Clear and Simple Confidentiality Notice

We wanted to create a confidentiality notice that resembles us. Well-written, these few lines can effectively manage risk by targeting the right messages.

Curious to know our simplification process?

Before

Confidentiality Notice

This message, together with any file attached thereto, is intended exclusively for its recipient(s); It may contain confidential information. If you are not the recipient of this message, we hereby notify you that any use, reproduction or dissemination of this message and any file attached thereto is strictly prohibited. If this message has been sent to you by mistake, please notify the sender promptly by returning the message and then destroy it, as well as any attached files without retaining copies. Nothing in this notice can be construed as going against the Copyright Act (R.S., 1985, C. C-42).

After

Not the person to whom this message is intended?

That's embarrassing. This message is confidential, including attachments and other messages it contains. Here's what to do:

1. Don't read any more! And do not communicate the content.
2. Delete this message, first in your Inbox, and then in your trash.
3. Write me a separate message to inform me of this error.

Thank you for your cooperation.

Diagnosis: Why the traditional version is problematic

This is why traditional confidentiality notices are not effective:

• The title "Confidentiality Notice" is not very engaging.
• The text is usually dense, and sometimes complex. Often, the graphic presentation requires reading through the full paragraph to make sense of it.
• Readers receive a considerable number of e-mails each day. Their attention span is very limited.
• Target readers cannot effectively determine if the information concerns them before reading the full notice. If they do read it, they cannot quickly determine what to do.
• Readers have learned that reading a privacy or confidentiality notice is usually useless.
• Risk management is based entirely on the mistaken recipient's collaboration. Not only do recipients have to read the entire notice, but they have no incentive to collaborate. They could very well lost interest and choose to keep a confidential email without you ever being informed. So, you might as well simplify it for them.

Our simplification process in 4 steps

1. Identify your target audience

Who should read our confidentiality notice? In our opinion, this notice only concerns people who have received a confidential e-mail by mistake.

We could have targeted a second audience: when the recipient is the right one, but he or she does not have the right to communicate the information to other people. In our opinion, the confidentiality notice is not the appropriate place to inform that person of his or her obligations. It is best to do so upstream, either at the beginning of the business relationship, in a contract, or in the body of the email if the confidential nature of the email is occasional.

2. Define the communication goal

Our confidentiality notice should aim at two goals:

1. Capture the recipient’s attention.
2. Trigger an action: delete the confidential information received by mistake.

Note: your communication goal is not a legal or compliance goal (“managing the risk of leaking confidential information”). It’s what you want to achieve, from your reader’s perspective.

3. Identify key messages

To reach our goals, we need to articulate the right messages.

• How to capture attention? Readers have learned that confidentiality notices are off-putting and that most of the time, they are not concerned by these few lines. We thus need to send a strong signal. Our solution: a title that allows the target audience to know immediately whether what follows concerns them. We also use a graphic presentation that feels simple at the outset.
• How can the recipient remove all confidential information? To make the task easy on our recipient, we have chosen to list the actions they must take. This approach responds to the information needs of our target audience without threatening them. Let’s not forget that we depend on their collaboration!

4. Identify important secondary messages

Our target audience is not primarily computer or legal experts. Here are some things that are not obvious to most people:

• What's confidential? Not only the email as such, but also all attachments and any previous email that could be part of the discussion thread.
• How do I delete this content? The recycle bin is where deleted messages go to die. But before they disappear forever, they are stored for a certain length of time. Sending an email to the trash is not enough, you also have to remove it permanently from within the trash.
• How do I report an error? Chances are that the recipient will want to respond directly to the email. It is after all the simplest and most usual method. But doing so will create a copy of this email in the Sent messages box. These messages are also kept, usually even longer than in the trash. We have made it clear to the recipient that they should report this error in a separate message, after deleting it permanently.

These secondary messages seemed to us to be lacking in traditional confidentiality notices. Yet, they can effectively manage risk by meeting the actual information needs of the target audience.

Some mistakes to avoid

The difficulty with communication is the illusion that it has been accomplished. To be understood, you must first be read. Here, we need to keep it short to avoid destroying the fragile motivation that drives our readers.

Here are some messages to avoid:

• The title "Confidentiality Notice". Ugh… so boring! For the reader, this title mainly conveys the idea that reading the paragraph will be cumbersome, complex, and probably useless. The objective is to capture the attention, not to scare the reader away.
• The legal consequences for the person who keeps confidential information. This information is clearly relevant for your reader, but is it wise to mention it? Remember that you are counting on your reader’s collaboration. Communicating about the risks could be perceived as threatening, thus destroying the possibility of any collaboration on their part.
• Any other generic message that is not directly related to your communication goals. Given the context of reading (an email among many others), your confidentiality notice is not the appropriate place for this kind of messages.

The key to brevity? Do not indulge yourseflf anymore than what is strictly necessary or important to achieve your communication goals.