We designed our company confidentiality policy to explain how we expect our employees to treat confidential information. Employees will unavoidably receive and manage personal and private information about clients, partners and our company. We want to make sure that this information is well-protected.
We must protect this information for two reasons. It may:
- Be legally binding (e.g. sensitive customer data.)
- Constitute the backbone of our business, giving us a competitive advantage (e.g. business processes.)
Scope
This policy affects all employees, including board members, investors, contractors, and volunteers, who may have access to confidential information.
Policy elements
Confidential and proprietary information is secret, valuable, expensive, and/or easily replicated. Common examples of confidential information are:
- Unpublished financial information
- Data of Customers/Partners/Vendors
- Patents, formulas, or new technologies
- Customer lists (existing and prospective)
- Data entrusted to our company by external parties
- Pricing/marketing and other undisclosed strategies
- Documents and processes explicitly marked as confidential
- Unpublished goals, forecasts and initiatives marked as confidential
Employees may have various levels of authorized access to confidential information.
What employees should do:
- Lock or secure confidential information at all times
- Shred confidential documents when they are no longer needed
- Make sure they only view confidential information on secure devices
- Only disclose information to other employees when it’s necessary and authorized
- Keep confidential documents inside our company’s premises unless it is necessary to move them
What employees should not do:
- Use confidential information for any personal benefit or profit
- Disclose confidential information to anyone outside of our company
- Replicate confidential documents and files and store them on insecure devices
When employees stop working for our company, they are obliged to return any confidential files and cut them from their personal devices.
Confidentiality Measures
We will take measures to ensure that confidential information is well protected. We will:
- Store and lock paper documents
- Encrypt electronic information and safeguard databases
- Ask employees to sign non-compete and/or non-disclosure agreements (NDAs)
- Ask for authorization by senior management to allow employees to access certain confidential information
Exceptions
Confidential information may occasionally have to be shown for legitimate reasons. Examples are:
- If a regulatory body requests, it as part of an investigation or audit
- If our company examines a venture or partnership that requires showing some information (within legal boundaries)
In such cases, employees involved should document their disclosure procedure and collect all needed authorizations. We are bound to avoid showing more information than needed.
Disciplinary Consequences
Employees who do not respect our confidentiality policy will face disciplinary and legal action.
We will investigate every breach of this policy. We will end any employee who willfully or regularly breaches our confidentiality guidelines for personal profit. We may also have to punish any unintentional breach of this policy depending on its frequency and seriousness. We will end employees who repeatedly disregard this policy, even when they do so unintentionally.
This policy is binding even after the separation of employment.