The UK is one of the world’s most advanced digital economies and this is both a strength and a weakness, according to a report on BBC News on 13 February 2017.
Are you reading this newsletter comfortably? But who else is reading it? More particularly, can they access your confidential commercial information and personal data?
Principals and suppliers and agents and distributors are exchanging confidential information and data on a daily basis. Often this is facilitated by the provision of laptops, tablets and mobiles by principals to their agents or by the creation of an intranet by a supplier with its distributors. Often too, agency and distributorship agreements make reference to the obligation on the agent or distributor to use confidential information only in the performance of their contractual duties and not to disclose it to third parties. But that is where the contractual provisions usually end.
So what should principals and suppliers be thinking about when it comes to confidential information and data?
The agent
Whilst agency law does impose obligations of confidentiality and a duty of good faith on an agent, without specific contractual provisions a principal can be left exposed to the misuse of confidential information and data by an agent.
The distributor
The disclosure and use of confidential information and issues concerning cybersecurity are much more open in the case of distributors.
The starting point is that a distributor will be required by common law to keep confidential that information which is confidential. But in order for the supplier to be protected, the distributorship agreement should include specific provisions addressing issues concerning the disclosure and use of confidential information.
In respect of cybersecurity, whilst many suppliers will rely on their own data security there is good reason to require distributors to install and maintain data security and, where appropriate, to take steps to avoid hacking by third parties.
To minimise the damage from a data security breach should one occur, it will be essential for all parties to develop and implement an “incident response plan” to highlight each party’s responsibilities in respect of data security.
Overall
The law makes clear that an agent is prohibited from using the principal’s confidential information for the agent’s benefit without the informed consent of the principal. If the agent breaches the prohibition the agent is liable to account to the principal for the benefit obtained.
In contrast there is no such prohibition on distributors with the possible exception of distributors being subject to an implied duty of good faith.
But whether in respect of agents or distributors, it is often when things go wrong on termination of the agency or distributorship agreement that issues concerning confidential commercial information and data security arise. But invariably, prevention is better than cure.