Information that is treated with confidentiality can be categorised according to its tangibility. Tangible information refers to that kind of documents that are touchable, in other words, paperwork, books, files and so forth.
Intangible information is mostly limited to computers where it can be read. This includes any information saved on the computer system or server. It also includes emails, statements and any other form of data, captured within technology.
When the layout of an office is planned, it is important to keep in mind that confidentiality must be maintained. Computers, fax machines, printers and other technological filing systems must physically be placed in areas where access can be controlled, restricted and monitored. Only employees with permission to access that specific technological area’s information, are allowed to be there or have access to it.
When employees move around the office or leave the office for specific reasons, it is important that all confidential information be locked away prior to leaving the office. At the end of the working day, all confidential information should also be secured for the night.
Document management can be centralised or decentralised:
If information must be accessed by stakeholders other than your specific organisation, it is important to keep the following aspects in mind:
The information in this document is confidential to the person to whom it is addressed and should not be disclosed to any other person. It may not be reproduced in whole, or in part, nor may any of the information contained therein be disclosed without the prior consent of the directors of <Company Name> (‘the Company’). A recipient may not solicit, directly or indirectly (whether through an agent or otherwise) the participation of another institution or person without the prior approval of the directors of the Company.
The contents of this document have not been independently verified and they do not purport to be comprehensive or to contain all the information that a prospective investor may need. No representation, warranty or undertaking, expressed or implied is or will be made or given and no responsibility or liability is or will be accepted by the Company or by any of its directors, employees or advisors in relation to the accuracy or completeness of this document or any other written or oral information made available in connection with the Company.
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and or publication of this material is strictly prohibited.
NOTE: This is a sample of the kind of notification you would include on the front page of the document to indicate that it and the information provided are confidential
This document and the information in it are provided in confidence, for the sole purpose of [insert details], and may not be disclosed to any third party or used for any other purpose without the express written permission of [insert details].
Click here to view a video that explains guidelines for dealing with confidential information.
Within an organisation, there is information that needs to be dealt with in a sensitive manner. Confidential information is also stored on the computer network.
Computers standing on the desk creates a liability for information that should be treated as confidential. Some guidelines to maintain secrecy can be identified:
Only information that the computer user is busy with should be open. Remove all data that is not actively worked on at that point in time.
Desks and computers should be arranged in such a manner that unauthorised passersby should not be able to glance or read the content on the computer screen.
Specific applications that are used to update data should specifically be closed after use.
Computer settings should be adjusted to include a time-out feature. This allows the computer to turn to energy-saving mode once the set time for inactivity has passed. Should a person unexpectedly be required to leave their working station, confidentiality can be maintained.
It is preferable that administrative data be saved on the network driver, rather than on the personal computer.
When information is stored on a personal computer or laptop, it is important to ensure that backups are made regularly.
Back-ups should ensure that confidential information is not compromised or lost in the event of disk failure or computer problems. These backups should be locked in facilities where limited access is allowed.
Confidential files should require passwords to gain access. The level of secrecy will determine which employees will have access to the specific password. Top management will strategically allocate these passwords.
It is recommended that a password also be created for the monitor.
Employees should only have access to information that they are entitled to.
Employees should have their own unique passwords to access their computers.
It is each individual’s responsibility to maintain the secrecy of their password. These passwords need to be changed regularly to ensure authenticity and security. Some systems allow for these passwords to be changed every month or 6 weeks. If an employee however has reason to believe that their password was compromised, the employee should take proactive measures and change the password immediately.
If the systems do not request a change of passwords, it is advisable that the employee diarise a change.
Passwords should be remembered by the individual. When passwords are written down somewhere it increases security risks.
When a fax is sent, is important to verify the fax number to ensure that it reaches the intended person.
Always include a cover sheet that states the fact that the information that follows is to be treated confidentially.
When a fax is received that was not intended for the person receiving it, the sender should immediately be contacted. The received information should then either be secured or destroyed.
Faxes should not be left unattended on the fax machine. If fax is expected, check the fax machine regularly. The sooner information on the fax machine can be retrieved, the smaller the risk of information falling in the wrong hands.
Incoming faxes should also state the confidential nature of the contents of the communication.
All employees should be trained as to the procedure when they receive confidential information that is not intended for them.
If an organisation makes use of a centralised fax machine, the person standing by the fax machine should receive the fax, sign in a fax register for receipt of the fax and treat the fax according to company policy for fax retrievals. A fax trail can therefore be determined and ensure confidentiality.
Centralised printers should be treated in a similar way to fax machines.
The person printing a document should immediately retrieve it from the printer.
Printers in a private office should preferably also not have confidential documents lying on it.
Only information that is requested should be provided.
Refrain from using general forms that contain additional information. For example, if an external resource or client requests confirmation of an address, send only that.
Interpersonal communication between employees or between employees and clients/customers should provide restricted information to people who are in the vicinity. Confidential conversations should transpire in closed office spaces or in a boardroom.
Do not have discussions with regards to confidential information in public areas such as elevators or cafeterias.
When you are conversing on the telephone, verify the information of the person receiving your message.
Refrain from discussing confidential information with external individuals, including friends, family members and counterparts at other organisations.
If you are unable to telephonically reach a specific person, never leave confidential information on a voicemail or with another person.
Calls made or received by large company call centres may indicate that phone calls are recorded. Callers also have an option to complete a survey after the call has been ended with the original person. Any concerns with regards to a breach in confidentiality can then be addressed.
As mentioned in Module 1, storage and easy retrieval of documents play an important role in the administrative system of an organisation. Some aspects need to be considered in order to maintain confidentiality.
Files should be stored in cabinets or desks that can be locked.
Information that cannot be reproduced should be kept safe in a specifically created environment where it can be protected against natural causes or unauthorised viewing.
Person’s entrusted with keys and access cards should under no circumstances share it with any other employee, even if that employee also has keys and access. Keys and access cards must always be safely guarded by the person who was entrusted with them.
Cleaning staff, maintenance staff and any other casual staff or visitors may not have access to storage facilities containing confidential documents. A specific policy indicating the procedures to be followed if for some reason access is necessary should be consulted and implemented. It is advisable that these individuals be accompanied.
All staff, contractors and other personnel employed by Company ABC are required to treat all client information with the utmost confidentiality. Staff with access to confidential, private or sensitive information are not to divulge this information with any other person unless authorized to do so. If you are ever asked to divulge confidential information about a client by a person who has no authority to request this, please report the matter to your supervisor immediately. If you ever hear a Sunset Bay employee discussing information of a confidential and/or private nature in an inappropriate way (eg, chatting to a colleague in the office or lunchroom, telling friends in a social setting), you must report the matter to your supervisor immediately.
The easiest way to follow this policy is to remember one simple rule: NEVER give out confidential and/or private information about a client unless it’s to an authorized person. This means not even to family members - we have no way of knowing a person’s family situation, and that person has the right to withhold private information from his/her family members.
Company ABC takes the confidentiality and privacy of our clients very seriously, and will not hesitate to take disciplinary action against any employees that are in breach of this policy.
In a health setting, a client can take legal action against the staff member responsible under the Law of Negligence. Sunset Bay owes a duty of care to the client to prevent any "damage" to the client.
To avoid a successful claim by the client, Sunset Bay needs to be able to prove that they have steps in place to prevent such a breach from taking place. These are:
If Company ABC policy and procedure regarding confidentiality of client information is not followed, the individual staff member (or staff members) may be sued by the client rather than Company ABC.
ALL staff at Company ABC are required to sign a confidentiality agreement when they commence employment. This is a legally binding document that clearly states your obligation to treat all client information in a confidential manner.