Every few months, the story repeats itself: Company X suffers a major security breach or unexpectedly enters a legal battle due to an industry compliance violation.
Following misrepresentation by (un)authorized third parties, Company X then faces a wave of lawsuits and reduced revenue because consumers no longer trust them to conduct business ethically or protect their records. For business owners, these cases are the stuff of nightmares. If something like this can happen to global companies, what defense does the average company have?
Fortunately, there are several steps small businesses can take to protect themselves. It starts with creating a “compliance culture”—a workplace operating on a set of policies that foster compliant behavior as everyday best practice.
Write a Policy Manual
Begin by writing a policy manual that outlines the rules and expectations for your employees. This manual will serve as a reference of “good conduct” when it comes to data security and compliance rules. Your policy may, for example, forbid employees from sharing login credentials with co-workers. It could outline the expectations for personal engagement or conduct. It may also mention how to request time off or vacation. Get specific—doing so will save time in the long run.
Build Your Own ‘Chinese Wall’
If there is a conflict of interest within the company concerning clients, implement a “Chinese Wall.” Meaning, make sure employees with a conflict do not have access to documents or information pertaining to the interested party.
As an example, you might employ John Doe, and his mother in-law is a business client. Company policy should prohibit John from accessing her confidential records, and an alternate, nonconflicting employee would be assigned to her account.
Restricting access to files the company maintains is vital in creating a legitimate Chinese Wall. Rather than all employees having access to everything, it is best to restrict staff to only those files or programs necessary for his or her employment. Making an exception is easier than looking for a leak.
Implement Nondisclosure and Noncompete Agreements
A nondisclosure agreement (NDA) should be signed before the employee begins work with the company. It also is designed as an agreement between businesses when discussing the manner in which business is performed, or how services or products will be rendered to the client. Well-drafted agreements will illustrate the damages that may occur if companies in a similar industry are privy to that knowledge and the legal responsibilities for the party disclosing that information. Protect your trade secrets!
Alternatively, noncompete agreements identify the responsibilities of an employee who terminates his or her employment. Businesses often entrust very sensitive client and operating information to employees, so they can offer the proper services and products. The noncompete must clearly express that the employee cannot poach current clients or reveal detrimental information in the agreement.
Several states, including California and Texas, have their own limitations, and there are certain types of employees who are exempt from these agreements. Know the laws in your geographic area, along with the rights and responsibilities of your employees post-employment.
A compliance culture is critical for every business, regardless of size or industry. It is also important to be knowledgeable of the areas in your particular practice that would sustain damage by the behavior of a current or former employee. Develop a clear internal plan to deal with those situations. Your small business can thrive with a solid compliance plan.