Arizona Vice President of Membership Services
Mountain States Employers Council
As we near the beginning of a New Year, it’s smart to think about what new business resolution employers may want to make that would benefit their companies.If that has you scratching your head, here’s an idea: securing sensitive company information.
There are several aspects to address when thinking about this topic.
Business owners may want to become familiar with the Uniform Trade Secrets Act (UTSA), which is the legal framework used to protect industry trade secrets in the United States. The Act covers any formula, pattern, device or compilation of information that gives the owner an advantage over competitors who do not know it; such trade secrets also must “be the subject of efforts that are reasonable under the circumstances to maintain its secrecy.” In other words, your company’s sensitive information must be treated as secret.
In Arizona we generally don’t have a lot of laws in the area of information security. The law has been developed through a few court cases that have dealt with confidentiality, non-solicitation and non-compete clauses. The courts have allowed these clauses to be enforced if they are narrowly drafted and truly protect the legitimate business interests of the company. However, employers have to be careful because their company information may be leaked in another state where there are more restrictive laws on businesses. For instance, in California such contract clauses may be against the law. In addition, California has strict laws pertaining to security breaches of information. Broadly speaking, employers are required to inform customers when their computerized records or encrypted personal information has been accessed by an unauthorized person.
On the other hand, not everything may be labeled as confidential.
What’s a business owner to do? First, protect your sensitive company information as much as you can under the law. Don’t allow employees to take sensitive information with them when they leave your company; prevent them from disclosing information to their next employers.
You may want to establish a company policy focusing on information security and confidentiality. Here are some questions you might ask your team to address:
• How do your employees access information?
• Does everyone have access?
• Should your company require employees to sign separate agreements to keep information secure?
• What about limiting employees’ access to only the information they need to perform their jobs?
• Do you have a passwords management system that is secure?
• If company information is accessible electronically on mobile devices, how will you ensure security?
This last item is particularly critical, as many business owners don’t think about including personal mobile devices in their policies. What if the phone gets lost or the employee leaves the company? It’s important to think through the layers of access. If you are sued you have to prove you treated sensitive information as such; if the whole world had access to it, it isn’t confidential.
Part of preventing information leaks is training. Employees need to be aware that even leaving paperwork with sensitive information on a desktop is an opportunity for someone to access it. You may want to educate managers and employees on how to deal with confidential information in both paper and electronic forms.
Finally, think about gathering a team of experts from throughout your company to create a strong policy. To start, bring together your chief financial officer, company attorney, the persons in charge of your electronic sales system or research and development area, a Human Resources expert on HR data, plus the services of an outside security specialist. Remember, if you leave out a group that works with sensitive information, your policy might be deficient in that area.
The whole idea is to protect your competitive place in the market and the personal information of your customers and employees. You don’t want competitors to know what makes your company unique.