Responsible Practices
ANNOTATION
- Conspicuously designating as 'confidential' so that personnel can immediately recognize it.
- Documents marked 'CONFIDENTIAL' on each printed⁄electronic page.
EXAMPLE
"This e-mail message may contain privileged and⁄or confidential information, and is intended to be received only by persons entitled to receive such information. If you have received this e-mail in error, please notify the sender immediately. Please delete it and all attachments from any servers, hard drives or any other media. Other use of this e-mail by you is strictly prohibited.
All e-mails and attachments sent and received are subject to monitoring, reading and archival by Company XYZ, including its subsidiaries. The recipient of this e-mail is solely responsible for checking for the presence of "Viruses" or other "Malware". Company XYZ, along with its subsidiaries, accepts no liability for any damage caused by any such code transmitted by or accompanying this e-mail or any attachment.
The information contained in this email may be subject to the export control laws and regulations of the United States, potentially including but not limited to the Export Administration Regulations (EAR) and sanctions regulations issued by the U.S. Department of Treasury, Office of Foreign Asset Controls (OFAC). As a recipient of this information you are obligated to comply with all applicable U.S. export laws and regulations."
DOCUMENTATION
- Clear conference rooms and chalk⁄dry erase boards after use.
- Close and store lab notebooks.
- Adhere to company policies regarding data⁄ information movement off-site.
- Confirm CDAs with visitors, job candidates, etc.
- Follow established document retention and destuction policies (including e-mails, text messages, etc.).
- Log-off and password protect compters.
- Discuss information security strategies with your IT Department on how to properly secure networks and any computers and laptops in the company (See Lecture 16).
PHYSICAL MEASURES
- Requiring escorts for visitors. Offering assistance to unescorted visitors.
- Restricting conversation topics in public locations.
- Storing information hardcopies in a locked site.
- Placing sign-in sheets at reception desks.
- Restricting access to information to a limited number of individuals.
- Requiring visitors to oblige confidentiality before accessing premises.
- Requiring employees to sign a nondisclosure agreement (NDA).