Employee Confidentiality Policy

Policy brief & purpose

This policy explains what's the appropriate and ethical behavior when it comes to confidential data we use in our Company.

Scope

This policy applies to all employees who have access to confidential information.

Policy Elements

Confidential and proprietary information is secret, valuable, expensive and/or easily replicated. Common examples of confidential information are:

  • Unpublished financial information

  • Data of Customers/Partners/Vendors

  • Patents, formulas or new technologies

  • Customer lists (existing and prospective)

  • Data entrusted to our company by external parties

  • Pricing/marketing and other undisclosed strategies

  • Documents and processes explicitly marked as confidential

  • Unpublished goals, forecasts, and initiatives marked as confidential

Procedure

What employees can do

  • Lock or secure confidential information at all times

  • Shred confidential documents when they’re no longer needed

  • Make sure they only view confidential information on secure devices

  • Only disclose information to other employees when it’s necessary and authorized

  • Keep confidential documents inside our company’s premises unless it’s absolutely necessary to move them

What employees can't do

  • Use confidential information for any personal benefit or profit

  • Disclose confidential information to anyone outside of our company

  • Replicate confidential documents and files and store them on insecure devices

  • Share source code to any external parties

  • Maintain personal relations with former employees, suppliers and/or clients that have on-going litigation with Secure Group

  • Maintain personal relations with former employees that were dismissed because of severe immoral behavior

Confidentiality Measures

Measures to ensure that confidential information is well protected:

  • Store and lock paper documents

  • Encrypt electronic information and safeguard databases

  • Keep our source code secure on your workstation or in our version control system (Bitbucket, Gerrit, Harbor)

  • Ask employees to sign non-compete and/or non-disclosure agreements (NDAs)

  • Ask for authorization by senior management to allow employees to access certain confidential information

Exceptions

Confidential information may occasionally have to be disclosed for legitimate reasons. Examples are:

  • If a regulatory body requests it as part of an investigation or audit

  • If our company examines a venture or partnership that requires disclosing some information (within legal boundaries)

  • In such cases, employees involved should document their disclosure procedure and collect all needed authorizations. We’re bound to avoid disclosing more information than needed.

Policy Violation

In case the employee does not follow this policy, the following action will be taken:

  • Disciplinary action: if a minor violation

  • Corrective Action Plan (CAP): if a severe violation

  • Termination of Employment and legal action: if an extremely severe violation

We’ll investigate every breach of this policy. We’ll terminate any employee who willfully or regularly breaches our confidentiality guidelines for personal profit. We may also have to punish any unintentional breach of this policy depending on its frequency and seriousness. We’ll terminate employees who repeatedly disregard this policy, even when they do so unintentionally. This policy is binding even after the separation of employment.

Last updated