Timings
- 00:15 - Scene 5.1 None of your business
- 04:55 - Discussion between Mike and Russell
- 09:20 - Duty of Confidentiality
- 10:45 - Obligations in a business
- 12:00 - Openness with competitors
- 13:05 - Family in business and confidentiality
- 15:30 - Intellectual Property (IP)
- 17:12 - Digital Confidentiality
- 20:03 - Tip #1 - Understand your obligations
- 20:51 - Tip #2 - Breaking a confidence process
- 21:23 - Tip #3 - Put security measures in place
- 21:57 - Tip #4 - Train your people on the privacy rules
- 22:03 - Tip #5 - Plan for a Breach
- 23:02 - What's next?
Useful Information
Confidentiality (@06:40)
Defining Professional Confidentiality in practice (@09:20)
- Ethical Principles and Code of Professional Conduct - Document (UKCP)
- Ethical Framework for the Counselling Professions - Article (BACP)
- Accounting Professional standards - Document (AAT)
- Code of Professional Conduct or HR/Personnel - Document (CIPD)
- Policing Code of Ethics - Document (College of Policing)
- The Police (Conduct) Regulations 2008 - Schedule (gov.uk)
Top tips for ...(@20:03)
- Know what you need to keep confidential
- Establish policies, processes and procedures to define what you do
- Protect the information
- Train the team in the requirements and the rules you've established
- Define what to do WHEN a breach occurs
Basic Technological Security ...(@21:23)
Episode script
CONTINUITY: Jakob has been unexpectedly invited to Nero’s for a midweek evening meal. Nero waits at the door as Jakob walks from his car to the house.
NERO: (incredulous bellow) 2 and a half million quid! Two and a half MILL-E-ON What the hell man?
JAKOB: “Man”? Never heard you use that before – what are you yelling about?
NERO: You are in to Sydeline to the value of 2 and a half million pounds already. With no revenue on the books!
JAKOB: How the hell do you know that?
NERO: Zelda told me at lunch. It was all I could do to stop myself falling off my chair.
JAKOB: What the…
NERO: It would have been cheaper for you just hand me the DB5 and go build yourself a new one from scratch
JAKOB: (irritated) Can we go inside please?
NERO: Had better, you probably need a drink and a lie down
JAKOB: humph
NERO: Take a seat Jake
JAKOB: Its… Oh stuff it. What in gods name did Zelda tell you?
NERO: She gave me a full update on the works at the unit, the product line, the whole nine yards. I was impressed until she showed me the balance sheet. Honest to goodness I nearly swallowed my gold tooth
JAKOB: Firstly, I’m not happy about this. I will have to talk to Zelda about this breach of confidentiality. Secondly, it’s none of your business how I go about making your daughter a successful business owner.
NERO: It is when I’m your friend too
JAKOB: Well, yes, I guess. However, things are a little different now – we’re in competition both in the product marketplace and..
NERO: (interrupting) I gave up on that product line you know
JAKOB: I know, I know, but Zelda is confident she can iron out what you couldn’t
NERO: And my 12 person product development team
JAKOB: Yes, yes and them
NERO: And my marketing team, sales team and manufacturing people
JAKOB: Yes, yes, yes… All them too
NERO: Honestly I wish she’d piped up at the time (tongue in cheek)
JAKOB: I bet… Anyway, we are in competition
NERO: ish
JAKOB: ALRIGHT! We are looking to compete with you …ish AND we have a wager
NERO: And you fancy my daughter
JAKOB: Yes, no. That’s not the point
NERO: Asked her out yet?
MUM: Oh hello Jake, so lovely to see you. Is Zelda with you?
JAKOB: Hi Mrs Zero, lovely to see you too. Were you expecting Zelda too?
MUM: Oh call me by my christian name Jake (embarrassed)- she was coming too Nero, wasn’t she? Carlos and I are banging out a wonderful dish in the kitchen – it’ll be ready soon
NERO: Yep (wrying smiling at Jakob) She should be here any…
(Doorbell)
NERO: Oooo, speak of the devil….
MUM: Zelda! So nice to see you midweek
ZELDA: Thanks mum
MUM: Jakes here
ZELDA: Is he? Wh… where?
MUM: In the lounge – I’m just off back to the kitchen to finish off with Carlos
ZELDA: Hi dad, Hi J
NERO/JAKOB: Hi darling/Zelda
ZELDA: Didn’t know you would be here tonight, this is nice
JAKOB: No, we were both kept in the dark about that (glaring at Nero)
NERO: I was just talking to Jakob about your progress. You are certainly at it full steam ahead
ZELDA: Oh yes, we’re making great headway. I’m hoping to have the offices ready next week and start hiring whilst the factory roof is fixed. The machines start to arrive at the end of the month
NERO: Impressive. I meant to ask over lunch before I had that funny turn, how have you fixed that product line you’ve nicked from me?
JAKOB: Nicked? And say nothing Zelda, remember he’s the competition
ZELDA: Really? He’s my dad
JAKOB: And a potential competitor – you’ll need to watch what you share with this rascal in the future
NERO: (Grinning broadly) Who? Little ole me?
ZELDA: I never thought of that! Dad you quizzed me for 2 hours today over lunch
NERO: I’m interested darling… Anyway, have you two been out to celebrate your union yet?
JAKOB: Errr…
ZELDA: (excited) Ooooo, hadn’t thought about celebrating our partnership
NERO: You must… A nice meal, just the two of you
JAKOB: Stop it!
NERO: What?
MUM: DINNER!
Privacy Rules Discussion Transcript
MIKE: Oh dear, oh dear. What a wind up merchant Nero is proving to be! Anyway, regardless of his motives he has given us the topic for the week, and that is confidentiality. And to discuss this with me this time is not quite who we hoped, so, unfortunately Russell’s back….
RUSSELL: You must be delighted. It’s a shame our (former) friend and colleague was unable to join us… How do you want to do this then?
MIKE: Well perhaps we should start with explaining what our credentials for discussing confidentiality are firstly
RUSSELL: Ok! Well, if I kick off. I have been responsible for Information security in various local government bodies since 1997, when I was first appointed to a delightful role. At one point I was a Single Point of Contact for the Regulation of Investigatory Powers Act, when it was first introduced and operated in some businesses with some very sensitive data under its control… What about you?
MIKE: I’ve done a number of different bits. I’ve worked for some very sensitive central government departments with some very secretive and sensitive data. I’ve worked in the nuclear industry and there’s lots of sensitive things there. I’ve worked within pharmaceuticals and healthcare. So, yeah, some quite stringent security regimes I’ve worked within. Got the t-shirt on a lot of these things.
But I guess, in the things that you’ve done, you must have seen some bad examples of maintaining confidentially, quite often I would think.
RUSSELL: Yes, especially in the early days of early data protection it was very prevalent, it was very easy spot people which were fracturing the law. Everything from people forwarding email. We had one with a sensitive chain of conversations though email and then some attached that chain to a meeting invite. Including the person who was potentially go though a disciplinary with all the conversations that had gone though before. There’s been situations where people have deliberately shared private information with people they really knew they shouldn’t. And there’s always the accidental event; some have been quite severe, which I don’t want to go into because it could embarrass people. Information confidentiality is a very broad subject. It’s worth thinking about what’s going on in Sydeline?
MIKE: I think there’s numbers of areas of confidentiality and one of our areas in Gydeline is around personal data protection. But I think a lot of the issues in Sydeline are really around company confidential information, competitive information, that sort of thing. Because it’s not a great scenario where there’s two companies that in competition with one another that are sharing information. I’ve worked in a lot of competitive situations where either side of that competition would dearly want to know what the competitor is thinking, saying and it going to bid. I guess you put yourself at a disadvantage and your competition at an advantage if you share information too readily. Family or not, that ready sharing of information, warts and all, is not the best way forwards in business. Open and honest is great, but at the right time
RUSSELL: There’s also an aspect in certain industries, and I think you’ve worked in a few of them where there is a duty of confidentiality, where there’s a professional requirement – how can you explain what that entails?
MIKE: Those industries, and the nuclear industry is certainly an example of one, that there should be good induction and training in place to inform those individuals of what their obligations and what they should do. Things like Healthcare is an example where there are some quite onerous obligations on how you should and shouldn’t deal with things like sensitive patient data. So, this entails an awareness, but also an attitude around information and treating that information as something of value, an asset to the organisation. Much as you would just go a give your car keys or your laptop to somebody. Why would you give information willy-nilly. It’s an attitude as well as some controls that you might need to put in place as well.
RUSSELL: Yes, but as it happens, Zelda didn’t have a duty of confidentiality enforced on her be a professional body. She had no requirements there, but she does having an obligation to Jakob as a partner in the business.
MIKE: So what do you think they should have done to stop that being a problem in that case?
RUSSELL: Well, if nothing else, it’s something they should have talked about. We discussed this in previous episodes, having an agreement on how your partnership is going to work. Ok, they’re directors in a limited company but it’s still a partnership, they’re still joined together to give a common aim. There should be some form of ground rules. Something that says, this is what we share between ourselves, this is what we’ll share publicly and this we’ll keep company private. That could also extend out to shareholders where you would expect a certain amount of confidentiality in professional business meetings. You mentioned competition previously. We’ve both worked in the tricky world of telecommunications where there was this really strange juggling game of openness and confidentiality with competitors – Do you perceive that as a common dilemma, in your experience?
MIKE: I think it can be. There are some businesses that see everybody as a competitor. More and more organisations try to work in a partnership model where they either see business opportunities to work together with whoever those other companies are – a lot of the time that will be to deliver joint services to a customer but in some occasions they are in competition. It’s a dilemma but things like Non Disclosure Agreements and the way that company is organised or divided can help to minimise some of those issues. But there’s definitely the family aspect, in Sydeline, and the friends aspect. One does wonder if Jakob treats all of his investments in this way and whether he goes in without agreements. One also wonders if the competitors was someone other than your dad, then it might be a little less tricky to be hard-nosed about it.
RUSSELL: It has to be said that family business, or having family that’s in business together does create an additional complication. It’s a different dilemma- you and I are not family we go home to our respective locations and we have a separate personal life to a business life. Especially if you live in the same house you end up talking business. You’ll end up talking business in front of the children, or potentially bringing up fairly sensitive issues with friends or guests possibly because it’s on your mind or the subject of the moment. That becomes even worse if you start roping in difficult staffing problems. If you’re not a large company, it can be very easy for your friends and family, that are not in the business, to quickly identify who you’re talking about even if you’re a little vague on it. Because a job title or a description of somebody might easily identify them – all of sudden you confidentially is blown your business professionalism is blown.
MIKE: There’s any number of avenues that might get opened up as part of those seemingly innocuous conversations. If you’re talking about money or finance you might expose some weakness or even some opportunity that you’re intending to go for that your competitor might ben able to exploit. Ideas that you’ve had. Things that you’ve created or might want to create that could be potentially stolen. Any technical flaws you might have, there are any number of things that could be used against you. So it’s a tricky area.
RUSSELL: You mention that, and going back to the phrase that Nero used, that they’d nicked the product line. That’s an Intellectual Property issue, or IP as it’ can be lovingly referred to on occasions. How would you describe Intellectual Property to anyone who has never thought they have any in their business?
MIKE: It’s an interesting one as every business has some form of IP. The easiest way to think about is that it’s something you created but it doesn’t have to be a physical thing it doesn’t have to be a tangible object. There are many different examples of what this creation you have made is. It could be designs, ideas, blueprints, symbols, names, logos, any number of intangible thing that you’ve created could be a piece of IP. It could the way you do something, a process or even an approach to something. Anyone listening out there, really have a good think about areas of IP that you’ve got and then those areas of IP where you might need to think about being cautious with and protecting.
RUSSELL: So that use of the word nicked. Could hide an underlying problem. That product could be part of a registered design or a patent or something. He doesn’t appear to be doing anything about it, though, having said that.
MIKE: Hmmm, Not at the moment. We’ll have to see if anything happens on that front in the future. I guess we talk about confidentiality without talking about how technology affects this. We are very much as digital business. It’s getting bigger and bigger in every business. There aren’t many that rely solely on paper or lack of technology so. Given that the hackers and those that would do us harm are always one step ahead. Is it something we can completely mitigate, or do we have to accept that we can get information stolen? What do we do?
RUSSELL: Obviously we don’t want to just accept it. That would be like saying I got stuff in my house and eventually it will get nicked, no matter what I do
MIKE: You don’t leave the front door open and the windows unlocked and then say, oh, somebody nicked my things! If the doors and windows are locked, then you did what you could
RUSSELL: That’s absolutely right. You’ve got to do what you can to protect your data. The problem with any of the measures that you see, your anti-virus you’ve got or your anti-malware or any of the ‘anti’ devices you might install on a piece of hardware, and you might have physical precautions that you put in place. Like where you store your computer equipment. All these things, people are constantly, if there’s a benefit of them getting access to your technology, your data, then they are going to work a way to try and break it. You can’t actually ever get rid of the risk and the real problem is, in this digital world, you got to constantly keep up with it. It sounds like a burden, but there are people out there to help you
MIKE: I would draw us back to a comment made earlier in the conversations. It’s all about attitude and people and approach. If people have the right thinking around technology and security and they’re thinking about and aware of it, the biggest mitigation that you can have, rather than trying to put every single measure you can think of in place.
RUSSELL: Yes, otherwise you just end up with this horrendous technological burden, security burden which, apart from being expensive to implement, would be expensive to maintain. It could also make you working environment difficult, there has to be a balance in maintaining confidentiality, technical security against being able to operate a business.
MIKE: Absolutely.
RUSSELL: So, we do ask our experts to sum up with some top tips – give us one to kick off…
MIKE: Understand whether you have any duties of confidentiality, any obligation, any professional standards that you need to abide by. Whether you’re and accountant or therapist or a clinician or anything like. If you got something you need to abide by you need to make sure you aware of those.
RUSSELL: I’ve put some examples of some of those codes of practice on our show page for this episode. You also need to understand the situations when you may have to break that confidentially, they do exist. There’s something called the Police and Criminal Evidence Act which enables the Police to come in and request of you…
MIKE: And even that’s not cut and dried. If you get a request you’ve got to validate it and make sure they aren’t just fishing for information and that they’ve got a legitimate reason for requesting you break that confidence.
RUSSELL: That brings us to protecting the confidential information – Set your policies, processes and procedures up and for paperwork in filing system ask yourself, who has access, are the rooms and cabinet secure enough. Is t sufficient for the data I’m storing in there.
MIKE: As for storing information on technology. That’s got a whole different set of challenges. You’ve got to make sure it’s stored securely, transferred security and that there are measures in place. And then back to informing your people about the rules and requirements they need to follow.
RUSSELL: Finally, make sure you are clear on what you would do if confidentiality is breached. How would you report it and record it. Then you might have to deal with the fall out, telling the affected people of the breach, and organisations, and then you might need to work to manage professional bodies, if you’re a member of any. You may even need to get in touch with the media and make sure you’re well training in the media to so you don’t do a Gerald Ratner on your situation.
MIKE: Yes, and for all the listeners out there, if you’re doing data breach processes for your data protection, then that’s a good template for how to deal with breaches in confidentiality. So make sure you’re up to date with that. These all good basic tips to give confidentiality a chance in your organisation. So that’s about it for confidentiality at the moment… I doubt this will be the last time it raises its head in Sydeline
RUSSELL: We’ll have to wait and see, but I think you’re right. That leaves me to wrap up this episode and encourage you to get busy liking, rating, sharing and commenting on the podcast site you’re using.
MIKE: There is always the opportunity for you to be a guest in a future episode, we’re already have a healthy line-up
RUSSELL: Unless we get more no-shows of course
MIKE: I’m sure he was just very busy! So… if you have a hot topic to discuss, I’m sure Sydeline might suffer a related issue in the near future for you to comment on. Check out the show notes page on our website and we look forward to you company next time in “I Have A Dream” in which Zelda’s premises are coming together… Or coming apart, I wonder which!
RUSSELL: I wonder…
