The WikiLeaks saga continues and it’s not just a headache for the government.
All entrepreneurs and business executives should treat this as a wake up call, and review how they protect their confidential business information and intellectual property from unauthorized disclosure. Often, the greatest risk comes from internal leaks, rather than external security breaches. To date, the WikiLeaks site has primarily depended on the employee or other insider who leaks confidential information in the first place.
Trust is not enough to protect your company, so here are some tips for reducing your company’s potential risk of a leak and legal liability.
Identify your ‘mission critical’ information and keep it on a need-to-know basis.
What information would hurt your business if it were leaked, and who has access to it? Even if you don’t have a top secret formula like Coca Cola, your company probably has trade secrets that need to be protected and even potentially embarrassing information that would shine an unfavorable light on your brand or reputation. Generally, trade secrets are know how that gives your company an advantage in the marketplace, and can include business plans and even other people’s private information — namely in the form of customer lists.
Remember, for your confidential business information to receive protection under the law as a trade secret, you must start by taking reasonable precautions to safeguard it — generally by limiting access to that information.
Legally protect your information.
In addition to limiting access, you can set up additional legal protections to discourage illicit leaks. Confidentiality or nondisclosure agreements should be signed by all employees and independent contractors, and also by current and potential business partners. Always ask these parties to sign the agreement before you share any sensitive information.
Consider adding a section to your human resources handbook spelling out the responsibility of every employee to protect confidential information. Policies can discourage illicit leaks, and give you a legal advantage should the information get out, despite your best efforts.
Track and monitor access to, and restrict copying of, confidential information.
Bradley Manning, the soldier who allegedly stole classified military documents and passed them on to WikiLeaks, allegedly pretended to listen to a CD of Lady Gaga, while he was actually copying classified cables onto the same CD.
This could have been easily prevented if there had been technical safeguards in place to prevent an employee from copying information to a CD or zip drive. Once reasonable security measures are in place, monitoring for uncharacteristic behavior can also help identify suspicious activities that might indicate a potential leak.
Protect yourself from user liability if you are a service provider.
Smaller companies should take a lesson from the big service providers that denied services to the WikiLeaks site. Amazon, PayPal, Visa and others cited breaches in their Terms of Service agreements as justification for denying service to Wikileaks. Whether or not there was government pressure on these service providers, it’s likely that the primary motivation for dumping WikiLeaks was to protect themselves from being liable for the alleged illegal activities of WikiLeaks. Learn from these big companies and put good contracts in place to protect your company’s liability — and avoid being at the mercy of someone else’s actions.
Charley Moore is the founder of legal services website Rocket Lawyer and publisher of the Legally Easy blog. He submitted this column to VentureBeat.