Protecting Non‑Public Information: What to Say When Refusing to Share Sensitive Details

Step 1 – Frame the compliance context

Refusing to share non‑public information (NPI) is not impolite or evasive; it is a professional duty that protects you, your firm, your counterparty, and the market. In typical deal workflows—such as mergers and acquisitions, capital raises, or strategic partnerships—confidential information moves within structured boundaries. These boundaries are created by legal instruments and process controls, and your language needs to reflect them.

First, understand what counts as non‑public information. NPI includes any information that is not available through public channels (e.g., press releases, regulatory filings, company websites) and that could reasonably affect decisions or confer an unfair advantage if disclosed. Financial performance ahead of publication, unannounced leadership changes, customer lists, technical specifications, draft contracts, and deal timelines are common examples. Even confirming that a rumor is untrue can be problematic if it reveals your proximity to sensitive content. In other words, both “telling” and “confirming/denying” can be disclosures.

Second, recognize how formal structures organize and restrict access. An NDA (non‑disclosure agreement) sets the legal basis for what can be shared and with whom. “Wall‑crossing” procedures ensure that only authorized individuals—who have agreed to specific restrictions—receive material non‑public information. A data room functions as a controlled environment where access is role‑based and auditable. These mechanisms are designed to limit leakage and provide a clear audit trail. When you refuse to share NPI outside these mechanisms, you reinforce the integrity of the process.

Third, refusal protects market integrity and avoids selective disclosure. Uncontrolled sharing can create unequal access to information, distort pricing, and undermine trust in the transaction. It may also violate securities laws and contractual obligations. By refusing, you reduce legal risk, safeguard your professional credibility, and maintain a fair playing field for all participants.

Finally, understand that a well‑phrased refusal does not damage relationships. In fact, it signals competence and reliability. Your goal is to be brief, neutral, and non‑confirmatory while directing the requester to appropriate, compliant channels. Treat refusal as a standard operating step, not a personal judgment. The more predictable and consistent your wording, the less room there is for pressure or misinterpretation.

Step 2 – Teach the refusal language toolkit

Your toolkit should help you speak precisely while avoiding accidental confirmation. Focus on four features: do/don’t phrasing, neutral verbs, non‑confirmation structures, and compliant alternatives. Also consider tone calibration—how formal or warm your language should be depending on the relationship and context.

• Do use neutral descriptors. Phrases such as “non‑public,” “outside scope,” and “subject to confidentiality controls” describe the status of the information without implying anything about its importance or accuracy. Avoid words like “critical,” “market‑moving,” or “immaterial,” which sound like judgments about the information’s significance.

• Don’t make materiality judgments. Never say “that’s not material” or “this wouldn’t move the market.” Those statements can be interpreted as opinions about relevance or value. Keep your language focused on policy, authorization, and process: “I’m not authorized to discuss that.”

• Do use neutral verbs that emphasize policy over content. Verbs such as “share,” “discuss,” “comment on,” and “circulate” frame the action, not the substance. This keeps you away from accidental content confirmation.

• Don’t confirm or deny specifics. Avoid statements that validate the existence, timing, or details of a topic. Use structures like: “I can’t comment on that,” “I’m not in a position to discuss that topic,” or “We’re limited to publicly available information.” These signal compliance boundaries without revealing whether a rumor is true or false.

• Do offer compliant alternatives. A refusal should not be a dead end. Direct the person to public sources (regulatory filings, official press releases) or formal channels (data room, approved Q&A process, counsel/compliance contact). This shows you are cooperative within the rules.

• Don’t improvise new channels. Never invent an informal workaround, such as a private call or unlogged message. Always point to systems that are documented and approved.

• Do calibrate tone. Keep your tone professional and steady. In a fast‑moving conversation, signal respect: “I understand the interest.” Then anchor to policy: “Given the confidentiality constraints, I can’t comment.” Finish with an alternative: “Please refer to the public materials or submit questions through the approved channel.”

• Don’t over‑explain. Long answers increase risk and create room for interpretation. Aim for minimal, clear, and repeatable language.

A helpful mental script is three parts: recognition, constraint, alternative. Recognize the request (“I understand why you’re asking”), state the constraint (“I’m not able to discuss non‑public information”), and offer an alternative (“Please see the public disclosures or submit through the data room Q&A”). This structure is polite, complete, and compliance‑ready without confirming anything.

Step 3 – Apply scripts to high‑frequency scenarios

While live examples are not provided here, you should internalize how the toolkit adjusts to common formats. The format changes, but the core pattern remains unchanged: recognition, constraint, alternative, and documentation.

• Live conversation deflection (phone or meeting): In real time, your priority is to stop the flow of sensitive questions without sounding evasive. Begin by acknowledging the question neutrally and then set a boundary anchored in process. Keep your speech steady and avoid nervous qualifiers. If the other party presses, repeat the boundary using the same core wording. Avoid entering a debate about whether the information is truly non‑public. Your anchor is authorization and policy, not your personal assessment.

• Email refusal: Written refusals must be crisp and auditable. Keep the subject line neutral and the body concise. Reference policy or scope rather than content. Include a clear pointer to public information or the formal Q&A process. Avoid forward‑looking comments, speculative phrasing, or statements that categorize information as significant or insignificant. Do not CC unnecessary recipients, but ensure appropriate internal visibility if policy requires it.

• Internal escalation note: When risk cues appear (e.g., a requester pushes beyond scope, cites ambiguous authorization, or hints at NDA circumvention), document the interaction for counsel or compliance. State only the facts: who asked, in what context, what was requested, what you said, and whether any next steps are planned. Avoid opinions about motives. The goal is to hand over a clean, concise record that allows experts to assess risk quickly.

• Documentation follow‑up: After a sensitive exchange, create a brief written record for your files. Date, time, participants, and a succinct summary of your refusal and the alternatives provided are usually enough. This documentation helps if questions arise later about selective disclosure or process gaps.

Across all scenarios, the risk lies not only in revealing data but in implying closeness to it. A calm, unvarying formula reduces that risk. Use consistent wording and avoid drifting into commentary about timing, likelihood, or impact.

Step 4 – Practice and adapt

In real work, you will need to adapt phrasing without weakening the compliance intent. Practice adjusting tone, jurisdictional nuance, and urgency while preserving the same core message: you will not share non‑public information outside authorized channels.

• Tone (senior vs. peer): With senior stakeholders, you may emphasize process and legal obligations more formally. With peers, you may keep the phrasing shorter and more collegial while remaining firm. The key is that both versions avoid confirmation and point to compliant alternatives. Do not let a friendly tone become casual disclosure.

• Jurisdictional nuance: Different jurisdictions may have varying disclosure regimes, insider trading rules, and regulatory expectations. Your language should be jurisdiction‑agnostic at the surface level—focused on authorization and channel—while you internally align with local counsel. Avoid referencing specific laws unless you are trained to do so. Keep statements consistent with your firm’s policy language, which is designed to be compliant across borders.

• Urgency: High‑pressure situations often tempt ad‑hoc disclosures. When urgency spikes—tight deadlines, market rumors, or investor demands—slow the conversation by returning to policy phrases and offering rapid compliant paths (e.g., “Please submit via the data room Q&A for a prompt review”). Never trade speed for compliance. If needed, escalate to counsel quickly and let them own the timing.

• Consistency across channels: Your voicemail, chat messages, and meeting notes should all reflect the same boundary language. Inconsistent tone or wording can be misread as uncertainty or selective openness. Treat every medium as discoverable and maintain the same non‑confirmatory structure.

• Documentation discipline: Each sensitive interaction should produce a minimal record. This is not bureaucratic—it's protective. If a leak is suspected, timestamps and wording matter. Practicing this habit ensures you are ready in stressful moments.

• Role clarity: Always know whether you are speaking in a public, restricted, or internal capacity. If you are “over the wall” for a specific project, your obligations change within that project but not outside it. Likewise, if you are not cleared, you should not seek or accept restricted information. Your language should signal your status only through policy, not through hints about what you do or do not know.

Embedding these habits will make your refusals sound natural and confident. The more you practice, the more you will reduce unnecessary friction while keeping risk low. Remember that “no” is not a personal rejection; it is a professional safeguard grounded in contracts, procedures, and law.

Risk cues and escalation thresholds

Knowing when to escalate is as important as knowing how to refuse. Certain cues indicate that the interaction may exceed your authority or that formal oversight is warranted.

• Pressing for details beyond scope: If a requester continues to push after you have set a boundary—especially for specifics about timing, pricing, counterparties, or draft terms—stop the conversation and escalate. Repetition of pressure is itself a red flag.

• Attempts to circumvent the NDA: Suggestions like “just between us,” “off the record,” or “can you share verbally” are clear risk signals. The form of disclosure does not change the obligation. Do not engage. Document and escalate.

• Ambiguous authorization: If someone claims they are “covered” without proof or asks to be “temporarily” added outside the formal process, do not accept. Treat all uncertain authorization as not authorized. Direct them to the proper process and alert compliance if the request persists.

• Suspected leak or rumor referencing confidential details: If you hear a rumor that aligns too precisely with restricted content, escalate immediately. Do not confirm, deny, or investigate on your own. Your role is to preserve the boundary and report the signal.

When escalation is needed, keep your internal note short and factual. Identify the parties, the request, your refusal language, and any next steps you proposed. Send it through the designated compliance channel. Avoid speculative commentary or blame. The goal is to enable a rapid, expert response.

Putting it all together

Effective refusal is a disciplined communication skill. It rests on three pillars: a clear understanding of the compliance context, a precise linguistic toolkit, and practiced application across common scenarios. Each pillar supports the others. Your knowledge of NDAs, wall‑crossing, and data room controls explains why you must refuse. Your neutral, non‑confirmatory language shows how to refuse without escalating tension. Your scenario‑based habits—live deflection, written refusal, internal escalation, and documentation—ensure you can act consistently under pressure.

The outcome of this approach is twofold. First, you reduce legal and reputational risk by avoiding selective or premature disclosure. Second, you maintain professional relationships by offering constructive, compliant alternatives. Over time, colleagues and counterparties will recognize your consistency as a sign of trustworthiness. That trust, combined with strict adherence to process, is essential for any high‑stakes transaction or sensitive internal project.

Make refusal routine, not exceptional. Keep your phrasing steady, your alternatives ready, your documentation complete, and your escalation path clear. With these practices, you protect the integrity of the deal, uphold your obligations, and communicate like a reliable professional in any confidentiality workflow.