Internet security icons setAnatoliy Babiy/Getty Images/iStockphoto
In today’s business world, confidential information such as customer lists, proprietary technology, pricing information, and marketing plans are critical business assets that can be compromised if not handled properly.
A prime area of exposure is departing employees who choose to work for a competitor. Risk also exists when confidential information is disclosed in order to negotiate a business deal, but the negotiation falls apart.
Here are 10 suggestions to help protect confidential information:
1. Proper labelling. Under applicable laws, if a company does not take sufficient steps to treat its own confidential information as confidential, legal protection may be lost. Labelling confidential information also serves as a practical disincentive for someone to abuse confidential information. Labelling can appear on electronic and hard copy documents. A label could be: " Confidential information and property of ABC Corp. No part of these materials may be copied, used or disclosed except with written permission of ABC Corp. "
2. Insert non-disclosure provisions in employment agreements. It is a best practice that employees who have access to confidential information sign an employment contract which contains non-disclosure provisions. If a company has confidential information which is particularly sensitive, it should be clearly identified in the contract. The employee should be obligated to return confidential information when employment terminates. Although it can be very difficult to enforce non-competition provisions in an employment contract, confidentiality provisions are generally legally enforceable. Although the law imposes certain obligations of confidentiality on employees, confidentiality provisions in an employment contract make it abundantly clear that the employer is serious about confidentiality, and therefore help prevent problems from a legal and practical perspective.
3. Check out other agreements for confidentiality provisions. As a matter of day-to-day business, companies enter into contracts with service providers including consultants and suppliers of IT services (such as hosting and software implementation). Many standard form contracts which are prepared by service providers do not contain any confidentiality provisions in favour of the customer (or contain very "weak" provisions). In these circumstances, it is best to sign a separate confidentiality or non-disclosure agreement (commonly known as an "NDA") with the service provider, or "beef up" the confidentiality provisions in the service provider's contract.
4. Limit access. A company with confidential information should be careful to limit access to confidential information to only those employees who have a "need to know". By doing so, the company strengthens its legal position and also helps establish a practical "roadblock". Hard copies of documents should be kept locked, and electronic copies should be password protected. Computer access should be monitored. The monitoring of "suspicious activity" may help in a legal claim against a departing employee should the need arise.
5. Add a confidentiality policy to the employee handbook. A company's employee handbook should contain a confidentiality policy that spells out procedures for dealing with confidential information. For example, the policy should require that documents that are to be destroyed be shredded (instead of simply being put in the garbage or recycling bin). Of course, the written policy must be consistent with the confidentiality provisions in employment agreements and other legal obligations.
6. Exit interview for departing employees. During an exit interview, the employee should be reminded to return all confidential information which is in tangible form, and should be reminded of his or her future obligations regarding improper use and disclosure of confidential information to future employers and other third parties.
7. Consider notifying the new employer. If a company is particularly concerned about a departing employee working with a new employer who is a competitor, a letter may be sent to the new employer that outlines the former employee's legal obligations regarding confidential information of the former employer. The letter can often have a "legal chill effect" on any competitor who wishes to actively or implicitly induce a new employee to disclose confidential information of a former employer.
8. Review carefully NDAs from third parties. Companies are often presented with "standard form" NDAs from third parties. After a while, they can all look the same but sometimes there are important differences. For example, an NDA may require that in order for information to qualify as confidential information, it must be identified as such in writing at the time of disclosure, and if the disclosure is made orally, the confidential nature of the information must be confirmed in writing within a certain period of time after disclosure. This obligation may be quite onerous for a company that discloses confidential information, and therefore it can easily overlook the requirements of the NDA. The best approach for a company which is disclosing confidential information is that the NDA provides that all non-public information that is disclosed is confidential regardless of whether it is marked confidential and regardless of the form in which it is disclosed.
9. Watch out for the term. NDAs often contain a time period after which the confidential information is no longer subject to the restrictions in the agreement. The time period may be too short or inappropriate and a company should consider this point carefully when it signs an NDA. It may be more appropriate to make obligations regarding confidential information perpetual (if permissible under applicable laws).
10. Keep watch over your visitors. Where appropriate, visitors to a workplace should sign a confidentiality undertaking upon arrival. In addition, they should be escorted at all times and should be kept away from areas where they may be exposed to confidential information (unless they have a "need to know").
Ralph Kroman is an experienced business lawyer at WeirFoulds LLP, with an emphasis on contract negotiations, intellectual property, information technology and commercial transactions.