For every enterprise, confidential information matters. Company secrets deliver competitive advantage and attract business partners.
But what constitutes confidential information? How can you identify it? How can you manage and protect it? What should you do when there is a breach?
In general, confidential information itself is not part of intellectual property rights. Still, depending on the nature of the object in which confidential information is embodied, it may be an IP object (for instance, trade secrets, patents, etc.).
But other types of confidential information are a little fuzzier. Business processes and models, unique market insights – all of these are strategically valuable but are not necessarily part of your intellectual property rights.
What’s more, some confidential information might not even be your own. The fact is, if you have close business partners, you will probably be exposed to their secrets too.
At GTC, we know this from experience. As a consultancy, we work with clients that range from giant multinational firms to small boutique-like companies. On occasion, they share their confidential information with us. This is the inevitable by-product of being a trusted business partner and showing a commitment to discretion and secrecy.
With the benefit of this experience, we feel well-placed to share our insights. So read on to find out how to assess, protect and manage your confidential information.
1. Decide what is confidential information
The first step to protecting confidential information is to determine what it is. Sometimes this is easy – your business partner will explicitly tell you so. On other occasions, applicable law will tell you so (for instance, trade secrets).
But elsewhere, there will be no explicit guidance. Take, for example, drawings, specifications, datasheets, business models and processes, sales and technical information, diagrams, etc. None of these will display a ‘confidential’ stamp.
Moreover, sometimes confidential information won’t even be written down. It will be spoken.
So, we advise creating a list. Pool together your knowledge and decide what is confidential information at your company. And err on the side of caution. If you are not sure about a particular point, include it anyway.
2. Keep it confidential
Now you have collated your list of sensitive information, your next step is to protect it. You have a few options:
● Use technical measures. This might include secure sharing of files, password-protected access etc.
● Limit departmental exposure to sensitive information. It should be based on need. So make ‘no access’ the default – there’s no need for marketing staff to access R&D’s confidential information.
● Deploy legal measures. Make sure there’s a signed non-disclosure agreement before anyone sees confidential information. Have a company policy on how to protect it, including a non-comprehensive list of measures and principles to follow. Presented this in an understandable way. Consider team training sessions and generally encourage team members to make their own informed assessments.
If your company adopts the confidentiality policy, such policy should be presented in an understandable way to your team (i.e., having an internal training session for the whole team).
Needless to say, the above measures should apply to your business partners’ confidential information and your own. Some partners may demand additional protective measures. Make a note of them and apply the same degree of care that you use to protect your own confidential information.
3. Assess how long it takes to protect confidential information
It goes without saying that your team should keep confidential information secret for the period indicated in the applicable law or an agreed business contract. But sometimes, there comes a point at which it no longer needs protecting. Maybe this is because the owner agrees to it, the information goes public (without any confidentiality breach), or the legal protection expires.
From GTC’s experience, most common confidentiality periods vary from three to five years (if there are no more extended periods under the applicable law). But again, be safe. If you have no idea whether the information is still confidential, assume it is.
4. Know how and when to disclose confidential information
The true test of your company policies will come when someone is asked to share confidential information. So how should you handle this?
First, assume the information is strictly prohibited. If it is required to fulfill a duty, only access it with approval from a manager. When there is legal protection, refer to the following guidelines:
● The relevant agreement (non-disclosure agreement, service provision agreement) between you and your business partner
● The applicable law: confidential information may be disclosed if a court or governmental or administrative institution requires such disclosure and/or the disclosure is mandatory under the applicable law.
Make sure to note the scope of what is being shared. This will ensure that team members only disclose necessary confidential information.
5. Handle breaches quickly – and minimise the fall out
‘Spes optima para pessimus inopinatum expectes’
This Latin phrase translates as: ‘hope for the best, prepare for the worst and expect the unexpected’. It’s a good description of what should be your company mindset. Why? Because confidentiality will sometimes be breached. Whether accidental or intentional, a breach can result in negative consequences for you and your business partner.
For this reason, you should establish ground rules for dealing with (reputation-damaging and potentially expensive) exposure. There should be agreed measures for minimising consequences.
When team members suspect or assume a confidentiality breach, they should inform their direct manager immediately (the reaction time to a confidentiality breach is crucial) and agree on steps to reduce the impact and the risks of further incidents.
But, to repeat, the best protection is pre-emptive. In other words, make sure team members follow procedures that avoid exposure to sensitive information.
Conclusion: protection of confidential information is a necessity!
Being trusted by your partners is great for business. At GTC, we know this well. So keep confidential information secure and protected at all times. Yes, this will require effort and dedication. But it is achievable, and it is certainly worth it.
The information provided does not, and is not intended to, constitute legal advice; instead, all information is for general informational purposes only. Information may not include the most up-to-date legal or other information.
Global Telco Consult (GTC) is a trusted independent business messaging consultancy with deep domain knowledge in application-to-person (A2P) services. GTC provides tailor-made messaging strategies to enterprises, messaging service providers, operators and voice carriers. We have expertise in multiple messaging channels such as RCS, Viber, WhatsApp, Telegram and SMS for the wholesale and retail industry.
GTC supports its customers from market strategy through service launch, running the operations and supporting sales and procurement. The company started in 2016 with a mission to guide operators and telcos to embrace new and exciting opportunities and make the most out of business messaging. For more information or industry insights, browse through our blog page or follow us on LinkedIn.