Skip to Content (custom)


Confidential Business Information: Protecting an Organization’s Most Valuable Secrets

  • Information governance

When it comes to the true source of a company’s value, it’s not necessarily in the products or the services they offer, nor is it in the brand they’ve carefully developed. The core of a company’s value is in the trade secrets and special processes used to create those products or provide those services. It’s in the marketing strategies, board meeting minutes, contact lists, along with many other forms that provide unique insights used in building their brand. In other words, a company’s value is roughly equal to the value of their confidential business information.

Confidential business information (CBI) can come in many forms and is defined differently from organization to organization, but it is always the most valuable asset any company owns. It’s estimated that IP makes up about 70% of a publicly listed corporation’s value, and IP theft costs companies up to $600 billion every year. Clearly, allowing CBI to get into the hands of bad actors can prove catastrophic. That’s why it’s critical for companies to protect the sensitive information from which its value is derived.

Tips on Protecting CBI

CBI is often at its most vulnerable during litigation, as this is a time when sensitive information may by necessity need to be shared with lawyers or possibly even competitors. For organizations and their legal counsel looking to better protect CBI in these situations, consider the following:

Proactively Identify CBI and Create Policy Around It prior to litigation arising

There are times when a company’s personal information isn’t recognized as confidential or highly valuable during litigation, either due to varying definitions of CBI between lawyer and client or a general lack of investment in identifying and protecting CBI from either side. Lawyers need to explicitly discuss what their client considers confidential and come to an agreed upon definition of that term. Have these conversations with the business stakeholders not just the legal team.

Identifying highly valuable, sensitive information isn’t always as clear cut as it may seem. It’s not just secret recipes or unique processes that require protection.

Some examples of less obvious CBI can include the following:

  • Supplier lists: Not only can a supplier list reveal vital information about recipes, processes, and manufacturing methods, but it can also reveal important financial information regarding manufacturing costs.
  • Customer lists: If a competitor knows the names of the customers a company has deals with, they can potentially undercut those deals in an effort to steal those customers away. 
  • Rejected business plans/Draft plans: A company may not have gone through with a given business plan, but there may still be sensitive details contained within that plan which can prove compromising if they were to fall into the wrong hands. 
  • Financial information: Contained within some financial statements can be highly sensitive information, such as names of customer and suppliers.

Defining CBI with clarity and being sure to label documents as confidential or even more sensitive labels such as Attorneys’ Eyes Only is critical to avoiding a sensitive data breach during litigation. Some lawyers and clients go as far as developing a playbook to help them stay on the same page regarding the identification and handling of CBI. 

Protective and eDiscovery Orders

Protective orders are a common method of governing disclosure and use of certain CBI documents during litigation. However, no two protective orders are created equally, and therefore each one needs to be tailored to the case and client in question. Lawyers need to understand not only what information needs to be protected, but exactly why it needs protection, as a strong case must be made to the judge for the order to be granted.

Depending on the case, it may be prudent to consider designating two tiers of protection to client CBI: confidential and Attorneys’ Eyes Only (AEO). This allows certain sensitive information to be shared between both parties while still withholding information deemed particularly sensitive without hindering attorneys in the process.   

It’s also crucial to protect against accidental disclosure of CBI during eDiscovery. The sheer volume of data that can change hands during eDiscovery makes it remarkably easy for sensitive information to slip through the cracks if the party providing that information are not cautious and diligent. Part of that caution and diligence should include a protective order that can not only reduce the amount of data a client needs to hand over but can also ensure the protection of the data that is shared by providing encryption, access controls, and more.

Analytics and AI 

Electronic data can be incredibly dense and difficult to filter through when searching for CBI. However, a dedicated enough competitor can very well parse trade secrets that companies may not even realize are contained within that data. Using analytic and AI tools can help to efficiently identify CBI in dense data and keep it protected.  

Managed Services 

Working with a third-party service provider can help companies gain access to CBI experts who not only have the expertise necessary to identify and protect sensitive information, but also have access to cutting-edge technology that can streamline and strengthen that process. These professionals can help develop policy, create playbooks, tweak protective or eDiscovery orders to help ensure that they’re comprehensive and airtight, assist with deploying those policies and playbooks consistency across matters, and much more. 


Confidential business information is the core of a company’s value. It’s the thing from which that company’s products and services derive their value, and it’s what allows their operations and marketing efforts to be uniquely successful. Protecting CBI is crucial, particularly during litigation, as information is always most vulnerable when it’s changing hands. Proactively identifying and forming policy around CBI can help to protect it, as can court-ordered protections, but organizations looking to take that extra precautionary measure may want to consider working with a team of third-party experts with the knowledge, experience, and cutting-edge tools needed to protect sensitive, high value information.      

If you are interested in learning more on this topic, consider watching Confidential Business Information: The Data That No One Is Thinking About.

The contents of this article are intended to convey general information only and not to provide legal advice or opinions.

Subscribe to Future Blog Posts

Learn more about Epiq's Service offerings
Our Services