A. SOURCE OF DUTY OF CONFIDENTIALITY

Like their for-profit counterparts, board members of a not-forprofit corporation are in a fiduciary relationship with the corporation. This means that they are obliged to act honestly and in good faith in respect of their role within the corporation. The obligation of board members has many components, including a duty to avoid conflicts of interest and a duty to avoid abusing their position to gain personal benefit. Another component of board members’ fiduciary obligation is a duty to maintain the confidentiality of information that they acquire by virtue of their position within the corporation.

B. WHEN IS THE DUTY OF CONFIDENTIALITY ENGAGED?

Board members’ duty of confidentiality can affect their actions in a variety of scenarios. Below are some examples of situations in which the duty of confidentiality could become engaged.

  • In some cases, the duty of confidentiality may relate to the disclosure of personal information to which the board member is privy as a result of his or her position. Such information could include, for example, personal health information, employee information, or information regarding a member’s, director’s or client’s financial position.
  • In certain circumstances, the duty of confidentiality may be closely linked with directors’ duty to avoid conflicts of interest. For example, a board member may have loyalties towards a group that nominated him or her, a special interest group or an individual within the membership of the organization. If the board is engaged in making a decision on which the group or individual has a position or by which the group or individual would be affected, it would be inappropriate for the board member to share with the group or individual information what the board member learned through his or her position. It is the board member’s duty to maintain the confidentiality of information gained through his or her position, regardless of obligations or loyalties to other organizations or individuals.
  • The board may engage in heated discussions in the course of decision-making. It would not be appropriate for a board member to gossip to the wider organization or the public at large about “who said what” after the decision has been made or during the course of discussion.

C. CONSIDER DEVELOPING A CONFIDENTIALITY POLICY

Board members’ duty of confidentiality results from their fiduciary obligations to the corporation, and does not depend for its existence on the creation of a policy or other instrument. However, if it has not already done so, a board may wish to consider instituting a governance policy with respect to confidentiality. As a matter of best practices, such a policy could be used to reflect and clarify the expectation for the corporation’s members and to explain the application of the duty.

Once approved by the board, the confidentiality policy would govern future decision-making and action. The confidentiality policy could also form the basis for the development of more detailed procedures, if required. Board members participate in policy-making as a group, providing an opportunity for members to familiarize themselves with this aspect of their fiduciary responsibilities and to consider how the duty of confidentiality applies in the context of their organization. As with all policy decisions, it is wise to record a confidentiality policy in a policy manual or handbook, to ensure that it is readily available for referral.

A confidentiality policy may, among other things:

  • Identify its purpose.
  • Define to whom the policy applies: Board members? Non-board committee members? Staff?
  • Identify the directors’ duty of confidentiality, and define its scope: For example, not to disclose or discuss with another person or entity, or to use for their own purpose, confidential information concerning the organization’s affairs received in their capacity as directors, unless the board authorizes such disclosure.
  • Require that board members refrain from making any statement to the press or the public unless authorized to do so by the board.
  • Require that board members and anyone else to whom the policy applies review and sign the policy.
  • Define what matters are considered confidential.
  • Provide a process by which the board may authorize disclosure of confidential matters.
  • Provide a process by which meetings or portions of meetings may be held in camera.
  • Link to or combine with the organization’s privacy policy or conflict of interest policy.
  • Link to or combine with the organization’s confidentiality policy for staff.

D. CONSEQUENCES OF BREACHING THE DUTY OF CONFIDENTIALITY

The consequences of a confidentiality breach at the board level will vary. If board members do not have confidence that their colleagues will keep board discussions in confidence, the organization’s governance will suffer, since good governance requires full and frank disclosure at the board level. In addition, individuals or the organization itself may be harmed by the inappropriate disclosure of information.

There is no precedent in Canada for a board member being removed for violating a confidentiality policy, although a violation of confidentiality could be considered to be a breach of fiduciary duty.

What if a board member disagrees with a board decision? How can he or she register his or her disagreement, if bound by confidentiality? Once passed, a board decision becomes a decision of the board as a whole, to be complied with by all. However, a director who disagrees with a board decision may register dissent. A director seriously at odds with board policy should consider resigning.