In the last decade, we have seen a massive switch from paper to digital record keeping in the workplace. Today, virtually all administrative, marketing and business work takes place online.
With more companies adapting digital efficiencies, the challenge in preserving trade secrets, client lists and business operations becomes greater. In other words, there are higher confidential risks with storing sensitive material online or in a company database, especially if a company’s greatest asset is their intellectual property.
In business, intellectual property (IP) often refers to proprietary software, marketing strategies, exclusive products, processes for manufacturing products, corporate branding and more.
Intellectual property is an asset worth protecting, but it is not the only sensitive material that can be compromised. Corporate documents, mailing lists, business plans, financial records, employee information and project proposals also need to be protected.
Unfortunately, employees pose the biggest risk to company confidentiality by divulging ideas, digital records and other private information. For this reason, there are some ways in which an employer can preserve the company’s integrity and reputation by proactively mitigating privacy risks in the workplace.
1. Use Employment Contracts with Confidentiality Clauses
By having new employees sign an Employment Contract with a confidentiality clause, they legally agree to keep confidential company information private. It also ensures employees will not compete with your business by partaking in similar business (referred to as “non-compete”), solicit other employees (“non-solicitation”) or reveal any sensitive information during or after their employment.
In the agreement, it’s important to define what is and what isn’t considered confidential information to eliminate any misunderstanding of the terms. Another consideration involves the ownership of newly created material, known as “work made for hire”. This is the material an employee creates while working for a company. The agreement should specify whether the company (owner) retains rights to the material after the employee has left the business.
It is considered a breach of contract when an employee discloses sensitive information after signing the employment agreement. In this case, the employer would terminate the employee or remedy the situation as specified in the agreement. Note that confidential clauses are only as effective as the employer’s ability to enforce them.
If your business regularly hires independent contractors, such as accountants, web programmers, writers, painters, plumbers and more, you would use an Independent Contractor Agreement instead of an employment agreement.
An Independent Contractor Agreement is similar to an Employment Contract but is tailored to contractor’s services specifically. It addresses the same confidentiality terms, such as non-compete, non-solicitation and protection of private information. This agreement is especially vital if the contractor will be directly exposed to sensitive content, such as a company’s finances. A written contract is the best way to lower risk and prevent any disclosure of materials to competitors or the public.
Be mindful that since contractors are not considered employees, they may retain the intellectual property rights to the material they create. For this reason, discuss who will retain these rights before doing business and specify ownership rights in the agreement to avoid misunderstandings.
2. Develop Confidentiality Training & Policies
Confidentiality training should be a key component in every company’s on-boarding process. These programs can be integrated as part of the employee handbook, through lectures or online training.
In addition to teaching employees how to handle and dispose of sensitive material, include information about confidentiality laws and the legal repercussions of violating company privacy policies. As your company grows, keeping this material up-to-date becomes more important to maintain legal protection.
There are two policies employers should try to implement as part of their confidentiality training:
Social Media Policy
The social web can have harmful effects on a company’s reputation and confidentiality. Yet only 29% of companies have social media policies.
The first risk is reputation. Take the case of Domino’s Pizza in 2009. Two of its employees recorded a video of making pizza while performing crude and unsanitary behavior. They uploaded the video to YouTube and soon it had 1 million views. As a result the employees were terminated, but Domino’s reputation was already damaged.
Simply put, you don’t want employees airing their grievances on Facebook, Twitter or any other social network.
The second risk is employees sharing private information in cyberspace, such as coworker personal information, potential business deals, client information, or current projects. What might seem like a harmless status update could result in severe liability for the company.
Establish a social media policy as part of your company’s efforts to preserve reputation and confidentiality. Clearly indicate the ethical guidelines for social media usage, if and how employees can speak about the company online, use of privacy settings, respecting copyright, what constitutes as confidential information, how to exercise proper judgment and the consequences of divulging information online.
If social media is part of your company’s marketing plan, designate trusted individuals to manage this space and ensure they also understand the policies inside and out.
Mobile Phone Policy
Personal mobile phone use in the workplace allows employees to instantly communicate with friends, family or competitors, and compromise data in ways that don’t seem obvious, such as taking photos, dispelling private information and uploading sensitive material to their device.
A mobile phone policy should cover permitted and prohibited uses of communication devices in the workplace, as well as the consequences for violation of the policy.
3. Create a Response Plan & Employee Exit Procedure
Devise a response or contingency plan in the event confidential information becomes revealed. Plan for specific situations, such as published trade secrets or an employee divulging information to competitors. The more circumstances you cover, the more prepared you will be should confidentiality violations occur.
Assemble a team for the process and address how to assess the damage or risk. Include steps to secure the information or remedy the situation. Such examples may include removing information from the source, locating copies of sensitive material, taking legal action, as well as carrying out the consequences you noted in your agreement if the compromise was a result of employee negligence.
In addition to a solidified response plan, create a standardized exit process for employees. Again, this is to ensure they don’t take any confidential material with them. Standard exit processes include an exit interview in which employees are required to submit all prior work and return company property. The exit process should also disable all employee accounts, emails, and remote cloud access to business records.
After you have informed your employees of confidential policies, it’s important to generate a trusting relationship with them. Although this won’t provide any guarantees, it won’t make you any enemies — which can lead to mutual respect regarding company information.
If you are concerned about confidentiality in the workplace, take proactive steps to protect your business through written agreements. And for extremely sensitive material, only permit access to those who you can trust completely.