This policy outlines expected behavior of employees to keep confidential information about clients, partners, and our company secure.
This policy applies to all employees, board members, investors, and contractors, who may have access to confidential information. This policy must be made readily available to all whom it applies to.
The company's confidential information must be protected for two reasons:
It may be legally binding (i.e. sensitive customer data)
It may be fundamental to our business (i.e. business processes)
Common examples of confidential information in our company includes, but is not limited to:
Unpublished financial information
Customer/partner/vendor/external party data
Patents, formulas, new technologies, and other intellectual property
Existing and prospective customer lists
Undisclosed business strategies including pricing & marketing
Materials & processes explicitly marked as “confidential”
Employees will have varying levels of authorized access to confidential information.
Employee procedure for handling confidential information
Lock and secure confidential information at all times
Safely dispose (i.e. shred) documents when no longer needed
View confidential information only on secure devices
Disclose information only when authorized and necessary
Do not use confidential information for personal gain, benefit, or profit
Do not disclose confidential information to anyone outside the company or to anyone within the company who does not have appropriate privileges
Do not store confidential information or replicates of confidential information in unsecured manners (i.e. on unsecured devices)
Do not remove confidential documents from company's premises unless absolutely necessary to move
The Hiring Manager should confirm the off-boarding procedure has been completed by final date of employment.
The company will take the following measures to ensure protection of confidential information:
Store and lock paper documents
Encrypt electronic information and implement appropriate technical measures to safeguard databases
Require employees to sign non-disclosure/non-compete agreements
Consult with senior management before granting employees access to certain confidential information
Under certain legitimate conditions, confidential information may need to be disclosed. Examples include:
If a regulatory agency requests information as part of an audit or investigation
If the company requires disclosing information (within legal bounds) as part of a venture or partnership
In such cases, employee must request and receive prior written authorization from their hiring manager before disclosing confidential information to any third parties.
Employees who violate the confidentiality policy will face disciplinary and possible legal action.
A suspected breach of this policy will trigger an investigation. Intentional violations will be met with termination and repeated unintentional violations may also face termination.
This policy is binding even after the termination of employment.