The definition covers anything not in the public domain that helps the organisation do its work better or more efficiently. It would therefore include, for example, information about industrial processes, budgets, costs, forecasts, and even customer contact information. Sometimes organisational information is covered by confidentiality agreements or contracts of employment.
If you are tempted to disclose any information of this nature, you should check your contract first and, if necessary, get legal advice. However, forthcoming changes to data protection law in Europe and relating to any data held on a citizen of a European Union country means that it needs to be considered and held differently. If you think this may affect you or your company, you are advised to seek legal advice. Some professionals — including doctors, lawyers and accountants — come across information about individuals or organisations through their professional position.
These professionals are often bound by professional codes of conduct as well as formal legal requirements. There is a distinction to be drawn between casual expectations of confidentiality and legal requirements. There is information which you may be told, and asked to keep secret, but where the only obligation to do so is personal.
For example, a colleague tells you that she is pregnant, and explains that she has not yet told anyone else and would prefer it not to be public for the time being. There is no absolute or legal requirement on you not to tell anyone else.
However, be aware that if you do so, you will have broken her trust. You would not expect her to be happy, and your reputation as someone to trust and rely on will be gone and probably not just with her. There is information that legally cannot be shared with other organisations or individuals except under certain very specific circumstances. For example, you may want to share or sell a list of customer contact details to another organisation.
In many countries, you can only do so if you have obtained explicit consent from those customers. Most personal information that is, any information which is personal to an individual, such as national insurance numbers, full name, address, email address or similar cannot, by law, be disclosed without consent. Avoid acquiring sensitive data unless absolutely necessary; one of the best ways to reduce confidentiality risk is to reduce the amount of sensitive data being collected in the first place.
Manage data utilization. Confidentiality risk can be further reduced by using sensitive data only as approved and as necessary. Misusing sensitive data violates the privacy and confidentiality of that data and of the individuals or groups the data represents. Manage devices. Computer management is a broad topic that includes many essential security practices. By protecting devices, you can also protect the data they contain. Follow basic cybersecurity hygiene by using anti-virus software , routinely patching software, whitelisting applications, using device passcodes , suspending inactive sessions , enabling firewalls , and using whole-disk encryption.
Security Home. Site Map. To get your unit started with a security and risk consultation, contact IT Security. Of course, we are always available to counsel employers in the area of confidentiality and to develop policies and agreements that provide businesses with the proper safeguards. Why is Confidentiality Important? October 15, At the very least, we recommend employers adopt the following procedures for protecting confidential information: Separate folders should be kept for both form I-9s and employee medical information.
Employees should clear their desks of any confidential information before going home at the end of the day. Employees should refrain from leaving confidential information visible on their computer monitors when they leave their work stations. Employees should refrain from discussing confidential information in public places.
Employees should avoid using e-mail to transmit certain sensitive or controversial information. Limit the acquisition of confidential client data e. Before disposing of an old computer, use software programs to wipe out the data contained on the computer or have the hard drive destroyed.
0コメント