The Whiteboard: Is your company doing a good job of protecting confidential data?
How do you protect your business's confidential information? How do you protect your customers' confidential information? How do you protect yourself from employees who leave and solicit your customers or employees?
For many small businesses, the answer ranges from poorly to not at all. But there are simple steps to improve the situation.
I worked for large corporations, so I considered it routine that new employees would sign agreements protecting the company. Signing was a condition of employment. Employees agreed not to engage in certain behaviors while employed and for a period of time after employment ended.
One of the key areas in these agreements is the protection of confidential information. That can be a very broad subject area, but it can be broken down into a few key things that may have different levels of importance for different businesses:
Customers' confidential information: It is surprising to me that small-business owners sign nondisclosure agreements promising to protect their customers' confidential information without actually having the means to protect it. Manufacturers handle product design information. Service providers handle sensitive sales and financial data. This information can be in the hands of employees at all levels of the business.
If your customer asks how you are actually going about protecting its information, one good answer is that all of your employees have signed an NDA that includes nondisclosure of customers' confidential information and that they have been trained on what that means. A not-so-good answer is that you signed the agreement and filed it with the best of intentions.
Company confidential information: This one is even more surprising to me. There is information that is critical to every business that you don't want broadcast to the world. Why would you simply bring new employees in, hand them that information and hope for the best?
What's so important? It depends on the business, but there are several things that come to mind quickly.
Starting with customers, you may not want the competition to know who they are or the names and contact information of their purchasing decision-makers. Sensitive pricing information should not be revealed to customers or competitors.
If the business manufactures products, there may be a wide range of confidential information, including design drawings, formulas, manufacturing processes and procedures. Product test data, field failure and warranty claim information may be sensitive.
Your company may have struggled for years to find the right suppliers for key needs. Do you want that information handed to competitors? I think not.
Nonsolicitation of employees and customers is another area of consideration beyond the pure NDA. It is not at all uncommon in the world of small business for an employee to leave and go into competition with his or her employer. When they do, the next step is trying to hire the people they know and calling on the customers they know or know about. A nonsolicitation agreement prohibits that activity for a period of time, usually something like a year after termination of employment.
Many businesses include a noncompete clause in these agreements, prohibiting the employee from starting or working for a business in direct competition with the employer. These have proven difficult to enforce, because it can be argued they keep people from making a living. Non-solicitation agreements don't keep anyone from making a living. They just keep them from doing it on day one with your employees and customers.
If your company doesn't have these types of employee agreements, you should consider getting started, especially if you have signed NDAs for customers. The first step I recommend is consulting with a good attorney who specializes in employment law.
You'll want to talk through the specific needs of your business. What kind of company information is sensitive and needs to be protected? What can be protected? You might find that some of the information you want to protect is already in the public domain. One example: With LinkedIn profiles out there, you can pretty much forget protecting the names and contact information of your key people.
You should also discuss NDAs that you have signed and any specific requirements in them that might affect your agreements. And you will need to discuss concerns about solicitation of employees and customers.
Of equal importance will be getting legal advice on rolling out agreements. Depending on what they cover, you can't just shove them down the throats of existing employees. You may need to start with new employees and tie the implementation with existing employees to specific events, such as a promotion, a pay increase or a bonus payment.
If you have information that is at risk or if you have employees who could become competitors for your customers or your workforce, think about how to protect your business.
Richard Randall is founder and president of management-consulting firm New Level Advisors in Springettsbury Township, York County. Email him at firstname.lastname@example.org.