An ounce of prevention is worth a pound of cure: protecting your confidential information

Confidential information is one of the most valuable corporate assets of business.  In the digital era, stealing information can be as simple as copying information onto a hard drive or forwarding an email to a personal email address.  This gives rise to a host of new challenges for employers, including how best to protect confidential information.  This article outlines practical and legal steps employers can take to protect their sensitive information proactively.

Breaches of confidentiality can be extremely costly for employers, leading to losses of competitive advantage, impacts upon customer relationships, and financial losses.  The best way to protect confidential information is to implement practical measures to prevent its misuse.

Include the following clauses in your employment agreements:

  • A confidentiality clause that outlines what information the employer considers confidential and employees’ obligations with respect to confidential information. The clause should also include an express prohibition on the use of confidential information after employment and require employees to use their best endeavours to prevent the misuse of confidential information;
  • An intellectual property clause that ensures the company retains possession and ownership of any intellectual property produced by employees during their employment;
  • A clear contractual right for the employer to place the employee on gardening leave. Gardening leave allows an employer to direct an employee to serve all or part of their notice period away from work.   Importantly, the worker remains an ‘employee’ during this time, which means they are subject to their continuing obligations to act in their employer’s best interests.  Gardening leave minimises the soon-to-be former employee’s access to confidential information;
  • A return of property clause that requires employees to return or destroy all company property and confidential information upon termination;
  • A clause that requires an employee to comply with the employer’s policies (such as an Internet and Email Use Policy), without incorporating these policies into the contract;
  • A general duties clause that imposes an obligation on the employee to act in the best interests of the company at all times and comply with all lawful and reasonable directions;
  • A well-drafted restraint of trade clause restraining a former employee from certain conduct, such as joining a competitor, as well as protecting against the misuse of confidential information for a specified period. This clause should be drafted carefully as a restraint will only be enforceable if they go no further than is reasonably necessary to protect the legitimate interests of the company.

Introduce company policies relating to access and use of sensitive company information.  This policy should allow the employer to monitor employee’s use of electronic devices, including their own devices.

Conduct regular audits.  If an employer does not know what confidential information exists in their business, they cannot adequately protect it.

Educate staff on their responsibilities about confidential information and consequences for misuse of this information.

Mark all documents containing confidential information “confidential”.

Restrict access to confidential information to a “need to know” basis.  The more valuable the confidential information, the more limited its disclosure should be.

Have procedures for dealing with departing employees concerning confidential information.  As part of these procedures, employers should:

  • Consider placing the employee on gardening leave, especially if they hold a senior role, have access to commercially sensitive information, and a high level of customer interaction;
  • Remind employees of their continuing obligations of confidentiality;
  • Monitor all outgoing emails before departure, flagging any that contain company information;
  • Require the employee to hand over personal devices (such as computers, laptops, tablets, smartphones, ) before departure. If the device is the employee’s, the employer should remove all confidential information and then return the device to the employee.
  • Require the employee to give an undertaking that they have returned all information and intellectual property back to the company before departure;
  • Quarantine the employee’s work devices, especially if the employer suspects the employee is joining a competitor or starting up their own competing business. If the employer later becomes concerned that the employee may have stolen confidential information, the employer should conduct a forensic analysis of the devices.

Finally, if the employer suspects the theft or misuse of confidential information, seek legal advice and take swift action to prevent the employee using or further disclosing the information.

Please contact a member of Lynch Meyer’s Workplace Relations team if you require advice on protecting confidential information or revising your employment contracts.