In the wake of wikileaks, the Australian government recently issued a booklet titled “The Insider’s Threat to Business: A Personnel Security Handbook”. The booklet elaborate precautionary approaches that a business organization may employ in order to prevent the leak of confidential business information.

One of the legal method to prevent leaks (this is not explained in the booklet) is through the signing of employee confidentiality agreement. My research however indicates that the power of confidentiality agreements differs across jurisdiction. In the common law jurisdiction, confidentiality carries more weight due to the operation of obligation of confidence under the English equity law. The obligation of confidence protect the imparting of information in a ‘trust’ environment, such as between a doctor and its patient, or between a employer and employee. As such, the obligation may be enforced irrespective of agreement.

This is not the situation in continental legal system. I have yet to find any obligation to keep secret, independently of an agreement. Hence, an employee signing confidentiality agreement in a continental jurisdiction will be bound only to the extent of the agreement. When he decide to disclose the information one day, it would amount simply to a breach of (an employment) contract.

Determination of access level and the use of Digital Rights Management are therefore the most appropriate precaution. You will find some details about this in the booklet.