Information Ethics and Information Security Essay

In today's business environment, every business has information that is considered invaluable and integral to its business operations, as a competitive edge in the marketplace may be as a result of developing or possessing specific knowledge that is above and beyond that of the competition. Confidential information such as proprietary technology, customer lists, marketing plans and pricing information are critical organizational assets that need to be handled carefully else they are compromised. Threats to such confidential data can be external through theft, commercial espionage or hacking. However, one of the biggest threats to organizations' confidential information is from inside the business. The majority of employees in a business will have access to valuable information relating to strategic and financial business intelligence as well as about suppliers and customer contacts, in the course of their employment. Such information is often an attractive asset to competitors that aim to encroach on the employer's market. As such, employers put in place measures that ensure the protection of confidential information, trade secrets and business contacts in order to maintain their competitive edge as well as ensuring the integrity of the organization.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

One of the primary means that organizations seek to protect their confidential information is through contracts with employees issued at the beginning of their employment. However, before such contractual obligations are outlined and presented to the employees, the organization has to determine the type of information that requires protection, as such, the initial step in the security of organizational information is carrying out an audit. As stated by Miller (2015), a business enterprise needs to know which information it posses and where such data is stored. This step helps the organization to determine their sensitive information as well as the number of people in the organization that have access to such information. Subsequently, a business needs to profile and classify its information accordingly. As not all data is created equal, organizations should catalog their information as either confidential, secret or public. Cataloging information enables an organization to adequately and appropriately identify trade secrets and helps to implement measures to keep specific trade secrets protected and confidential as well as having a clear definition of what the business considers as a trade secret.

In addition to identifying and cataloging business information, the employers, in drafting restrictive contractual agreements, need to consider various other factors. For instance, the employers need to define the role of the employee in the organization and the possible required protection in the event the employee leaves to work for the competition. Furthermore, the evolution of the business and the roles of the employees need to be considered as well as maintaining consistency of treatment in the organization for employees with similar functions. Another consideration for the protection of information is by restricting employees to only those areas in which the employee is personally involved, in case the organization is engaged in various types of businesses (Lexology, 2017). Additionally, restrictions should not be placed on employees for any longer than it is necessary. Contractual agreements should reflect information that has a limited shelf life as there is information that is confidential for a specified amount of time before it is released to the public domain.

With regards to the considerations mentioned above, various organizations have developed various means by which to deal with the protection of their information. Although there are various measures to ensure security and confidentiality of information, they are majorly based on similar principles. A chief component in most protection strategies is the establishment of keys agreements that are regularly reviewed and updated. Some of the core agreements utilized by most businesses are non-compete agreements aimed at preventing employees from working for the competition; and confidentiality or non-disclosure agreements aimed at dissuading employees and other third parties from disclosing organizational information. Non-compete and non-disclosure agreements are the most common of agreements that are aimed at protecting confidential information within organizations. For employees that will have access to confidential information, companies require that they sign an employment contract which contains non-compete as well as non-disclosure provisions (Mintz, 2016). Although it is at times challenging to enforce non-compete provisions in the employment contracts, confidentiality provisions are easily enforceable.

The two other commonly utilized agreements utilized by information protection policies within businesses are the non-solicitation agreements meant to prevent former employees from poaching former colleagues with offers of a new job; and telecommuting agreements that ensure employees are aware of confidentiality expectations when working remotely. While the four main agreements stated above apply to the majority, if not all the businesses, as stated by Kroman (2017), it is necessary for every organization to recognize that their enforceability varies depending on the circumstance. As such, there does not exist a one size fits all approach thus every business should develop protection policies specific to their organization. However, employment contracts for employees that have access to sensitive business information often clearly identify confidential information as well as provisions that obligate the employee o return all confidential information in the event of termination of employment.

Another strategy employed by businesses in the protection of information within the organizations is ensuring that the policies put in place educate the workforce and prevent leaks of trade secrets. As such, protection policies in most organizations include discussions on various topics such as the labeling of information. According to Kroman (2017), if an organization does not take the adequate steps to treat and label its confidential information as confidential, legal protection may be lost. Also, marking information as confidential serves as a practical deterrent for an individual in the organization to abuse or share the information. Organization protection policies are also tailored to limit disclosures and access. Organizations with confidential information are careful in restricting access to information to only those people in the organization who "need to know." By implementing the "need to know" strategy, organizations strengthen their legal positions as well as assist in establishing a roadblock to access to sensitive information (Miller, 2015).

Employee training on protection policies is another mean by which organizations are ensuring the protection and confidentiality of their information. Although a business may have put in place adequate information protection measures, without proper training on the need for the protection of trade secrets to the workforces, such actions will be ineffective. Employees in various organizations are thus being taught and regularly reminded on why and how to protect confidential information. Such Training emphasizes the things that the organization considers as trade secrets. Furthermore, training is conducted for all new employees and on a regular basis, often annually, for all other employees (Mintz, 2016). Training on protection policies is typically carried out through an online program as well as live training events such as webcasts whereby members in the legal department discuss confidentiality trade secrets directly with the employees. Regular companywide email reminders often supplement such online programs.

The addition of a confidentiality policy in the employee handbook that compliments the confidentiality provisions in the employment contracts is also a favored strategy in most organizations in the protection of information. The confidentiality policies contained in most organizations' employee handbooks detail the procedures for dealing with trade secrets and confidential information. For instance, most protection policies require that documents meant to be destroyed should be shredded as opposed to simply disposing of them in the recycle bin. Furthermore, such handbooks also outline the process which employees ensure the confidential materials and documents are marked as "Confidential" or other labels that identify that such materials are treated with care and disposed off appropriately (Kroman, 2017). Disciplinary policies in the event of a breach of confidentiality are also outlined in the staff handbook. Naturally, the written policies in the employee handbook, as well as the disciplinary policy, should be consistent with the confidentiality provisions stated in the employment agreements. Furthermore, disciplinary policies cross-refer and tie into the confidentiality covenants to ensure the employees recognize that the misuse of confidential information will be treated as gross misconduct which may result to dismissal.

Protection of information within the organization also entails the recognition of warning signs of an employee or employees that may misuse confidential data. Businesses nowadays thus have also put in place measures that are aimed at identifying such warning signs and dealing with the situations before substantial damage has been done. Unhappy employees are among the biggest risks to confidential information in organizations. As such, members of the legal, management and human resource departments are regularly trained on how to identify warning signs (Mintz, 2016). For instance personnel in the departments mentioned above are required to closely observe employees that have been passed over for promotions have received layoff notices, and refuse to conduct exit interviews or those that have refused to follow a performance improvement plan. Furthermore, employees that show excessive interest in matters that are outside their role in the organization, unnecessarily copy propriety materials, disregard various protection policies mostly pertaining to computer policies and work odd hours without authorization also present a considerable risk to the safety of trade secrets and as such are investigated further to determine their motives.

Additionally, departing employees are also a significant risk for trade secret and confidential materials theft. Consequently, organizations make use of exit interviews to ensure the security of their trade secrets. During exit interviews, the departing employees are given a copy all the confidentiality agreements they signed during the employment. Also, the employee is obligated to surrender all confidential information in his or her possession and reminded of his or her obligations on the misuse or disclosure of trade secrets to third parties of future employers. Furthermore, businesses also notify the new employer through a business letter explaining the confidentiality obligations of the departing employee (Lexology, 2017). Such a letter has the effect of communicating to the new employer that any implicit or active action taken to influence the new employee to divulge confidential information will be liable to legal action.

Conclusion

Ultimately, businesses need to carry out an extensive audit of the information they possess so as to determine which information needs to be protected. Such a review also enables an organization to assess the risks and consequences that may result in the loss or disclosure of confidential information. Furthermore, in the evolving workplace, the growth of new technology...