Employee confidentiality is critical at all levels of the organization and yet, it’s not always a given. In 2023, 55% of insider security incidents were caused by employee negligence. This in itself is concerning, but security incidents regarding the confidentiality of board discussions are a whole other level of seriousness.
Confidentiality in board meetings is therefore essential to protecting a company’s most sensitive plans and discussions.
If executive session minutes fall into the wrong hands, the consequences can be significant, ranging from financial loss to legal issues and lawsuits.
In this article, we’ll explain why securing board minutes is so important and what could be the potential consequences of a confidentiality breach.
Additionally, we’ll share practical steps for developing a confidentiality agreement that will help keep these records safe.
What does board meeting confidentiality mean?
Board meeting confidentiality is a fundamental element of good governance. Directors must feel confident that sensitive boardroom discussions will remain protected, as fear of leaks could discourage them from voicing critical concerns and ultimately undermine the quality of decisions.
The National Association of Corporate Directors (NACD) emphasizes that open, candid discussion is key to effective oversight. For instance, if a director refrains from expressing skepticism about a major acquisition due to concerns about confidentiality, that silence could lead to costly missteps.
However, board confidentiality extends beyond the meeting itself. Directors need to know what information it is appropriate to share, with whom, and under what circumstances.
The National Institute of Standards and Technology (NIST) provides valuable guidance, recommending that organizations assess the sensitivity of information, limit sharing to a need-to-know basis, and use secure communication channels. Regular audits are also crucial to keep information-sharing practices in line with privacy standards.
- Additional read: discover how to run an effective board meeting in our dedicated article.
Why is confidentiality important in board meetings?
During board gatherings, directors and executives discuss sensitive topics that could have serious consequences if not handled properly. Here’s why confidentiality is so important:
- It protects strategic plans and competitiveness. Confidentiality keeps strategic initiatives secure, preventing competitors from gaining an advantage.
- It ensures legal and regulatory compliance. Companies can avoid legal breaches, fines, and penalties by protecting sensitive discussions.
- It promotes fulfilling a fiduciary duty. Confidentiality is part of the director’s fiduciary duty to act in the organization’s best interests.
- It encourages open discussion and board transparency. Directors can speak freely and make decisions independent of outside pressure.
- It allows for managing risk. Proprietary information protection reduces the risk of corporate malpractice such as insider trading, intellectual property theft, and reputational harm.
- It promotes ethical governance. Compliance with the confidentiality policy indicates integrity and encourages directors to operate ethically.
Are the minutes of board meetings confidential or public?
Meeting minutes are a legal record that captures what occurred during board meetings. The confidentiality of these minutes varies depending on the type of organization and its policies.
The organization’s board of directors in public companies follows strict confidentiality rules, disclosing key information to shareholders while keeping sensitive matters private. Sensitive topics typically include strategy, legal matters, or personnel issues.
In contrast, private company boards have more flexibility regarding confidentiality. They are governed primarily by internal policies and agreements rather than strict public disclosure rules. This allows them to keep their minutes entirely private unless otherwise required by stakeholders.
- Additional read: Are board meeting minutes public or private?
In certain situations, investors may suggest conducting open meetings to gain assurance their funding is used properly.
Charity organizations also must draft minutes to comply with state laws and existing bylaws. However, nonprofit board meeting minutes must be shared carefully, particularly when they involve sensitive donor or operational information.
Both public and private companies sign non-disclosure agreements (NDAs) and insider trading policies. However, public companies face more scrutiny and litigation risk due to their transparency obligations.
- Interesting fact: The duration of board meetings can impact the depth of detail in the minutes, raising questions like, how long should a board meeting last?
Here’s a detailed comparison of applicable regulations to both private and public boards.
Aspect | Public boards | Private boards |
Regulatory requirements | Governed by SOX, SEC, and stock exchange rules requiring public disclosures. | No public disclosure mandate; confidentiality is governed by private agreements. |
Confidentiality agreements | Standard NDAs due to regulatory and public accountability. | Customized NDAs based on investor and management agreements. |
Board transparency | Must disclose key financials and material events to the public. | Limited disclosure to select stakeholders |
Meeting confidentiality | Summarized in public disclosures for compliance. | Detailed discussions stay confidential. |
Insider trading | Strict SEC rules; trading on non-public info is prohibited. | Less stringent but still subject to insider trading rules if investors are external. |
Third-party confidentiality | Limited sharing without disclosure; sensitive to SEC rules. | Bound by contract; less regulatory oversight. |
Litigation risk | Higher due to public exposure; failure to disclose may lead to lawsuits. | Lower but still liable to investors for breaches of duty. |
Reporting | Required to file quarterly and annual reports (10-K, 10-Q). | Not required but may issue reports to investors. |
Director liability | High due to regulatory scrutiny; D&O insurance standard. | Liability exists but with less public exposure; D&O insurance varies. |
Media relations | High public and media scrutiny; cautious disclosure essential. | Limited media involvement; disclosures are typically private. |
- Useful tip: Download our free customizable board meeting minutes template to save time on preparations.
How to create a board confidentiality agreement?
A board confidentiality agreement is a legal document that protects the privacy of board discussions, decisions, and documents. It prevents unauthorized information sharing and is also known as a board member nondisclosure agreement.
Here are the main steps in creating a board member non-disclosure agreement:
- Seek legal advice. Consult with general counsel or an attorney. This ensures the agreement complies with all relevant laws and addresses the necessary details.
- Legal review and customization. Also, leverage third-party expertise to tailor the document to the company’s needs. Have the agreement reviewed by legal professionals to ensure legal compliance.
- Acknowledge and securely store the agreement. Once signed, retain the document as an official record to provide a legal foundation for any future confidentiality issues.
Leaders must know the key components of any confidentiality agreement. The infographic below outlines what should be included.
- The definition of confidential information is that privileged information must be kept confidential. This may include discussions, internal documents, and records.
- Board member obligations specify that all confidential information is private and only used for board-related purposes.
- Scope and duration define how long confidentiality must be maintained and how far that confidentiality reaches in terms of personnel. Typically, it lasts during board service or even after leaving the board.
- Permitted disclosures list situations where disclosure is allowed, such as when required by law.
- Breach consequences explain the penalties for violating confidentiality, such as legal action or removal from the board.
- The signature section confirms the legitimacy of the document. The agreement comes into force if signed by all board members and representatives.
Eleven best practices for protecting confidential information during board meetings
Following practical recommendations on data protection can help directors greatly improve the security of their board gatherings:
- Adopt advanced biometrics, such as facial recognition combined with voice recognition or retina scans, to control access to physical and virtual meeting spaces.
- Prohibit or strictly regulate the use of personal electronic devices that could record or transmit information.
- Use encrypted virtual meeting platforms, such as board portals, to prevent interception.
- Require all participants to sign NDAs outlining their obligations regarding confidential information.
- Allow access only to the specific segments of data needed for a particular meeting agenda item to minimize exposure of unrelated information.
- Use AI-driven behavioral analytics to identify unusual behavior among board members or meeting participants, flagging potential insider threats or compromised accounts.
- Shred physical documents after use to prevent retrieval. Ensure electronic files are also deleted from temporary storage and backups.
- Use invisible digital watermarks to trace document origins and access patterns for quick identification of leaks or disclosures.
- Apply intelligent redaction tools that automatically hide sensitive parts of documents based on user permissions, showing only the necessary information.
- Use board management software to limit screen-sharing capabilities to pre-approved sections of the presentation or document.
- Conduct regular red teaming exercises, and events where security experts simulate attacks to test and improve protection measures.
What happens if confidentiality is breached?
A confidentiality breach can have far-reaching consequences, affecting individuals, organizations, and even national security. Here are some potential scenarios across different sectors:
Legal and financial consequences
Beyond the immediate impact of regulatory fines, confidentiality breaches erode customer trust, threaten shareholder confidence, and may even reduce stock value.
For example, in 2018, Marriott International experienced a significant data breach that compromised the personal information of nearly 500 million guests. This incident not only resulted in over $23 million in regulatory fines but also intensified shareholder concerns over Marriott’s security protocols and overall risk management.
Reputational damage
Customers expect companies to protect their personal and financial information. A breach destroys trust, making it difficult for companies to retain and attract clients.
For example, Facebook (now Meta) faced a major scandal in 2018 with the Cambridge Analytica data breach. Data from millions of users was improperly accessed and used for political consulting purposes. This incident led to a severe backlash, destroyed user trust, and increased regulatory scrutiny.
Operational disruption and cybersecurity risks
Breaches make organizations vulnerable to further attacks, as exposed data can attract cybercriminals and lead to phishing, identity theft, or ransomware. In July 2019, Capital One suffered a breach exposing the personal information of around 100 million individuals in the U.S. and six million in Canada.
As a result, the social security numbers, bank account information, and credit card data were compromised. A former Amazon Web Services employee exploited a misconfigured firewall to access Capital One’s cloud storage.
Government and national security risks
In 2023, PricewaterhouseCoopers (PwC) Australia faced a significant breach of confidentiality when a former partner, Paul McNab, disclosed confidential Australian tax information to international colleagues, including Matthew Chen of PwC’s Washington National Tax Services.
This unauthorized sharing of sensitive government data led to a comprehensive investigation by the Australian Federal Police and prompted a review of PwC’s engagement and confidentiality practices.
Key takeaways
- Protecting sensitive board discussions is crucial for preventing financial, reputational, and legal risks. Confidentiality supports effective governance and decision-making.
- Board meeting minutes confidentiality varies: public companies must balance disclosure with privacy, while private companies have more flexibility.
- Key measures for maintaining confidentiality include using secure communication channels, confidentiality agreements, and limiting document access.
- Breaching confidentiality can lead to financial, legal, and reputational consequences, emphasizing the need for robust safeguards.