Policies and procedures, confidentiality agreements and, when necessary, non-compete agreements are vital to protect confidential information in businesses of all sizes. However, simply requiring your employees to sign a bevy of agreements and including a confidentiality section in an employee handbook might not be enough to get the buy-in necessary for success. Both new-hire and ongoing confidentiality training that includes a policy and legislative review, as well as role-playing and a question-and-answer session, can increase participation, which in turn makes policies and procedures more effective.
A basic curriculum should address topics that pertain specifically to your business. Common topics include business plans, employment records and personnel files, customer information, data stored in computer files, research and development strategies, financial information, marketing and pricing strategies and supplier information. Each training topic should help employees understand why confidentiality is important and what potential non-compliance consequences may entail, define any limits to confidentiality and teach employees how to handle confidentiality dilemmas.
Most training focuses on explaining confidentiality policies and procedures. For example, a security module can define the meaning of “need to know” and describe procedures for securing computers when leaving a workstation, even just for a moment. A communications module can identify authorized -- and unauthorized -- ways to identify and transmit confidential information. An information disposal module can describe procedures for shredding paper-based documents or wiping data from computer files or destroying a hard drive before disposing of an old computer.
Businesses subject to the Health Insurance Portability and Accountability Act of 1996 must include HIPAA policies and procedures in new-hire confidentiality training. According to the American Psychological Association, training must provide employees with the information they need to carry out their duties, not provide every detail about HIPAA and patient privacy. Topics cover collecting information, handling requests for information, record retention and access and handling breach-of-confidentiality situations. Most businesses conclude training with a multiple-choice or short-answer quiz to ensure employees master the material.
Hands-on Training Activities
Small-group activities are helpful for illustrating training concepts and for improving problem-solving skills. For example, small-group brainstorming sessions can be based on different scenarios such as water-cooler conversations, unauthorized persons requesting or accessing private company information and divulging research and development information to competitors that include confidentiality risks. Discussion and role play can encourage participants to identify consequences that a breach in confidentiality could raise. Once the activity is complete, the entire group comes back together and discusses the results.