Most businesses have some confidential information and should be taking steps to ensure this data remains confidential and is not misused in any way. It might be customer information, personal/sensitive employee information, business strategies, marketing techniques or product information, but whatever it is, the potential damage from confidential data being misused or handed to the wrong person can be significant.
Here are five things you can do to protect confidential information in your business.
1. What information is confidential?
It might seem obvious, but a key step to protecting confidentiality is ensuring staff with access to confidential information understand what information is confidential and what isn’t. Employees may use or have access to lots of information in the course of their duties and unless they are clear what is or isn’t confidential, there is a risk of a breach.
2. Rules, processes and systems
You need clear processes in place for the handling and administration of confidential information and need to ensure staff are fully clear on what these are, and that they are used consistently. What these look like will vary and depend on the nature of the information and what it is used or kept for, but rules might include things like who has access to information, what security procedures are in place, under what circumstances confidential information can be released and with what authority.
You need to consider prevention techniques in terms of IT systems, software and security procedures. Are your systems as secure as they could be to do everything possible so that unauthorised release or loss of confidential information is not physically possible?
3. Training on the Data Protection Act
As well as internal restrictions, there are obviously legal requirements when it comes to confidential information, and those staff with access to this type of data need to understand what those legal requirements are, and how they affect their day to day work. For example there are different requirements when it comes to ‘personal’ data and ‘sensitive personal’ data, and employees need to understand the difference and how each type of information should be treated.
4. Clarity about expectations of behaviour and sanctions
As well as processes for administration of information, you need to be clear in a wider sense about what behaviours you expect from employees, and should also make clear what sanctions may be involved with confidentiality breaches.
Depending on the nature of the role and the business, a specific confidentiality clause in your contracts of employment may be sensible.
Policies on subjects such as social media, data protection, use of electronic devices (personal and business-owned) and a specific policy on confidentiality may assist in this area, and should refer to your disciplinary procedure and to the risk of disciplinary sanctions in the event of a breach. You may also want to consider including confidentiality breaches in examples of misconduct listed in your disciplinary policy.
5. Post termination protection
In some roles it remains important to protect confidentiality even after employees have left employment. You should consider whether this will be necessary when recruiting new staff and can put a clause in place requiring them to keep confidentiality post-employment and not misuse confidential information they have gained in the course of their employment with you. How enforceable this will be will depend on a variety of factors, but there is at the very least value in trying to drive the right behaviour and ‘setting out your stall’ in terms of how seriously you take this issue.
If you would like more guidance about how you can protect confidential information in your business, do get in touch.