Nowadays, we are pretty much aware of the confidentiality required in business transactions. Be it in sectors of trading, consultancy, construction, and many others. But are we also aware of the importance of confidentiality within our own company? We hope that this article might help you to have more insight on why confidentiality is a very important and beneficial things to have internally.
We deal with private information that might be considered important and private in our ways of doing business. Strict data protection rules are acknowledged globally and commonly known as the GDPR – General Data Protection Regulation. In Indonesia, the protection of confidential information also acknowledges this EU Parliament’s issued regulation.
A key element of confidentiality is that it helps us to build trust, between the employees and employers and between coworkers. Failure to protect and secure confidential information may lead to, not only loss of leads for business and clients, but also might be dangerous if such confidential information is being misused to commit illegal activities that might damage the company and the business. Strict confidentiality has a huge role in performing business activities and it is not rare to see not many companies willing to perform these types of precaution. Simply saying, they are afraid that the intended workers might bail even before starting their day in the company. Though, confidentiality in the company is a number one priority, some might fail implementing it during their business practices.
Type of Information
The categories for Information to be protected by each business might be different in accordance to the activities performed by the company. However, the categories can commonly be broken down to : employee information, management information and business information.
- Employee Information
The personal information of a person is considered confidential in most of the countries, and it is very imperative for the company to also protect this kind of information for the sake of employees’ safety (i.e., the identity number, social security number, home address, phone number, and many others information that is considered confidential and private).
2. Management Information
Confidential information regarding the management including the discussions about employee related issues, disciplinary actions, workplace investigations of any of the employees’ misconduct and many others internally related activities that might happen in a company that is related to the ongoing business or cultures of the workplace. Though, “illegal” is not how we would call it if it gets breached, the employees must respect that within the activities of companies, some management information are best to be kept confidential to avoid further misunderstandings or illegal actions.
3. Business Information
This information is very common and very protected. Not that the other two are less important, but this type of information is the golden thread of the company and very imperative to be kept confidential. Most people would recognize this as “trade secrets”. This refers to information that’s not generally known to the public and would not ordinarily be available to competitors except via illegal or improper means. “Trade secrets” does not include information that a company voluntarily gives to potential customers, posts on its website, or otherwise freely provides to others outside of the company.
Prevention of Breach
Ensuring that private and confidential business information to not be misused or utilized for something illegal, a company must first determine which of their aspects are considered as private and confidential information. Upon determining the aspects, company can follow these few simple steps to protect the confidentiality within their business :
- Provide agreement that covers the aspects of confidentiality and the consequences upon breach. Non-Disclosure Agreement may usually be used in business transactions but sometimes missed out by the business owners to provide internally.
- Confidentiality Agreement/Clauses may be added in the Employment Agreement. This is to ensure that the employees confirm to legally agree to keep confidential information private and to ensure they understand that it is essential to protect the confidential data.
- Provide procedures and know-how in the Confidentiality Agreement/Clauses to ensure the employees understand what actions to take once they are working with confidential information and private data of the company or any of the business-related activities of the company.
- Provide basic steps of not leaving confidential information unintended in the workplace, this type of general procedures may also be included in the company regulation or code of conduct of the company.
- Provide separate storages for confidential documents and purposely pick the most related departments to handle such documents. Electronic copies of the confidential information shall not be easily obtained by all employees; just those with means and needs.
- Be very specific on the consequences of confidentiality breach. Some of the most common precaution is to show that breach confidential information may lead to employee termination even to the stage where employees be induced of a penalty/fine.
- Ensure the employees are aware of the consequences and risk to recover confidential information and private data after the breach. They are entitled to know that such extreme measures and actions might be taken once a breach has happened within the company’s business activities.
- Data breach is not something to take lightly, therefore necessary legal actions are required to be taken once a confidentiality breach is found within the company.
- Always update the confidentiality breach prevention steps in some periodical terms. This would help new employees joining the company become aware of the data protection rules and regulations. A training will be very helpful because often, a simple written confidentiality policy might not be enough and might be ignored or forgotten.
- Last but not least, is to enforce the policy of confidentiality protection inside the company.
Though considered confidential by the company, some information might not fall into the private categories, those are :
- Public information or public knowledge, generally known by the public and acquired publicly
- Information already produced independently prior to the confidentiality agreement/clauses binding between the company and the employees
- Information or data required to be disclosed by law or any legally binding order of any court, tribunal or administrative or judicial body as regulated in the governed law
Baca Juga : Cara Mengelola HAKI untuk Bisnis Kreatif
If you ever think to start enforcing this type of actions for your company, we can provide the most suitable assistance in making the first step toward confidential information and private data protection. Inform us of your inquiry and we can guide you towards the best legal steps and actions to take.