Confidential Information is so closely tied to intellectual property that it is included in a business assets class of “Intellectual Assets” that also includes the four forms of intellectual property, i.e. patents, copyrights, trademarks, and trade secrets.
In addition to trade secrets which are legally enforceable rights, there are a number of types of information that if available to competitors could weaken a company’s business position. To make sure a company can sustain its advantaged position in the market, it must, in addition to managing intellectual properties, also manage its confidential information. As shown in the “Confidential Information Classifications” figure, there are three major classifications of such information that provide a framework for this information’s management. By classifying a company’s information in this way it makes it clear which information is not intended for public viewing, and more importantly, makes it pretty much self-explanatory what special distribution restrictions are being placed on the information so labeled. More detailed actions to take for each classification now follow.
For information labeled as COMPANY CONFIDENTIAL employees should be responsible for: (1) labeling conspicuously with classification, (2) ensure all recipients are notified and reminded of confidentiality, (3) limit disclosures based on each recipients need to know, (4) require a signed NDA before disclosing to any company outsider, (5) safeguard work areas at the company and other facilities, (6) store to avoid casual observation, (7) dispose in a secure manner in based on retention schedules, (8) control access to computing resources using approved access control software, (9) secure electronic communications with passwords, (10) obtain management authorization before publicly disclosing information that may, with other publicly available information, reveal confidential information, (11) report any suspected improper disclosure or access, and any inadequate protection, (12) apply informed good judgment to ensure protection.
For information labeled as COMPANY CONFIDENTIAL PRIVATE employees should be responsible for: (1) all protections for company confidential information and in addition, (2) disclose only with the owner’s permission, (3) access only the specific information that is needed, (4) limit disclosure, distribution, and access to only those with a specific need to know, (5) encrypt all versions that are stored in a mobile device or transmitted electronically, (6) keep it a locked secure area, (7) send hard copies or electronic media with an outer envelope marked “to be opened by addressee only”.
For information label as COMPANY CONFIDENTIAL SPECIAL HANDLING employees should be responsible for: (1) all protections for company confidential information and in addition, (2) obtain authorization from originator or responsible manager before accessing, copying or further distributing, (3) limit disclosure, distribution, and access based on a substantial business need to know, and reveal only the specific information that is needed, (4) encrypt all electronically stored and transmitted versions, (5) originator should apply rights management or document control to record and track each copy’s distribution, use, and destruction, (6) keep it in a locked secured area, (7) send hard copies or electronic media with outer envelope marked “to be opened by addressee only”.