This is a PowerPoint I have created after watching a Lynda that pertained to Human Resources: Protecting Confidentiality. I have pulled the information that is most valuable to me from this Lynda.
3. “When we talk about confidential information, it’s information that’s been provided to
somebody in confidence, trusting that it will not be used or shared for reasons outside of
the need to support a particular transaction unless it has permission to do so.”
5. What is confidentiality?
● Confidentiality originates from the word confident, which implies trust.
● Types of information that must be protected: health care information, social security
numbers, financial information, trade secrets, business strategies and more.
● Maintaining the broad range of confidential information at your company will be a
never-ending challenge for leadership, management, employees and customers alike.
6. Protect customers and clients
● Types of information YOU give out: financial information, credit information, health
information, location information, websites visited, items purchased, sports teams,
dating preferences and more.
● Your consent and the company’s ability to use your confidential information is
outlined in some privacy or user agreement that you sign on a contract on their
website or otherwise.
● It’s the responsibility of you and your company to do everything possible to protect
the confidential information of your customers and clients.
7. Protect employees
● Employees are required to provide their employers with a wide range of information.
○ Hiring process: employment history, criminal background, credit scores, the ability to be fit for duty,
immigration status, prior salary information and even more.
● Companies should make sure employee information is distributed on a need-to-know
basis only.
● As for protecting confidential customer information, you and your company must do
a good job of protecting confidential employee information.
8. Workplace Privacy
● The workplace has become a privacy battleground.
● Three places where privacy rights show up:
○ Workplace
○ Employee monitoring
○ Drug and Alcohol testing
● The idea of what remains private is constantly shifting and challenged with new
technologies, a general transparency and archaic laws.
9. Protect management information
● Failing to protect confidential management information can result in broken delas, unwanted press, judgement of criticism,
failed investigations and outright sabotage.
● The biggest challenge is identifying and stopping those willing to share or leak confidential information for their personal gain.
● While confidential information may be leaked to boost share prices and make its participants rich in the process, it also gets the
securities and exchange commission and other regulatory agencies excited as it violates insider trading laws.
● As with the other types of confidential protection, information should be limited on a need to know basis, rules must be
established to control dissemination of information, the people must be trained on those rules and the leaks need to be plugged.
10. Legal confidentiality
● There are three types of confidentiality rules the relate to attorney-client - (1)
Attorney-client communication privilege (2) General ethical duty of confidentiality
(3) Work-product doctrine.
● Both the conversation and the report remain confidential unless the lawyer decides to
introduce some or all of it into evidence to show they (attorney and client) have a
good faith defense to any claims that have been brought.
12. Nondisclosure agreements
● A nondisclosure agreement (NDA) is an agreement between two parties that wish to share confidential
information and make sure it’s not disclosed to third parties.
● NDAs are often used by deal makers, taking a, hey, you show me yours and I’ll show you mine approach to
sharing information.
● An NDA can be a bilateral agreement or a one-way disclosure.
● Nondisclosure agreements and other confidentiality provisions may define obligations and legal remedies, but
that is no guarantee somebody is gonna abide by them.
13. Noncompetition agreements
● Some employee noncompete agreements include specifically identified competitors, agreed-upon damages the employee will
pay if they breach the agreement, and the ability of the company to obtain injunctive relief.
● The courts will consider these six factors in determining whether to enforce a noncompete agreement:
○ Does the employer have a legitimate interest in restricting this employee’s competitive activity? What exactly is a
competitive activity or information being protected?
○ Is the restriction reasonable given the circumstances?
○ Is the restriction reasonably limited in time and geography?
○ Will enforcing restriction harm the public interest? Will any aspect of public policy be affected if the agreement is
enforced?
○ Was there reasonable consideration given in return for the agreement being signed?
○ When will the noncompetition restriction be triggered?
● Before using an employee noncompete agreement, consult with an attorney to understand the laws in your state.
14. Trade secret protections
● To determine whether a piece of information is a trade secret, the Restatement of
Torts, will generally examine these fix factors:
○ The extent to which the information is known outside the business
○ The extent to which its known by employees and others involved in the business
○ The extent of measures taken by the business to guard the secrecy of the information
○ The value of the information to the business and its competitors
○ The effort or money expended by the business in developing the information
○ The ease or difficulty with which the information could be properly acquired or duplicated by others
● Every company should make efforts to define and protect confidential trade secrets
through written agreements and legal action when needed.
15. Social media policies
● Numerous states have passed a law that restricts employers from requiring employees to disclose social media passwords; thus
keeping employers our of employee personal business.
● Employers do have the right to limit what employees can say about confidential company information on social media.
● A typical social media policy will say that employees are required to maintain the confidentiality of company trade secrets and
private or confidential information
○ Trade secrets may include: information regarding development of systems, processes, products, know-how, and
technology.
● Do not post internal reports, policies, procedures, or other internal business-related confidential communications.
16. Cybersecurity
● Cybersecurity is designed to protect confidential information from cyberattacks like malware, denial-of-service attacks, viruses,
and hacks on a company’s website and computer networks.
● To prevent cybersecurity attacks, employers should consider taking these eight steps:
○ Adopt a cybersecurity culture
○ Restrict access to sensitive data, devices, or software where possible and create a password policy for all employees to
follow
○ Stay on top of emerging cybersecurity threats with both technology solutions, and ongoing training
○ Automatically update all applications, programs, and networks with the latest security upgrades
○ Inform your employees about spear phishing attempts sent through social media and email
○ Backup data to a secure location
○ Have independent experts assess and test your systems to find their vulnerabilities
○ Have a plan to react when attacks and breaches occur
● Your company should have robust IT systems, well-crafted policies and procedures, and appropriate employee training.
17. Document management
● Documents that contain confidential information can include paper, electronic storage such as metadata,
system data, information held on computers, smartphones and other storage devices.
○ Emails records, texts, videos, and pictures are also considered documents.
● There are three aspects of document management including storage, retention limits and destruction.
○ There should be policies that define where to store confidential documents, who can have access to
them and what password protection is required.
● Make sure documents, even when they’re stored, can only be accessed on a need-to-know basis.