Many companies rely solely on non-compete and confidentiality agreements to protect themselves from getting stung by departing employees. But these steps do not address the ownership of your organization’s information.
Employment lawyers recommend that all firms both large and small—establish information security policies (ISPs). By formalizing who can access the data that flows into and out of your company, you can stake a legal claim to ensure your information doesn’t fall into the wrong hands.
The federal government recently announced regulations that require all health-care providers to develop and implement ISPs. These regulations will most likely serve as a template for other industries to draft similar policies.
Consider these points when creating your policy:
Think low-tech. Don’t assume that you’re safe just because you operate a business that doesn’t rely on dozens of fancy mainframes. You need to identify the extent to which all your information is valuable and sensitive.
Open your file cabinets. You may find production records, client lists and accounting or personnel material that could harm or embarrass your company or your employees. Storing this material under lock and key isn’t enough; you also need to specify in your ISP that these types of documents are confidential.
Specify ownership. Every ISP should clearly state that the company owns and controls the information in its possession and the hardware and software in which it resides. The policy needs to explicit forbid employees or contractors (current or past) from using the information for non-business activities and for removing or altering it without proper authorization.
Educate and enforce. The ISP should identify enforcement measures your company will take to protect its information and punish individuals who violate the policy. At the same time, it should emphasize the need to raise awareness among employees about the importance of safeguarding internal data. For example, you may want to assemble an “information security team” consisting of a cross-section of employees who help craft the policy and monitor its application.
Get signatures. Have all employees sign your ISP. Also require all vendors or contractors (from the cleaning crew to computer repair specialists) to sign the policy.
Like what you've read? ...Republish it and share great business tips!
Attention: Readers, Publishers, Editors, Bloggers, Media, Webmasters and more...
We believe great content should be read and passed around. After all, knowledge IS power. And good business can become great with the right information at their fingertips. If you'd like to share any of the insightful articles on BusinessManagementDaily.com, you may republish or syndicate it without charge.
The only thing we ask is that you keep the article exactly as it was written and formatted. You also need to include an attribution statement and link to the article.
" This information is proudly provided by Business Management Daily.com: http://www.businessmanagementdaily.com/8043/protect-your-companys-information "