Having recently completed work around the development and protection of confidential information I was curious as to how the average organisation manages confidential information so started asking questions of colleagues and clients.
Confidential information is different. Why is it different? In most cases because it is valuable. It is valuable to the owner. Confidential information can be intellectual property, customer lists, trade secrets, financial position, legal agreements etc. If confidential information is so valuable why do organisations have inappropriate management processes in place? If an organisation deems information to be confidential often it is protected prior to release by a non-disclosure agreement, non-disclosure deed or some form of umbrella agreement. All legally binding, yet not often enforced.
In most cases the provider of the information trusts that the receiver of the information will respect and enforce the confidentiality agreement. Once in receipt of confidential information most organisations manage it via:
- Confidential document repositories.
- Restricted access manual files.
- Document management systems.
- Security and authority levels.
- On a need to know basis.
From what we see few organisations link the received confidential information to the authorised confidentiality agreement/deed and audit access and distribution.
How does your organisation manage confidentiality agreements/deeds and the information that they cover?
