compliances , policies , security

Sample – Data Disclosure Policy

February 2, 2013

Introduction

The disclosure of confidential information to unauthorized persons can result in serious and irreparable harm to the company and its stakeholders, including employees, suppliers, dealers, merchants and customers. Protection of such information is the responsibility and obligation of all employees, retirees, former employees and any others who have executed confidentiality agreements with the company, such as contingent workers, dealers, merchants or suppliers.  Each individual is expected to apply this policy with good business practices to achieve a practical degree of information security.

This information will be classified according to the degree of confidentiality required to protect the company’s business.  Four classification levels will be used:

  1. Restricted,
  2. Confidential,
  3. Personal & Confidential, and
  4. Unclassified.

The classification level will determine the appropriate marking, access control, transmittal, encryption, storage and disposal procedures to be applied to the information. The principle of minimum collection, storage and retention should apply at all times.

Compliance

This policy is intended to instruct all corporate employees worldwide in the consistent classification, handling, and protection of information company-wide without limiting its natural and necessary flow.  This includes but is not limited to the following information:

  1. Physical Information such as letters, documents, memoranda, reports, records, forms, reproductions, drawings, photographs, slides, films, graphs, charts, microfilms and video recordings.
  2. Electronic Information such as documents, e-mails, Instant messaging, text messaging, engineering or product related data, facsimiles, visual displays and electronic data storage devices such as disks, flash drive, thumb drive, CDs, DVDs and audio recordings.
  3. Oral Information such as conversations and telephone calls.

Non-Compliance

Omissions or failures to properly classify and mark a document should be corrected immediately.  Such omissions or failures shall not change the proper classification of the information or waive any right of confidentiality on behalf of the company.

Violations of this policy leading to the unauthorized misuse or disclosure of classified information may result in disciplinary action in accordance with applicable human resources policy.  Additionally, individuals may face civil, contractual or criminal liabilities as a result of the misuse or improper disclosure of classified information.  This paragraph is subject to the applicable data privacy, confidentiality, and employment or labor laws of the country of employment.

Reporting Violations

Misuse or unauthorized disclosure of classified information should be reported to your supervisor, unit management or the Center for Global Business Conduct.

Exception

Information pertaining to acceptable physical and technical safeguards is available from your unit security or information technology organizations.  The Global Security and Corporate Information Systems Computer Security organizations have additional information.

www.bestitdocuments.com