Keep it on the Down Low: Protecting Business Confidential Information from a Human Relations Perspective
Almost every business has some information that it wishes to keep confidential, and many businesses have information that the law requires them to keep confidential. In a world that seems to be filled with hackers, what these companies do to protect this confidential information is not only a legal concern, but is the stuff of a front page PR nightmare. While much attention is being paid to what a company’s information technology department is doing on cybersecurity, the human relations department has a role to play as well.
Each company needs to decide which employees should have access to confidential information. Once that is done, it is important that those employees are put on notice of the confidentiality of the information entrusted to them and that they have a legal obligation to maintain that confidentiality. This notification can be done through policies and procedures, but creating legal obligations might be better accomplished through actual confidentiality agreements. To have every employee in the company sign confidentiality agreements begs the question as to what is the confidential information being protected if every employee in the company apparently knows about it, which is why identifying the employees who have this information should be done at the outset. The agreements themselves should list with some specificity for each employee the type of confidential information to which they will have access and that they will have an obligation to protect. Building into the contract the ability to add an addendum in case the employee is promoted or put on new projects can protect the confidential information that the employee receives after signing the agreement. HR departments are often in the best position to take these steps since they already deal with company policies and procedures, and employee documentation such as notices and acknowledgments.
It is important that confidentiality agreements are not written so broadly as to include information that is publicly available or subject to the employees’ general knowledge. Confidentiality agreements with broad definitions of what is confidential create the risk that a court could find them to be non-compete agreements, which would in many states mean they are unenforceable. If you want to see a close call related to this issue, take a look at the Sixth Circuit’s decision in Orthofix, Inc. v. Eric W. Hunter, decided on November 17, 2015, where the Sixth Circuit, interpreting Texas law, saved a confidentiality agreement because it found the agreement was specific enough not to equate to a non-compete, which would have failed under the Texas non-compete statute.
The bottom line is, the HR department has a big role to play on keeping things on the down low, and no company should solely rely upon its IT department to save the day on confidentiality.