A lot of the information related to your job is privy to the company. And we need everyone on the same page about what information is public knowledge, what is not, and how to tell the difference. This policy goes over all that.
How [company name] does what it does is the secret to our success. So, we want to keep our company data and knowledge as private as possible. That way, our organization can continue to thrive.
This includes:
- Legally binding information (such as sensitive data)
- Any information that gives us our competitive edge
We require that all stakeholders sign and abide by our confidentiality agreement (or non-disclosure agreement). Basically, it says stakeholders cannot share information about our organization, its employees, or its customers without authorization.
We consider confidential information to be:
- Any unpublished information (financial or otherwise)
- Customer, partner, or vendor data
- New tech, patents, or formulas that have not been publicly announced
- Customer lists (lapsed, existing, and prospective included)
- Any data or information that someone outside our organization has trusted us with (like credit card information)
- Business strategies, company goals, or initiatives that have not been officially announced
- Anything explicitly marked confidential
If you are unsure whether we considered a specific bit of information confidential, please treat it as such until [a leadership team member] has confirmed otherwise.
If you have any questions about what is considered confidential, ask your manager.
How to Keep Confidential Info Safe
We expect all stakeholders to:
- Shred sensitive documents when discarding
- Use secure devices and services to transfer confidential information
- Password protect and encrypt all business documents on your devices
- Share protected information internally only when necessary
- Only share protected information with outside parties when authorized by [the leadership team]
Likewise, stakeholders are not allowed to:
- Use confidential information for their benefit
- Share information with unauthorized parties.
- Make copies of secure documents or files
- Store protected information on their personal devices
- Take hard copies of company documents from the office
Note: If your employment is terminated, you must return all confidential files to [company name]. As well as delete any company files you may have stored on your personal devices - even if they do not hold protected information.
When to Share Protected Information
The general rule is to not share protected information.
But there are a few exceptions. For example:
- If a government agency or public organization needs to know something for an audit or investigation
- If the confidential data will help secure a new partnership (within legal guidelines)
In these cases, employees sharing the information must:
- Get written authorization from [the leadership team] before sharing the information
- Have all parties to whom the information will be disclosed sign an NDA
- Document what information was shared and with whom
- Document the process by which they shared was disclosed
- Only share information that has been authorized and is absolutely necessary
Disciplinary Action
If you are found sharing confidential information with an unauthorized party, we will apply our [disciplinary action process] to resolve the issue.
Audience
This policy affects all employees, including contractors and volunteers, who may have access to confidential information.
