While Human resources departments are responsible for keeping confidential information about potential employees, internal staff and external clients, a big part of their job are circulating policies and inter-office communications that are meant to be seen by everyone. They are responsible for sharing employee’s private and personally identifiable information with external providers and agencies that include health plans, banks, and the IRS. Jason Hanold knows that managing who can see what is a daunting task and protection against any possible threats requires a strategy flexible enough to destroy files automatically, while also enabling secure sharing. Confidentiality Agreements don’t have to be long and complicated. In fact, the good ones usually don’t run more than a few pages long. First, there are some key elements of Confidentiality Agreements that should be taken into account:
The identification of the parties
A description set forth at the beginning of the contract. If it is an agreement where only one side is providing confidential information, then the disclosing party can be referred to as the Disclosing Party and the recipient of the information can simply be referred to as the Recipient.
Elements defined to be confidential
Defining what confidential information means. The disclosing party wants this definition to be as broad as possible, so as to make sure the other side doesn’t find a loophole and starts using your valuable secrets. But if you are the recipient of the information, you have a legitimate desire to make sure that the information that you are supposed to keep as a secret is clearly identified and that you know what you can and cannot do. Oral information, in particular, can be tricky to deal with, and the usual compromise is that oral information can be deemed confidential information, but that the disclosing party has to confirm to the other side in writing sometime shortly after it was disclosed, so that the receiving party is now on notice as to what oral statements are deemed confidential.
Obligations of the receiving party
This usually means that it has to take reasonable steps to prevent others from gaining access to this private information. If the scope of the Confidentiality Agreement is broad enough, then you can sue for damages or to stop them if they breach their confidentiality and non-use obligations.
The term of the agreement
Some attorneys would argue that the Confidential Agreement should last forever. But if you are the recipient of the confidential information, you will likely insist on a definite term where the agreement ends. After all, most information becomes useless after a certain number of years, and the cost of policing confidentiality obligations can become expensive if it is an endless obligation. Confidentiality Agreement can also state that, even if the term is ended, the disclosing party isn’t giving up any other rights that it may have under copyright, patent, or other intellectual property laws.
And then, the data available to the Human Resources Department should be classified into categories before policy controls are defined to meet specific access and permission requirements. These categories should include intellectual property, executive compensation, board-of-director files, customer lists, and financial data. This requires the highest level of protection, including automatic encryption and assignment to the strictest security protocols. Another set of categories can either be encrypted automatically or assigned security permissions that allow everyone inside the organization access or can be manually selected by human resources to be secured. This set includes policy manuals, inter-office correspondence, and pre-release public files.
Human Resources should keep personal information on employees confidential, even before they are hired. Candidate information includes reference checks and job offers. HR also protects drug-testing and physical examination results, Social Security numbers, payroll data and performance reviews. Also, employees’ ID numbers and customers’ financial information are some of the data at high risk for theft. Confidentiality laws, such as the federal Health Insurance Portability and Accountability Act, requires that HR also keeps employees’ health information private.
Human Resources often handles client information, including external and internal financial information. Client contracts mandate confidentiality and can only be shared with authorized employees or, in some cases, third-party agencies, so this data receives tier one treatment. With advanced security settings, HR can safely share this information with the designated parties via email by specifying the number of devices and validity period for accessing protected attachments. Business expansions, new product ideas, changes in procedures or an impending layoff or plant closing are kept confidential until the time is right for a company-wide or public disclosure.
Confidentiality agreements protect intellectual property or trade secrets from competitors. Proprietary information includes production methods, formulas or processes you want to keep confidential. It also includes salary ranges, customer lists, and vendor contracts, as well as business and marketing plans and any special skills your employees have. A confidentiality agreement protects your computer system, which holds proprietary information. The human resources department can be the first line of defense for this data since it may be the first to find out an employee is leaving. They need to have policies in place for resulting access changes.
Non Competing Agreement
HR ideal is to keep valuable employees, but this is not always the case. A non competing agreement keeps a business’ former employees from giving away its trade secrets to a competitor. Some non competing agreements restrict employees from starting a business that competes with their former employer’s business, for a certain amount of time.