- The misuse of confidential information - How to protect your business
The misuse of confidential information – How to protect your business
The misuse of confidential information – How to protect your business7th January 2021 - Published by Kuits Intellectual Property team
A company’s confidential information can be one of its most valuable assets. Information held by companies can include data such as client lists and client contact details, business strategy and pricing structures, which if misused could cause serious harm to the business.
In light of the number of employees working from home, increased significantly by the COVID-19 pandemic, it has become more difficult to monitor employees compared to when working in the office, however it is still just as important to protect the confidential information your business holds.
The pandemic has also seen a surge in employees, wittingly or unwittingly, taking important business data with them if they leave a company, often with firms leaving themselves unprotected against this or unaware of their rights.
How to protect your business
So what can you do to try and protect your business from misuse of confidential information?
- Contractual provisions – employment and contractor contracts should contain tightly drafted intellectual property (IP) clauses to ensure any important IP assets are owned by the company. They should also refer to the obligations around confidential data and ensuring the return of any data on ceasing work for the business.
- Clear data and IT policies – these should explain how data should be stored, who can access it, and how to report a breach. The policies should also deal with the procedure which should be followed in the event an employee leaves the business.
- Limit access – identify the information within your business that could cause damage if misused, then consider which members of staff need to have access and limit access accordingly. Keep a record of who has access to what data, and clearly set out in the employment contract how that data should be used, so that a breach can clearly be identified.
- Use passwords – where possible, password protect documents and files which are confidential to the business.
- Departing employees – any staff who have left, or have been made redundant, should have access removed and their log-in/email accounts suspended, to reduce the risk of an ex-employee committing a data breach.
- Security measures – this could include having the correct virus protection software, using a secure network, and implementing automated logging of computer systems and platforms so those who have accessed data can be identified. USB ports should be locked so that data cannot be transferred via a USB stick.
If a breach is identified, taking action quickly can prevent or mitigate damage to the business. An interim injunction can be obtained to prevent the disclosure or use of the confidential information, but you will need to act quickly and therefore legal advice should be sought as soon as possible.