breaches can trigger:

• customer complaints and loss of clients;
• privacy complaints and regulatory issues;
• employment disputes (including personal grievances); and
• damage to your brand - especially if the issue hits social media.

It’s not about expecting the worst from your team. It’s about making sure you have clear expectations and safeguards in place before something goes wrong.

What Does New Zealand Law Expect Around Workplace Confidentiality?

Workplace confidentiality in New Zealand usually comes from a mix of contract terms, good faith obligations, privacy obligations, and general employment law principles.

The right approach depends on your business, your industry, and the type of information you handle - but there are some common themes.

Employment Agreements Often Include Confidentiality Obligations

For most businesses, the starting point is an employment agreement with a clear confidentiality clause. That clause typically covers:

• what information is confidential;
• how it can be used during employment;
• whether it can be shared internally (and when);
• what happens at the end of employment (returning property, deleting files); and
• whether confidentiality continues after the employment ends.

If you’re hiring staff, it’s worth getting an Employment Contract that’s tailored to your role, seniority level, and risk profile - especially for managers, sales roles, or anyone with access to pricing and clients.

Good Faith And Fair Process Still Matter

Even if you have confidentiality terms in a contract, you still need to handle issues fairly. For example:

• If you suspect an employee breached confidentiality, you generally need a fair process before taking disciplinary action.
• If information is accidentally disclosed due to unclear systems (rather than misconduct), jumping straight to punishment can backfire.

This is where practical policies and training matter - they help you show you took reasonable steps, and they help staff understand expectations before problems happen.

Privacy Act 2020: Personal Information Needs Extra Care

If the confidential information includes personal information (for example, customer contact details or employee HR records), privacy law becomes a key part of the picture.

In practical terms, you should be thinking about:

• limiting access to personal information to people who genuinely need it;
• having safe storage and security practices (including passwords, two-factor authentication, device management);
• clear rules about sending information to personal email addresses or storing it on personal devices; and
• what you’ll do if something goes wrong (like a mistaken email or lost laptop).

If your confidentiality approach relies on “common sense”, you’re leaving a lot to chance. A simple set of written expectations can make a huge difference.

How Do Confidentiality Breaches Happen (And How Can You Prevent Them)?

Most confidentiality breaches we see aren’t dramatic espionage scenarios. They’re everyday mistakes - usually caused by speed, unclear processes, or “everyone does it” habits.

Here are some of the most common risk points, and what you can do about them.

1. Loose Access Controls

If every staff member can access every file, you’re taking an unnecessary risk.

Practical ways to tighten access include:

• setting file permissions based on roles (“need to know”);
• separating HR folders, finance folders, and client folders;
• using separate admin accounts for higher access;
• turning off access quickly when a staff member leaves.

Even small teams benefit from basic structure - it reduces accidental disclosures and makes offboarding smoother.

2. Remote Work And BYOD (Bring Your Own Device)

Remote work is normal now, but it increases confidentiality risks because information spreads across laptops, phones, home Wi-Fi networks, and shared spaces.

Consider implementing written rules around:

• screen privacy (not working on confidential matters in public spaces);
• password management and device locking;
• prohibiting personal email forwarding of work documents;
• approved storage systems (e.g. SharePoint/Google Drive rather than local downloads).

This is also where a policy can support your employment agreements. Many businesses include confidentiality expectations in a staff handbook or workplace policy suite, so it’s not only buried in the contract.

3. Sharing Information In Team Chats Without Thinking

Slack, Teams, Messenger groups, and project platforms are great for speed - but they can turn confidential info into something casually forwarded or screenshot.

You can reduce risk by:

• setting clear channel rules (no HR matters in general channels);
• using private channels for sensitive projects;
• disabling external sharing unless genuinely required; and
• reminding staff that chat messages can still be business records.

If you do need to share sensitive information with third parties, a Non-Disclosure Agreement can help set boundaries clearly from the start.

4. Contractors And Suppliers Who Aren’t Bound Like Employees

This one catches a lot of small businesses out.

You might assume a contractor “knows” not to reuse your documents or share your methods. But unless your contract covers confidentiality (and ideally IP ownership), you’re relying on goodwill rather than enforceable obligations.

If you use freelancers, consultants, agencies, or IT providers, it’s worth having a solid Contractor Agreement that deals with confidentiality, data handling, and what happens when the engagement ends.

5. Poor Offboarding When Staff Leave

Offboarding is one of the highest-risk times for confidentiality. Even when someone leaves on good terms, it’s easy for files to walk out the door (or remain accessible via passwords and cloud logins).

A good offboarding checklist might include:

• collecting devices, keys, and access cards;
• disabling access to email, cloud drives, and CRM tools;
• changing shared passwords;
• confirming confidential information has been returned or deleted; and
• reminding the employee of ongoing confidentiality obligations.

If there’s tension around a departure, you may also want to formalise outcomes in a Deed Of Settlement (where appropriate), which can include confidentiality terms and clear “what happens next” obligations.

What Legal Documents And Policies Help Protect Confidential Information?

Good confidentiality practices are a mix of culture, systems, and legal documents.

Legal documents don’t replace good management - but they make expectations clear, reduce misunderstandings, and give you options if a serious breach happens.

Employment Agreements With Clear Confidentiality Clauses

Your employment agreement should clearly address confidentiality, including what happens after employment ends.

For higher-risk roles (like sales, senior leadership, product development, and finance), you may need more detailed terms, including specific examples of confidential information and stronger return-of-property obligations.

NDAs For External Discussions And Projects

NDAs are particularly useful when you’re:

• pitching to investors or strategic partners;
• sharing sensitive business plans or financials;
• bringing on a contractor to build your product or manage your marketing;
• discussing a potential business sale or acquisition.

The key is using the NDA before you disclose the sensitive information - not after.

Privacy Policies And Collection Notices

If confidentiality involves personal information, you also need to show you’re handling that information properly.

Depending on your business, that may mean having:

• a public-facing Privacy Policy (especially if you collect data via a website or app);
• internal privacy procedures and access rules; and
• appropriate customer/staff notices explaining what you collect and why.

Workplace Policies (So Expectations Aren’t “Hidden In The Contract”)

Even a well-drafted contract won’t help much if the day-to-day workplace behaviour doesn’t match it.

Consider policies that cover:

• IT and device use (including BYOD rules);
• social media use;
• remote work expectations;
• privacy and data handling;
• how to escalate and report suspected confidentiality breaches.

The goal is simple: make it easy for staff to do the right thing, and hard to accidentally do the wrong thing.

Company-Level Governance (For Growing Businesses)

If your business is scaling, confidentiality isn’t only an employment issue - it can also become a governance issue.

For example, if you bring on co-founders, investors, or shareholders, you may want confidentiality obligations reflected in your company documents, such as a Shareholders Agreement or a Company Constitution.

This helps set expectations about how sensitive information is handled at the ownership level (not just among employees).

Key Takeaways

• Workplace confidentiality covers far more than “trade secrets” - it can include customer data, pricing, internal HR matters, commercial terms, and business strategy.
• Confidentiality protects your commercial value, helps you comply with privacy obligations, and builds trust in your team and workplace culture.
• In New Zealand, confidentiality is usually managed through employment agreements, good faith expectations, and (where personal information is involved) privacy law obligations like the Privacy Act 2020.
• Most confidentiality breaches happen through everyday mistakes - loose access controls, remote work habits, casual sharing in chats, and weak offboarding processes.
• The right legal documents can make a big difference, including an Employment Contract, NDAs for external parties, contractor agreements, privacy documents, and clear internal policies.
• Generic templates often miss the real risks in your business - confidentiality documents work best when they’re tailored to your team, systems, and the information you actually use day-to-day.

If you’d like help putting the right confidentiality protections in place - whether that’s an employment agreement, NDA, contractor terms, or privacy documentation - you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.