How many times have you shared your credit card or other personal information with an online merchant when making a purchase? It’s likely you had some expectation of confidentiality — that the receiver of your information wouldn’t share it with anyone else. Similarly, if you’ve ever signed a non-disclosure agreement (NDA), you’ve made a promise to maintain confidentiality with someone else’s information.
Most businesses and their employees generally maintain a level of confidentiality in the workplace that typically covers far more than customer data, thanks to Code of Conduct policies and other data privacy protocols that companies set up.
What is confidential information?
Confidential information includes all nonpublic information that might be of use to a company’s competitors, or harmful to the company or related parties if ever disclosed, as well as information belonging to or regarding customers, partners, and vendors.
This term is more encompassing than you might think. It’s not just material marked “confidential” or anything that is a legal document. It includes:
- Intellectual property. This includes trade secrets, patents, trademarks, and copyrights.
- Plans. Think future plans for the business, such as product and engineering ideas, roadmaps, marketing plans, designs, or service plans.
- Financial information. Financial information includes revenue, forecasts, deals in the sales pipeline, customer renewals, and churn risks.
- Records. This is information about customers, partners, vendors, and other associates, such as databases, records, customer lists, and customer trade data or other business data.
- People information. Think about information on employees or hiring plans, including hiring projections, prospective key hires, and people thinking of leaving the company.
- Customer data. This covers any personal details that companies collect and store about a customer like birth date, first and last name, email addresses, Social Security and phone numbers, as well as financial and medical information.
How can I promote confidentiality at my company?
There are a lot of ways to disclose information, both intentionally and inadvertently. To promote confidentiality, you’ll need to address both the obvious and the more nuanced aspects of keeping information safe. Here are five confidentiality scenarios to see examples from, and five strategies to implement as possible solutions for your team.
1. Ensure employees are trained
Code of conduct training applies to every member of an organization’s team, with the most impactful trainings supported by messaging from leadership. Making sure that every employee is trained in the core principles of an organization’s code is an effective way to guide ethical behaviors in the workplace. This includes sensitive topics like data protection, which covers handling any personal information like customer data. By providing employees with more context on how to handle personal information and prevent unauthorized access, an organization is letting everyone know it cares about the safety and security of personal information.
Here’s an example. You’re in charge of the new employee resource group (ERG) at your company, and start brainstorming ideas for the next meeting’s topic. You decide the best approach is to assemble your topic list from an internal database of customer concerns, company inquiries, and service complaints. Tapping user personal data in this situation would be an inappropriate business use of personal information and go against the company’s privacy standards under its Code of Conduct.
2. Teach to maintain confidentiality within the company
You might think that any and all information can be shared freely within the company — you all work for the same team, after all. However, confidential information should still be treated with care, even within the company. Only share confidential information on a “need-to-know” basis with colleagues who have the authorization to access it. If they don’t need to know it for work, then don’t pass it on. And make sure, when sharing information, that the next person in the chain understands any restrictions about using and disseminating it.
Here’s an example. It’s your weekly all-hands meeting, and you’ve been asked at the last minute to present because your teammate who was meant to do it is out sick. In your hurried preparation, you accidentally share your whole screen instead of a single tab, including your note-taking app. There you’ve got support tickets with personal customer information — and it’s now visible to everyone. In this instance, you’ve inadvertently shared confidential information about customers with employees who weren’t authorized to see it.
3. Teach to maintain confidentiality while in the general public
Public places present a wealth of opportunities for inadvertent disclosure of confidential information — you never know who might be sitting next to you on a flight or in a coffee shop. That’s why it’s essential to take special care of confidential information when in public. Avoid discussion or disclosure of such information in public areas, including online, at industry events, at coffee shops and restaurants, or during your commute to or from work.
Here’s an example that starts with a simple scheduling error. You’re working remotely overseas for a week, and you mix up your time zones — so you end up taking a sensitive client phone call at a coffee shop. In the moment, you might think that taking the call in public was a better option than rescheduling it, but it’s always best to ensure you’re in a private location. Hope as you might that all the other patrons have their noise-canceling headphones on, discussing confidential information in the open is never a good idea.
4. Teach to maintain confidentiality with company partners
Don’t discuss or disclose confidential information to customers, vendors, or other company partners, unless an appropriate confidentiality agreement is in place, and you’re authorized to talk to them about it. This is an important qualifier. Confidentiality agreements don’t give carte blanche to share anything and everything with another party. Rather, you can only share information that you’re explicitly authorized to share.
Here’s an example. You work in sales for a software-as-a-service (SaaS) company, and you’ve just seen the product roadmap for the quarter in an all-hands meeting. You know that one of the features being built will really speak to a prospective customer you’ve been nurturing for weeks, and might help you finally close the deal. Since you have a confidentiality agreement in place with this prospect, you might think you can go ahead and share. However, the best course of action is to get specific authorization from leadership to share this new information.
5. Teach to maintain confidentiality with friends and family
This might seem like a simple one: Don’t share confidential information with outside parties. Anyone who doesn’t work for the company is an outside party, including friends and family.
Here’s an example: Imagine you’re at a family dinner on Sunday night. Your cousin is in town from San Francisco, and you haven’t seen her in a few years. She shares that she’s taken a new job that she finds very demanding, and asks how work has been for you. You share that you’re working overtime because your team is under-resourced and that a hiring freeze is perpetuating the problem. You might think you’re just commiserating about working long hours, but in fact you’ve shared confidential information that could be a reflection on the financial state of the company.
How to protect confidential information in your workplace: 5 strategies
1. Create a code of conduct
A code of conduct is a set of guiding principles that outline an organization’s expectations for employees, clients, and collaborators. This code is extensive, with very specific rules and guidelines governing employees actions in various situations and scenarios that might be encountered in the workplace. Expectations regarding confidentiality should be clearly outlined in this resource.
2. Hold regular and ad-hoc trainings
Do both regular and ad hoc training on confidentiality. Include confidentiality in onboarding training to set expectations with new hires, then revisit the topic throughout the year — especially in advance of moments that matter. For example, you might hold a confidentiality refresher right before a company offsite that’s held in a public place.
3. Make it relevant
Confidentiality can feel broad and ambiguous, so customizing trainings by department can help make confidentiality guidelines feel more relevant to individual teams. For example, when training sales teams, you might talk about how sales pipeline data is confidential; whereas when training a product team, you might talk about why the product roadmap is sensitive.
4. Create a speak-up culture
Create a speak-up culture so that employees feel comfortable asking questions or reporting concerns. Aspects of investing in a speak-up culture include:
- Make space for feedback. It takes an incredible amount of courage for a team member to pull aside a leader to voice a concern. Creating dedicated space for employees to share feedback with you can help. At Ethena, we use “Feedback Fridays” to do just this.
- Set clear expectations. Be crystal clear about what constitutes a violation of confidentiality and what the consequences are. This lets team members know that confidentiality is serious business.
- Respond with action. Many employees don’t report misconduct because they feel that management won’t believe them. If someone voices a concern or makes a report of confidentiality being violated, take action and provide clear updates to the employee that raised the concern.
5. Do the basics
Do the basics to walk the walk, in addition to talking the talk about confidentiality. Pass out privacy screens so staff have one to use when they need to. Send out monthly email reminders with tips on positive social media hygiene and basic data protection tactics. You can even start to send out reminders every month with tips and build them into a FAQ on your company’s internal website. If you’re an Ethena customer, you can even send out monthly, quarterly, or annual “nudges,” digestible two- to three-minute training segments to remind staff of policies covering topics like protecting confidential information, data protection, information security and cybersecurity.
Confidential information is about more than documents stamped “confidential” — it’s a broad array of information that includes everything from customer data to hiring plans. To promote a culture of confidentiality in the workplace, work both on setting clear expectations with onboarding compliance trainings, and laying a path for employees to ask questions or raise concerns. There is, after all, often ambiguity about what should be kept confidential and with whom, so the best thing you can do is make sure the lines of communication are open and clear.
Ethena is a modern compliance training platform that delivers current, cringe-free content that employees actually enjoy. Request a sample course to see for yourself! If you’re ready to bring complex issues to life through thoughtful real-world examples, dynamic multimedia, and actionable next steps, let’s talk to see if Ethena is right for your company.