What is Collegial Ethics?
J.P. Morgan Chase Bribery Breaches its CSR

Protecting Confidential Information in the Workplace

When to Use Nondisclosure and Non-Compete Agreements

Imagine you have “proprietary information or “trade secrets” that are not generally known to the public and would not ordinarily be available to competitors except via illegal or improper means. For example, trade secrets of manufacturing processes, business plans, computer programs, customer lists, and so on. To protect the confidentiality of such information, businesses should develop written confidentiality policies and procedures.

I have previously blogged about confidential employment information and the need to have a written confidentiality policy describing both the type of information considered confidential and the procedures employees must follow to protect confidential information, including a non-disclosure agreement for those employees who leave the company. All businesses should have their confidentiality policies reviewed to ensure compliance with state law.

Should you have current employees sign a “non-disclosure agreement? These agreements, also known as “proprietary information agreements,” are designed to protect confidential business information – i.e., trade secrets. They are vital to most businesses today considering the ease in which employees can now electronically transfer large amounts of information that can be damaging in the hands of a competitor.

Here are a few tips about how best to establish a confidentiality provision.

Use employment contracts with confidentiality clauses. These protect employers by having employees legally agree they will not compete with your business by joining a similar business (non-compete), solicit other employees (non-solicitation) or reveal sensitive information during or after employment.

It is considered a breach of contract when an employee discloses sensitive information after signing the employment agreement. If your business regularly hires independent contractors, such as consultants or web programmers, you would use a contractor agreement instead of an employment agreement. Beware that since contractors are not considered employees, they may retain the intellectual property (IP) rights to the material they create. Be sure to discuss who will retain these rights before doing business and specify ownership rights to avoid misunderstandings.

Develop confidentiality policies and training programs. These should be part of initial employee training to sensitize employees to their legal obligations and reporting requirements, including how to handle and dispose of sensitive material, information about confidentiality laws and legal repercussions of violating company privacy policies. These should be updated periodically.

Of critical importance is a social media policy to prevent employees from posting sensitive information that might harm employer interests and reputation. You should clearly indicate the ethical guidelines for social media usage, if and how employees can speak about company business online and the consequences of divulging information online. Clearly, you don’t want employees airing their grievances on Facebook, Twitter or any other social network.

Create a response plan and employee exit procedure. You need to devise a response or contingency plan in the event confidential information becomes revealed. The first step is to assemble a team to determine whether protected information has been disclosed and, if so, address how to assess the damage or risk. Include steps to secure the information or remedy the situation, such as removing the information from the source, locating copies of sensitive information, taking legal action, and carrying out the consequences of violations.

According to a global study by Symantec, half of employees who left or lost their jobs in 2013 kept confidential corporate data and 40 percent plan to use it in their new jobs. The results show that everyday employees’ attitudes and beliefs about IP theft are at odds with the clear majority of company policies. Employees not only think it is acceptable to take and use IP when they leave a company, but also believe their companies do not care. Only 47 percent say their organization acts when employees take sensitive information contrary to company policy and 68 percent say their organization does not take steps to ensure employees do not use confidential competitive information from third-parties.

The misuse of confidential employer information is on the rise in part due to the desire of some employees who feel mistreated for revenge and insensitivity to the damage that can be done to employer interests by divulging confidential information on social media. It is critical that companies develop policies to prevent such disclosure.

At the end of the day, organizations are failing to create an environment and culture that promotes employees’ responsibility and accountability to protect confidential information including IP. Why is this happening? In part, employment policies haven’t caught up with technology usage. However, in large part it is attributable to the entitlement society (and workplace) that has developed over several years whereby people think they have a right to all information that comes their way in the workplace.

Blog posted by Steven Mintz, aka Ethics Sage, on November 23, 2016. Dr. Mintz is Professor Emeritus from Cal Poly San Luis Obispo. He also blogs at www.ethicssage.com.