How To Ensure Your Company’s Confidential Data Is Kept Secure
Whilst the internet and other technological advances have brought many advantages and transformed how we have done business over the past few decades, they are not without their downsides. One is data breaches and the stealing of private information, and undoubtedly many a business owner has made frantic phone call to their commercial lawyer asking for legal assistance after realising they have been a victim of data theft.
This is undetectable because of the penalties for business owners who fail to ensure that any confidential information which they hold for clients, customers, business contacts, and indeed their employees can be severe. There is also the fact that around the world the rules and the laws relating to data protection are becoming increasingly stringent.
One example of that is the European Union whose General Data Protection Regulations (GDPR) which were implemented in 2018, meant that it was not just companies within the EU had to get their house order, but any company from around the world who wanted to trade within the EU market of almost 450 million people, had to meet those standards too.
Now, if you are a local business owner it might not seem too important to you what data protection laws are being introduced in the EU. However, you should be conscious of the fact that state and federal data protection laws and regulations pertaining to making confidential information secure do exist where your business operates. including The Privacy Act, and the Australian Privacy Principles (APPs).
You are not expected to know this verbatim, and we would always encourage you to seek advice from your commercial lawyer if you are concerned about what the laws and regulations entail for your business. However, although protecting data and confidential information is a legal requirement, its implementation is more often than not, a case of practical common sense and following good practices.
Where the rug often gets pulled out from a business owner is when despite believing that their data is secure, it is an employee who steals and subsequently shares confidential information that is held within the company. Often this is done for malicious reasons, for others, it will be for financial gain, and there may even be some who, for whatever reason, believed they were doing nothing wrong.
For a start, every business should have all of its employees sign a confidentiality clause as part of their contract of employment. This should apply to everyone from the CEO, to the office cleaner. This should clearly identify what types of information are covered by the clause, and it could be that the clause is altered slightly to take account of certain roles within the company.
The confidentiality clause needs to apply to an employee even after they the company, and it should also outline what the consequences will be should they breach the confidentiality clause, which will often be enough to convince them not to take the risk.
Other steps that you can take include:
- Multiple levels of security access to specific information
- Limiting access on a ‘need to know’ basis to sensitive information
- Limiting access from company terminals to only certain websites
- Train staff to spot potential security breaches
- Encrypt all emails
- Forbid the use of data transfer devices such as USB sticks
All of the above speak to prevention being better than the cure so your focus should be on ensuring a confidentiality breach does not occur, because dealing with it after it occurs, is often difficult, given that it can be extremely detrimental to your company.