Of the four core legal duties of an Australian company director — care and diligence, good faith, not misusing position, not misusing information — the duty around information is the one new directors most often misunderstand. The misunderstandings aren't usually malicious. They're a function of the duty being explained quickly during onboarding, treated as obvious by experienced directors, and then never revisited until something goes wrong.
Here are the five things new directors most often get wrong about board confidentiality, in roughly the order they cause problems.
1. They think confidentiality only applies to formal board papers
Many new directors assume that confidentiality applies to documents marked confidential — board papers, financial reports, legal advice. They assume that conversations, observations, and inferences from board meetings are different.
They aren't. Confidentiality applies to all information directors receive in their capacity as directors, regardless of whether that information is in a document or was raised verbally, regardless of whether the chair specifically marked it as confidential. The default assumption is that board information is confidential. Anything that's intended to be public is specifically authorised for external sharing.
A new director who, after an in-camera discussion about CEO performance, mentions to a friend that "the board is going to have a tough conversation about the CEO soon" has breached confidentiality. Even though they shared no specifics. Even though they didn't share documents. The fact of the discussion having happened is itself confidential.
2. They think they can share with their employer
Many directors hold their board role while also working in a senior role at another organisation — often one with adjacent interests, customers, or supply chains. The new director's instinct is that their employer has a legitimate interest in knowing what they're learning at the board.
The instinct is wrong. The director's duty of confidentiality runs to the organisation they're a director of, not to their employer. Sharing board information with their employer — even at high levels, even in general terms — is a breach.
This is particularly difficult for directors whose board appointment is connected to their employer's interest in the sector. The fact that the employer encouraged the appointment, or even pays the director's board fees, doesn't create a right to information flow back to the employer. The boardroom is sealed.
3. They think confidentiality ends when their term ends
Confidentiality doesn't end with the term. Information learned as a director remains confidential after the director leaves the board. There's no expiry date. A former director who, two years after stepping down, shares insights from a board meeting they attended four years ago has still breached confidentiality.
This is particularly relevant for directors who go on to media careers, consultancy practices, or other public roles. The temptation to use insider perspective from a past directorship can be substantial. The duty doesn't soften because time has passed.
4. They think internal sharing is different from external sharing
Some directors believe that sharing board information with staff of the organisation — particularly senior staff they have relationships with — is different from sharing externally. They think internal sharing is somehow within the system.
It isn't. Confidentiality runs to the board. Staff who have not been authorised to receive specific information have not been authorised to receive it, regardless of their seniority. A director who calls the CFO to discuss something raised in an in-camera session — without the CEO's knowledge — has breached confidentiality, even though the CFO is internal to the organisation.
The exception is communication with the CEO. The CEO is the board's primary management interface, and substantial information flow between directors and the CEO is appropriate. But the principle remains: information from the board flows out only through authorised channels, not through director-staff side conversations.
The default assumption is that everything you learn at the board is confidential. The exceptions are specific, authorised, and rare.
5. They think social media is exempt
This is a 2026 problem that didn't exist for boards 20 years ago. New directors often share things on LinkedIn, Twitter, or other platforms that they would never share in a public statement — because social posts feel personal, casual, in-the-moment.
They aren't. A LinkedIn post is a public statement. A tweet is a public statement. A general comment about "exciting things happening at [organisation]" — when the exciting things refer to internal discussions not yet made public — is a disclosure of confidential information.
The test isn't whether the post mentions specifics. The test is whether the post is informed by confidential knowledge in a way that conveys information the public didn't have before the post.
What to do when you're unsure
The right test for new directors, when uncertain whether something can be shared, is to ask the board chair before sharing rather than after. Most chairs would much rather have a quick conversation with a director who's checking than a remediation conversation with a director who's already shared.
A useful internal test: would I be comfortable if the board chair, the CEO, and my fellow directors all heard me saying this externally? If the answer is yes, it's probably fine. If the answer is no, it's not. Most breaches happen in the gap between those two answers — when the director has rationalised that "they wouldn't really mind" without actually checking.
The deeper point
Board confidentiality is sometimes presented as a legal technicality. It isn't. It's the foundation of how boards function. Directors share candidly in the boardroom because they trust that what's shared stays in the room. The moment that trust breaks, directors stop sharing candidly. The board becomes performative — directors saying only what they're prepared to have repeated, not what they actually think.
A board that's lost confidentiality discipline is a board that's lost its capacity for honest discussion. And a board without honest discussion can't do its job. The duty isn't a technicality. It's the operating condition for everything else.
If your board hasn't had a structured conversation about confidentiality in the past 12 months, this quarter is when to have one. Not because something's gone wrong. Because the discipline needs maintaining before it does.
