Public information is primarily information that is made available either to the larger public or
to specific individuals who need it. Financial statements of a privately held organization might
be information that is available publicly, but only to individuals or organizations that have a
legitimate need for it.
The important thing to keep in mind is that an organization needs to develop policies about
what information is available and for what purposes it will be disseminated. It’s also helpful to
make sure that members of the organization know who has authorization to make these kinds
of disclosures. There are organizations that gather competitive data for a fee; they often use
social engineering approaches to gain information about a business. Good policies help prevent
accidents from occurring with sensitive information.
The following sections discuss the difference between limited and full distribution.
Limited distribution information isn’t intended for release to the public. This category of infor-
mation isn’t secret, but it’s private. If a company is seeking to obtain a line of credit, the informa-
tion provided to a bank is of a private nature. This information, if disclosed to competitors, might
give them insight into the organization’s plans or financial health. The information, if disclosed to
customers, might scare them and cause them to switch to a competitor.
Some End User License Agreements (EULAs) now limit the information that
users can disclose about problems with their software. These new statements
have not yet been challenged in court. Try to avoid being the test case for this
new and alarming element of some software licenses; read the EULA before
you agree to it.
These types of disclosures are usually held in confidence by banks and financial institu-
tions. These institutions will typically have privacy and confidentiality regulations, as well as
policies that must be followed by all employees of the institution.
Software manufacturers typically release early versions of their products to customers who are
willing to help evaluate functionality. These early versions of the software may not always work
properly, and they have features that aren’t included in the final version. This version of the software
is a beta test. Before beta testers are allowed to use the software, they’re required to sign a nondis-
closure agreement (NDA). The NDA tells the tester what privacy requirements exist for the product.
The product being developed will change, and any problems with the beta version probably won’t
be a great secret. However, the NDA reminds the testers of their confidentiality responsibilities.
NDAs are common in the technology arena. Make sure you read any NDA thor-
oughly before you sign it. You don’t have to sign an NDA to be bound by it: If
you agree that you’ll treat the information as private and then receive the infor-
mation, you have in essence agreed to an NDA. In most cases, this form of ver-
bal NDA is valid for only one year.
Statements indicating privacy or confidentiality are common on limited-access documents.
These statements should indicate that disclosure of the information without permission is a
breach of confidentiality. This may help someone remember that the information isn’t for pub-