Protecting confidential information has been a hot topic in the media lately

Examples of data leaks are causing people to have serious concerns over how their personal information or business information is handled.

Sunderland AFC is a good recent example. The high court ruled that the club could dismiss one of its directors without notice for gross misconduct because he had leaked confidential information about the club. Mr Farnan, who had been the marketing director, even tried to make a claim for wrongful dismissal, which the High Court rejected. SAFC had discovered his misconduct by looking through his emails where they found he had disclosed information to third parties. This was a breach of the agreement Mr Farnan had entered into when he started working at the club.

So what can we learn from this? Here are my top 10 tips for confidential information:

  1. Labels – is it clear what documents are confidential and what ones are not? It sounds so simple but really, do you label things? Make it clear in the titles of documents, folders or entire drives and if it is a word of mouth conversation, make sure you clearly state that it is confidential information that should not be repeated.
  2. Use passwords and encrypted files – If you are worried about accidental disclosure, use a good password and make sure only authorised employees know it! Or, you could make an entire drive confidential with only authorised employees having access to it.
  3. Confidential or just a trade secret? – It is important to know the difference between these two things because confidential information can be free to use after an employee’s employment has ended, unless expressly agreed otherwise in any contractual provisions. Trade secrets on the other hand (although not very common) are protected during and after employment and this doesn’t need to be expressed in any contractual provisions.
  4. Restrictive covenants – Having a restrictive covenant in your employment contracts is the most effective way to protect your business against the theft of confidential data by employees. These need to be updated and reviewed regularly as the business grows and as an employee’s job role evolves. You can download a few tips about restrictive covenants here.
  5. Confidentiality provisions – These can be included in contracts of employment or written in a confidentiality agreement. Either way, the wording needs to be clear and concise with specific reference to the needs of the business. If it is within a contract of employment, make sure it focuses on the needs of that employee’s job role.
  6. Don’t forget the apps – Do your employees use Google docs, dropbox or other cloud-based apps to save work related documents? Make sure you have a policy in place that clearly outlines when it is appropriate to save work related documents or when it isn’t and a procedure around backing up work to laptops or cloud-based backup accounts.
  7. Social media – The argument of who owns contacts made by an employee during their employment is an ongoing one and is still not very clear. It is especially tricky around social media platforms, as employees can use their personal accounts in a work capacity (e.g. Linkedin). The best way around this is to have lots of supporting policies that include rules on social media use within the workplace. This should be backed up by disciplinary policies so that it is crystal clear what is considered gross misconduct.
  8. Communicate – having lots of policies, backup policies and contractual provisions is all well and good but even then, is it clear how important they are? Have all your employees read it all and understand the implications? Do they understand how to handle confidential data? Have a good open conversation and make it clear who employees can turn to for advice or where they can go to find the processes in place for handling confidential data.
  9. Does it need to be electronic? – When you can, hand out confidential data in hardcopy format and ask for it back if it doesn’t need to be kept or sent outside the workplace. Signing and dating the document is an easy way to make sure that documents haven’t been duplicated.
  10. Training – Have a standard training session that goes through all of your policies, procedures and throw in some scenarios of when handling data is done correctly or done incorrectly. If any policies or procedures are updated, do another session. This way you know that all of your employees are in the know and kept up to date.
To find out what Reality HR could do to support your business with any of the above, give us a call on 01256 328 428 or click here to organise a call back at your convenience.