Q) Company’s most valuable assets is information.

Employees are supposed to

maintain the confidentiality of information (whether or not it is considered proprietary)
entrusted to them not only by the Company, but also by suppliers, customers and
others related to the business. I f disclosed, might be of use to competitors or harm
ul to the Company, or its customers or suppliers. With reference to the above,
recommend how the company can make certain that the privileged information is
handled properly by the employee?

A)
Introduction:
Before discussing how to make certain that the privileged information is handled
properly by the employee, we should learn what is privileged first.
Privileged information (confidential information) means information which is
privileged communication shared to a few people for certain purposes. Or receiver of
confidential information is generally prohibited from using it to take advantage of the
giver is also called privileged information.
In different company, privileged information may mean different things.
In most of company, it may mean limitation pricing, margins, merchandising
plans and strategies, finances, financial and accounting data and information, suppliers,
customers, customer lists, purchasing data, sales and marketing plans, future business
plans etc.
If it is an engineering company, privileged information may include patent,
copyright, trade secret, and other proprietary information, techniques, sketches,
drawings, models, inventions, know-how, processes, apparatus, equipment, algorithms,
software programs, software source documents in additional.
In fact, different employee in different working position can know different
confidential information of company. If those confidential information leaks to other
companies, it will let those competitors have chance to beat employee’s company. Also,
some of the confidential information contain personal information. If those information
leaks, it will let the company takes legal liability.
To prevent the disclosure from employee, employer should use some method to keep
that confidential information in confidential. Here we will suggest some method to
prevent disclosure.
Methods:
1. Using Non-disclosure agreement (NDA) to keep confidential
First, we should mention that Non-disclosure agreement is a type of legal contract.
Before employee join to company, employer need to give employee a contract to
sign. Employer can add NDA into the contract or need employee sign NDA
independently.
According to contract law, employee (promisor) must execute contract content. So,
NDA need to list items of confidential information clearly.
Also, employee’s name, position, company’s name, expiry date and the
punishment after disclosure of confidential information are must be written in the NDA
clearly.
After employee signed NDA, keeping confidentiality information in secret
become a legal responsibility of employee. This can prevent employee leak
confidential to other company.
In addition, if customers or suppliers want someone or some organization to
supervise the NDA, it should be mentioned in the NDA. It is because according to
Hong Kong Basic law (Cap. 623), the third parties which are mentioned in the contract
have right to enforce promisor to do contract’s content.

2. Set up a privacy server

If company use server from others (for example: google), this will take a big risk for
hacking. Using privacy server can let those digital copy of confidential information
isolates from internet. This lower the risk from hacking by others.
Also, the file in the privacy server can be encryption. Those encrypted files are
broken files. If employee or hacker hack to the server and get the file, they cannot open
the file easily. Also, employer can set the encrypted file can be opened by company's
computers.
On the other hand, employers can protect their confidential information by limiting
employee access right. Employers can divide the privacy server into several parts and
give different access right to different department. This can let employee know the less
and get the less.
Also, employer can use window built-in function--Encrypting File System. After
use the Encrypting File System, the files which are encrypted are only able to open by
that user or some other users which approved by organizer. This can make sure digital
copy of confidential information can be opened by company’s computer only.
 If employer wants to rise the confidentiality, they can add different password to
different files. All passwords should be non-regular, using combination of numbers,
symbols and letter. This reduce the chance of disclosure most of privileged
information by an employee.

3. Set up an independent room or locker to keep hard copies of confidential

information
Beside the digital copies, hard copies another way to let employees to disclosure.
Employee should set up an independent room or locker to keep those hard copies
of confidential information. Also, employers should keep that room or locker are
always locked. The key or password should be kept by employers or person who is trust
in employer.
This can make sure the information is locked and only employer or the one who is
trusted in employer can change the content. If some hard copies of privileged
information disclosure, the one who own the key will be the largest suspect. This may
make key owners keep watch over the place where kept privileged information.
In addition, closed circuit television (CCTV) system should be installed in the
place where stored privileged information. This can risk the security of information.
Also, the record of CCTV can used as evidence. If someone goes into the room stored
privileged information and steal privileged information, CCTV can record down who
and when stole the privileged information. This can help employer to get back the lost
from the privileged information by litigation.
On the other hand, all of the confidential document should be adding a
confidential mark on the top of or behind the confidential information. Even seal the
hard copies is another way to keep confidential information.
This can strongly mention that file is confidential document. This can let all of
people who read the privileged information realize that is privileged information.
Employees will keep the confidential document carefully.

4. Destroy all retired hard disk

To prevent the leakage of privileged information after the disposing of old
computer away, employer should destroy all hard drive.
Although information in the hard drive is deleted, there are some free programme
to recover data in the hard drive. If we do not destroy the hard drive, bad guys will
recover the information and sell to other.
Conclusion:
To prevent the leakage of privileged information, employer should let employee
sign the non-disclosure agreement, set up a privacy server (for digital copies of
confidential information), set up an independent place to place privileged information
(for hard copies) and destroy all retired hard disk.

Reference:
1) Hong Kong e-Legislation. Retrieved from
https://www.elegislation.gov.hk/ Mironov consultation
2) Rich Mironov's Product Bytes. Retrieved from
https://www.mironov.com/
3) Microsoft support, Retrieved from
https://support.microsoft.com/en-hk/help/4026312/windows-10-how-to-encrypt-a-f
ile
4) Off, J. (2002). Engineering ethics: Do engineers owe duties to the public? London:
Royal Academy of Engineering.