Confidential business information in the Republic of Croatia is regulated in an insufficient mode - the Data Confidentiality Act provisions are still on force for more than 20 years, and entirely inadequate for today's time. Considering that information is now greatly kept in electronic form, it is necessary by the internal documents, and in accordance with the existing outdated legislation, to regulate in detail the issues of confidential business information. In case of exchange of business information which are confidential - it is necessary to sign the appropriate contract between the parties. This paper is about existing of legal shortcomings and how to overcome them in practice.