Developing the all-important confidentiality policy
published on January 10, 2003
A technology company's lifeblood depends on the secrecy of its intellectual property. Most companies safeguard sensitive trade secrets with confidentiality agreements— but many of these agreements aren't as comprehensive as they need to be.
Confidentiality is more than a contract, according to experts on employer agreements. It's a process that starts with the creation of a confidentiality program— a program that should touch hiring and employee retention strategies as well as the way the company handles confidential documents. A confidentiality program should also include a regular review of confidentiality agreements.
To help members put a solid confidentiality program in place, TechRepublic offers two sample confidentiality policies for download— one from the Project Management Institute and another from Sean Gallagher, attorney with the Washington, DC-based firm of Hogan & Hartson.
A starting point
These policies provide a good starting point from which to examine an existing confidentiality agreement or institute a new one. However, experts advise using template forms with caution. Blindly following a template is not without its dangers.
"The biggest pitfall I see," said Gallagher from his office in Denver, "is using an old boilerplate contract or agreement you get from somebody else."
A lawyer or someone intimately familiar with intellectual property should review any policy to make certain that it fits a company's specific situation. When reviewing the contract, here are some issues to take into consideration:
- Specificity about who owns the intellectual property.
- A description of which intellectual property is considered confidential— the more specific the description, the more enforceable the agreement.
- A description of what happens to the agreement at the end of the employee relationship— corporations want it to remain in force.
- A provision for successorship in the event that a company sells its assets to another company.
- An outline of specific remedies, such as the ability to obtain an injunction or pursue litigation for damages in the case of a breached contract.
Emphasize confidentiality in the employment process
As part of the confidentiality program, CIOs should direct managers to stress confidentiality in the hiring process.
There's always a danger that a new employee will bring trade secrets with them from their previous employer, which could potentially undermine the integrity of the new employer's intellectual property. Asking potential hires if they understood the confidentiality agreements they previously signed can alert employers to potential issues.
On the flip side, any time an employee leaves a company, the employer runs the risk that sensitive information could be leaked to the competition, so strong employee retention programs go hand in hand with creating a culture where confidentiality is respected.
Create a procedure for handling documents
How a company treats its own confidential information goes a long way in creating a climate that supports or undermines confidentiality. For instance, if sensitive network security plans and diagrams are carelessly left in copy machines or printers, how secure can the information be?
To keep employees accountable, CIOs might even want to go as far as to number the copies of confidential documents and then assign a number to each line manager.
"If a copy shows up on a copy machine, you can identify who owns number 16 and track it back to the source of whom it is that is disregarding the confidentiality policy," explained William Scarborough, general counsel at the Project Management Institute.
In dealing with electronic documents, managers might also consider making them read-only PDF files. Without the ability to copy, paste, or save information in documents, it makes it harder to distribute and leak information.
All of these ideas can go a long way toward making sure that classified information stays in the right hands and out of the wrong ones. But it takes a thoughtful leadership to execute them.
"A confidentiality policy can't be a policy that's just stuck up on a wall," said Scarborough. "You have to live it."