Article by Catherine Flutsch, Director at Lex Conscientia
Almost every profitable business has confidential information that should be protected. Failure to protect the confidential information in your business can lead to problems both for your business and for those who interact with it.
As a general rule, information that should be protected by confidentiality obligations may include any information:
that you have spent time, effort or money developing, for example, specialised customer lists, details of suppliers, pricing data or marketing plans;
that consists of specialised operating procedures that you have developed slowly over the life of your business through trial and error, for example, the procedures by which you and your employees interact with customers or the type and combination of equipment you use;
that would damage your business if it was used by a competing business;
that would help a current employee to set up a competing business;
about your business that is not ordinarily available to competitors or the public; and
that would be difficult for a competitor to acquire or duplicate.
Protecting your confidential information
Protecting your confidential information means that you are trying to guard against its misuse by people who have access to it. Many small businesses are staffed by family members or trusted employees who have helped the business grow. Some business people are worried that their efforts to protect their confidential information will be taken as a statement of mistrust by loyal employees.
Communication with family members and trusted employees is key. Introducing business practices that are appropriate for the size of your business, including measures to protect confidential information, will support the future, trouble free growth of your business. This is in everybody's interest. Open and sensitive communication about the reasons why these new practices need to be introduced will help alleviate employees' fears. You can also emphasise your trust in your employees by getting them involved in the process of developing and introducing new business practices.
-Education and training
Once you have identified the information that you need to protect, you can create a confidentiality policy, which lists in an appendix, a description of your confidential information. You can then go through this with your employees.
Employees may have inadvertently given away confidential information because they had not realised its value to the business. By ensuring that all your employees are trained in your confidentiality policy and are clearly aware of their obligations, you can help them avoid inadvertent disclosure.
Being clear about what is and is not acceptable, will make it easier to recognise if an employee is intentionally breaching his or her confidentiality obligations.
-Access
For all businesses, deterrence is paramount. Making sure that only those who need it have access to your business' confidential information goes a long way to avoiding unauthorised disclosure. There are many ways to regulate access to confidential information. Some businesses will protect their soft copy with passwords and hard copy with a locked file room or filing cabinet. Others will designate an “office room” containing computers and files to which only those who need it will have access. You should carefully consider what ways are appropriate to your business.
You can test the accessibility of your confidential information by asking yourself whether the following people might be able to incidentially see documents on desks, computer screens or specialised equipment or hear telephone conversations by your staff:
a delivery person dropping off a package;
a person waiting at reception;
suppliers;
open day attendees;
customers;
casual workers;
work experience students or interns;
cleaning staff; or
employees during their probation period.
If any of these people can see or hear anything that is included in your list of confidential information, you may need to change their access or reorganise the way your premises is set up so that this information is not visible or audible.
-Confidentiality Agreements/Clauses
All of your employees should be subject to legal confidentiality obligations. You can do this by asking members of staff to sign a confidentiality agreement. This will impress on each staff member the seriousness of their obligation. Having confidentiality agreements (or clauses in an employment contract) in place will make it easier for you to deal with any breaches. Getting family members to sign first will make it much easier to then ask long term employees to sign. It can also be a red flag if a current employee refuses to sign.
Protecting your confidential information with some simple measures will help protect your business' competitive advantage, protect those you interact with and prepare your business for future, trouble free growth. At Lex Conscientia, we can talk you through the steps you need to take to organise your business in a way that protects your confidential information. We can also help you draft your confidentiality policy and help you work out the most appropriate way to communicate these new ways of working to your staff.
This article does not cover your legal obligations to protect certain confidential information, such as personal data, or legal options to protect your intellectual property. We have relationships with excellent local lawyers who we will recommend if you need legal advice.
For more information go to http://lexconscientia.co.uk
Article by Catherine Flutsch, Director at Lex Conscientia
***
