There are many businesses that collect sensitive personal information about customers.  It is timely for all businesses to remind themselves of basic steps they can take to protect customer information.

Pro-active employment policies

We recommend employers adopt pro-active policies and workplace rules.  As with all workplace policies, these should be communicated clearly to all employees.

Suggested policies may include rules such as:

• Sensitive information is not to be released without consent.
• Rubbish is to be securely disposed of.
• Email addresses must be carefully entered.
• Email tails must be deleted before emails are sent on, or replied to.
• Technology must be logged out of when employees leave work.
• Portable devices with client information on them should be protected by passwords or encryption.
• Clear guidelines on where and how information can be accessed remotely.
• Alarm codes, passwords, and security details must be protected.

Protections within employment agreements

Customer information can also be protected through well-drafted employment agreements.

We recommend as a minimum:

• Employees agree to protect confidential information through a clause in their employment agreement or through a subsequent confidentiality agreement.
• Employment agreements acknowledge that the employee is aware of, and agrees to comply with, the employer’s workplace policies.
• The employee should agree to return corporate devices on the termination of their employment.