1. Source of the Duty of Confidentiality

Like their for-profit counterparts, board members of a non-profit corporation are in a fiduciary relationship with the corporation. This means that they are obliged to act honestly and in good faith in respect of the corporation. The obligation has many components, including a duty to avoid conflicts of interest and a duty to avoid abusing their position to gain personal benefit. One component of board members’ fiduciary obligation is a duty to maintain the confidentiality of information that they acquire by virtue of their position.

  1. When is the Duty of Confidentiality Engaged

Board members’ duty of confidentiality can affect their actions in a variety of scenarios. Below are some examples of situations in which the duty of confidentiality can become engaged.

  • In some cases, the duty of confidentiality may relate to the disclosure of personal information to which the board member is privy as a result of his or her position, for example personal health information, employee information, or information regarding a member’s financial position.
  • In some circumstances, the duty of confidentiality may be closely linked with directors’ duty to avoid conflicts of interest. For example, a board member may have loyalties towards a constituency, special interest group or individual within the membership of the organization. If the board is engaged in making a decision that the group or individual has a position on or would be affected by, it would be inappropriate for the board member to share with the group or individual information that the board member learned through his or her position. It is the board member’s duty to maintain the confidentiality of information gained through his or her position, regardless of obligations or loyalties to other organizations or individuals.
  • The board may engage in heated discussion in the course of decision-making. It would be inappropriate for a board member to gossip among the wider organization about “who said what” after the decision has been made or during the course of discussion.  
  1. Consider Developing a Confidentiality Policy

Board members’ duty of confidentiality results from their fiduciary obligations to the corporation, and does not depend for its existence on the creation of a policy or other instrument. If it has not already done so, however, a board may wish to consider instituting a governance policy with respect to confidentiality. As a matter of best practices, such a policy can be used to reflect and clarify the expectation for its members and to explain the application of the duty.

Once approved by the board on a motion, the confidentiality policy would govern future decisionmaking and action, and could form the basis for the development of more detailed procedures, if required. Board members participate in policy making as a group, providing an opportunity for members to familiarize themselves with this aspect of their fiduciary responsibilities and to consider how the duty of confidentiality applies in the context of their organization. As with all policy decisions, it is wise to record a confidentiality policy in a policy manual or handbook, to ensure that it is readily available for referral.

A confidentiality policy may, among other things:

  • Identify its purpose.
  • Define to whom the policy applies: board members? non-board committee members? staff?
  • Identify the directors’ duty of confidentiality, and define its scope: for example, not to disclose or discuss with another person or entity, or to use for their own purpose, confidential information concerning the organization’s affairs received in their capacity as directors, unless the board authorizes such disclosure. 
  • Provide that board members not make any statement to the press or the public unless authorized to do so by the board.
  • Require that board members and anyone else to whom the policy applies review and sign the policy.
  • Define what matters are considered confidential.
  • Provide a process by which the board may authorize disclosure of confidential matters.
  • Provide a process by which meetings or portions of meetings may be held in camera.
  • Link to or combine with the organization’s privacy policy or conflict of interest policy. 
  • Link to or combine with the organization’s confidentiality policy for staff.  
  1. Consequences of Breaching the Duty of Confidentiality  

The organizational consequences of a confidentiality breach at the board level will vary. If board members do not have confidence that their colleagues will keep board discussions in confidence, the organization’s governance will suffer, since good governance requires full and frank disclosure at the board level. In addition, individuals or the organization itself may be harmed by the inappropriate disclosure of information.

What if a board member disagrees with a board decision? How can he or she register his or her disagreement, if bound by confidentiality? Once passed, a board decision becomes a decision of the board as a whole, to be complied with by all. A director who disagrees with a board decision may register dissent, however, and if seriously at odds with board policy, should consider resigning.

Creating a policy could help your board deal with issues before they arise.