Just recently a business owner asked me about the steps he can take to scale his business without risking his idea (product composition & specification) getting leaked?

I am sure this question will pop up in quite a few minds and it is indeed a pertinent question.

Businesses often revolve around innovations such as new inventions or delivering services in a novel way. Companies sometimes choose to keep certain business information secret or confidential from the public and competitors. Confidentiality is often achieved by having employees and business partners sign confidentiality agreements or non-disclosure agreements. Such agreements act as contracts that obligate the signatory to keep certain information secret.

So, if you are a business owner that is grappling with keeping information confidential and yet want to use the same to ensure growth, read on.

Let us consider the potential advantages & disadvantages of keeping information confidential

Potential Advantages:
✔ Protecting Sensitive Information
The primary benefit of confidentiality is that it can enable a business to keep sensitive business information secret from the public and competitors. Some companies have special formulas, plans, processes or devices that they use to gain an advantage over competitors, and confidentiality of such trade secrets can allow a company to maintain its competitive advantage.
Eg: A soft drink company might keep its recipe confidential so that no one can copy it or use it to form new ideas.

✔ Marketing Advantages
Confidentiality can be an advantage in marketing because it allows companies to pick and choose the information actually released to the public. Sometimes, businesses do not want consumers to know everything about the development of their products. For instance, a software company might not want to release information about software that is under development because early versions of software are often replete with problems that need to be fixed before release.

Potential Disadvantages:
≠ Marketing Drawbacks
A potential disadvantage of limiting the amount of information that consumers receive in attempts to maintain confidentiality is that it may decrease awareness of products and services. If a company updates consumers with news about upcoming products and services, it can help create demand for those products and services before they become available. Transparency of business practices, such as releasing information about how products are produced, can also build consumer trust.

≠ Information Leaks
A major drawback of confidentiality is the possibility of information leaks. Many companies choose to patent inventions, which serves as legal protection against anyone trying to copy the invention. Inventions that are kept secret are not protected by patents because the patent process involves disclosing information to the public. If confidential information is leaked, a company might not be able to defend its intellectual property as effectively is it could otherwise.

Now, let us move a little deeper to understand what Confidentiality actually entails.

Confidential workplace information can generally be broken down into three categories:

1. Employee information
2. Management information
3. Business information.

Employee Information:
There are laws which govern the confidentiality and disposal of “personal identifying information” (e.g., an employee’s PAN or Aadhar information, home address or telephone number, e-mail address, Internet identification name or password, parent’s surname prior to marriage or driver’s license number).

Management Information:
Confidential management information includes discussions about employee relations issues, disciplinary actions, impending layoffs/reductions-in-force, terminations, workplace investigations of employee misconduct, etc. While disclosure of this information isn’t necessarily “illegal,” it is almost always counterproductive and can seriously damage the collective morale of a workplace.

Business Information:
We oftentimes refer to confidential business information as “proprietary information” or “trade secrets.” This refers to information that’s not generally known to the public and would not ordinarily be available to competitors except via illegal or improper means. Common examples of “trade secrets” include manufacturing processes and methods, business plans, financial data, budgets and forecasts, computer programs and data compilation, client/customer lists, ingredient formulas and recipes, membership or employee lists, supplier lists, etc. “Trade secrets” does not include information that a company voluntarily gives to potential customers, posts on its website, or otherwise freely provides to others outside of the company.

What steps can be taken to better protect confidential information?

1. Develop written confidentiality policies and procedures

Every business/organization should have a written confidentiality policy (typically in its employee handbook) describing both the type of information considered confidential and the procedures employees must follow for protecting confidential information. At the very least, employers should adopt the following procedures for protecting confidential information:

1. All confidential documents should be stored in locked file cabinets or rooms accessible only to those who have a business “need-to-know.”
   1. All electronic confidential information should be protected via firewalls, encryption and passwords.
   2. Employees should clear their desks of any confidential information before going home at the end of the day.
   3. Employees should refrain from leaving confidential information visible on their computer monitors when they leave their workstations.
   4. All confidential information, whether contained on written documents or electronically, should be marked as “confidential.”
   5. All confidential information should be disposed of properly (e.g., employees should not print out a confidential document and then throw it away without shredding it first.)
   6. Employees should refrain from discussing confidential information in public places.
   7. Employees should avoid using e-mail to transmit certain sensitive or controversial information.
   8. Limit the acquisition of confidential client data (e.g: bank accounts, or driver’s license numbers) unless it is integral to the business transaction and restrict access on a “need-to-know’ basis.
   9. Before disposing of an old computer, use software programs to wipe out the data contained on the computer or have the hard drive destroyed.

A confidentiality policy should also describe the level of privacy employees can expect relating to their own personal property (e.g., “for your own protection, do not leave valuable personal property at work and do not leave personal items — especially your purse, briefcase or wallet — unattended while you are at work”)

2. All businesses/organizations should have their confidentiality policies reviewed to ensure compliance with applicable laws.

3. Train management and employees on confidentiality policy: Simply having a written confidentiality policy is not enough. In order for the confidentiality policy to be effective, managers, supervisors and employees must be educated on confidentiality issues and the company’s policies and procedures. Management and employees should be allowed an opportunity to ask questions about the policies, and everyone should be trained to avoid putting sensitive information in e-mails. Many companies and organizations include this training as part of the new-hire/orientation process.

4. Management should also be instructed on the proper way of communicating with the company’s inside and outside counsel so as to ensure that certain work-related documents and e-mails are protected by the attorney-client privilege.

5. Enforce Confidentiality Policy:
This is one of the most important steps a business/organization can take to protect its confidential information, and unfortunately, it’s oftentimes the one step that is ignored. All the policies, procedures and training in the world will not matter if those policies and procedures are not enforced. In order for a confidentiality policy to have “teeth,” employees who violate the policy must be disciplined in accordance with an employer’s corrective action procedures.

Keep Propelling!