How Confidential is Your Information?
As I recently sat in the airport waiting for my flight, I became fascinated by watching and listening to people on their phones. What astonished me the most was how much “confidential” business information really was not confidential.
During a 30 minute wait, I sat near a gentleman who proudly wore his employer’s logo on his golf shirt and jacket. He also loudly explained, while on his phone, that this same company’s anticipated product now had at least a two-year waiting period for FDA approval. He declared a number of strategies in terms of how the company should proceed with sales and marketing to explain this delay should it “become public.” And, of course, he stressed to the person on the other end of the phone that “all of this is highly confidential.”
Two-year wait period? FDA approval? Sales and marketing strategies? Highly confidential? Hardly! In less than 10 minutes, I knew:
- the company name
- the company’s anticipated product
- the wait period for FDA approval and
- sales and marketing strategies to handle this delay
I imagine his employer would be less than thrilled that someone could learn so much and never sign a confidentiality/non-disclosure agreement.
Unfortunately, the discussion that I overheard that day in the airport is not that uncommon. Business is regularly done with employees either talking on their telephones or sending emails in public places that are not secured and away from the public eye (and ear). Think about the person who enters the elevator while on the phone and how much information is discussed during your short ride. Albeit annoying, a person can learn quite a bit in a relatively quick period of time.
So, what can an employer do to protect its confidential business information?
First, a company may want to require its employees, independent contractors and agents to sign a confidentiality/non-disclosure agreement which prohibits the individual from sharing the company’s confidential business information. This agreement should clearly identify categories of confidential business information, such as pricing, marketing strategies, product and/or service issues not generally known to the public and customer’s buying practices. The agreement should be broad enough to protect a wide variety of information and clearly explain the consequences for a breach of the agreement.
Second, it is important for employers to have its employees understand what exactly is considered to be “confidential” business information and how employees should protect the information. This should be done through regular training. Employers should consider conducting annual training to review the categories of their confidential business information and expectations of the employees. The training should include examples in which the confidential business information could be inadvertently disclosed (such as talking on the cell phone in an airport) and steps employees should take to protect the information (such as moving to private area or room).
Third, employers should consider taking the time to mark its confidential business information “confidential.” Often times, documents are created and circulated electronically and there is no indication that the information is actually “confidential.” Including the simple words, “Confidential Information” (or words to that effect) as part of the subject line reminds employees that this information should be handled with care and avoid its disclosure through means such as an unsecured Internet connection or public telephone conversation.