Thumb drives, cloud computing and personal devices have created easy ways to transport trade secrets, confidential, and proprietary information. The most common cases involve former employees taking information to new employers, your competitor. However, there’s a growing market of end users willing to pay for or trick employees into releasing confidential information.
The first step employers should take is to deter- mine what should be protected. Next, refine policies to include those specifics, such as client names and contact information, sources for supplies, proprietary processes or formulas.
Non-disclosure agreements benefit by including these specifics, not only because they are more likely to be upheld; but because it clarifies expectations. Expectations can benefit from explicit clarity by categorizing information and describing how the information should be treated.
These categories may include “top secret” trade secrets such as the recipe for Coca-Cola. Few people have access to this recipe and those people know the boundaries of its use.
Your company may not have a top secret as cru- cial as the Coca-Cola recipe. However, pricing formulas, financial information and specific databases may be just as important to your business.
Establish a confidentiality level for each type of information. For instance, documents such as email lists may be considered “important;” customer information and contract terms, “confidential;” and sensitive financial information, “crucial.” With these classifications, the employer can determine who should have access and what safeguards are in place.
All new hires need to be trained in the company’s security policies. In our Facebook world, employers must teach employees why confidentiality is important, how to handle and resolve issues involving confidential information, as well as what information is confidential. Consider developing a job aide describing how to identify, label and store sensitive information, as well as refresher courses as part of your annual safety program.
Employees who handle proprietary/confidential information should provide a written acknowledgement of their understanding of what consti- tutes confidential information, the damage that could result in connection with disclosure and how they were instructed to handle the information and react to any breech.
Finally, fight technology with technology. Enforce effective password protection usage. Utilize encryption to protect confidential communications. Firewalls will eliminate access from outside net- works and protect data from outside users. Disable unneeded USB and DVD ports. There are software programs available to catch accidental breeches. Web and email filtering systems block traffic and access. Determine what security systems your information requires.
Technology has created the momentum for world change; we must learn to adapt by using technology while maintaining a human connection in order to maintain a safe and healthy workplace.
What employers should do:
1. Review your non‐ disclosure and confidentiality policies and agreements.
2. Specifically determine what should be protected.
3. Train employees how to handle the specific classifications of information.
4. Include confidentiality statements in your related policies.
5. Enforce security through policy, training and technology.
6. Review related policies with existing employees.