How to protect confidentiality is a concern for any business. Businesses commonly have confidential information of some kind. That information may be part of what makes the business successful. It might be the kind of information that gives the company its competitive edge.

Businesses also maintain sensitive information about staff and clients that needs to be kept confidential.

Each company must employ measures to keep this information confidential and make sure it is not handled inappropriately.

Types of Confidential Information

There are various kinds of confidential information:

  • Business strategies
  • Marketing techniques
  • Product information
  • Employee data of a personal or sensitive nature

Whatever confidential information your business has, if it is not handled correctly, the consequences could be extremely damaging both to the company's success and to its reputation.

Threats to Confidential Information

Breaches of confidentiality can come from both inside and outside of a business. Outside threats include:

Inside threats can come from:

  • Employees disclosing information either by accident or through outside business transactions
  • Former employees, particularly if they are disgruntled
  • Information disclosed as part of negotiations with an outside entity that eventually fall apart

Protecting Confidential Information

There are various ways you can keep your business confidential information safe.

  • Label confidential information. Documents that are confidential should be clearly marked as such. Without this labeling, not only do you risk the information becoming public, but you may find it harder to prosecute the discloser should you take legal action.
  • Train staff to know what is confidential and what is not. If you are going to grant staff members access to confidential information, you must first train them to know the difference between confidential and non-confidential information. Without this key knowledge, they are more likely to make confidential information public out of ignorance.
  • Put in place rules and procedures. Your staff need to know how to handle and administer confidential information. Make sure you have appropriate rules and procedures in place, and train your staff on them. The precise nature of these rules and procedures will vary depending on the business and the type of confidential information you maintain. Some examples might be:
    • Which job functions come with confidential information clearance
    • What security procedures you have in place
    • Who is able to release confidential information
    • The reasons and circumstances under which confidential information may be released
    • IT systems and software
  • Update your employee handbook. Be sure your employee handbook has a section outlining confidentiality rules and procedures.
  • Sign a non-disclosure agreement. If a job position requires handling confidential information, applicants should be notified of this fact. The employment contract should also indicate that the employee will need to handle sensitive information. While federal law can provide some protection for that information, you are strongly advised to have employees also sign a confidentiality or non-disclosure agreement. If nothing else, this underscores to the employee how seriously you take maintaining confidentiality.
  • Regulate online conduct. Confidentiality extends beyond how to handle sensitive information. It also includes employee conduct, particularly with regard to the use of social media. Make sure you have a policy in place that regulates which social media employees may visit during work hours and how they should handle company information on social media at all times.
  • Have a digital device policy. Make sure your policies include rules for the use of digital devices, both company-owned and personal.
  • Extend your non-disclosure agreement. Depending on the position, you might want to include a clause in your employment agreement that extends the non-disclosure agreement beyond their time with the company. This might be hard to enforce if challenged, but such requirements again demonstrate that you take seriously the need to protect confidential information.
  • Return confidential information. When an employee leaves your company, remind them during the exit interview to return any physical confidential information in their possession. Also remind the out-going employee of any non-disclosure agreements he or she might have signed.
  • Escort visitors. At minimum, any visitors to your workplace should be escorted and supervised by a member of staff. If necessary, have visitors sign a confidentiality agreement to cover you in the event they see or hear confidential information.

If you need help with how to protect confidentiality, you can post your legal need on UpCounsel's marketplace. UpCounsel accepts only the top 5 percent of lawyers to its site. Lawyers on UpCounsel come from law schools such as Harvard Law and Yale Law and average 14 years of legal experience, including work with or on behalf of companies like Google, Stripe, and Twilio.