In my last Security Policies Tip, I offered three best practices for developing your organization's information classification policy to help users determine how to classify information assets. Your organization's information classification policy should address two types of confidential information: competitive-advantage (trade secret) and personal information. When writing your policy, it's important to take into consideration the laws surrounding both types of information.The laws regarding competitive-advantage information were developed from the duty of good faith imposed generally in commercial dealings. A trade secret is commonly defined as information deriving actual or potential economic value by virtue of its not being readily ascertainable through proper means by the public, and which is the subject of reasonable efforts to maintain its secrecy. The legal system protects the owner (in our case the organization) from someone who uses improper means to learn the trade secret, either directly or indirectly. Therefore, anyone using improper means to learn the trade secret has breached a duty of good faith dealing with the trade secret owner. The breach of that duty of good faith usually takes the form of an abuse of a confidence, the use of improper means to ascertain the secret or a breach of contract. Anyone involved in the breach of that duty is liable for trade secret stealing. The laws governing trade secret and competitive-advantage information are well established and offer substantial penalties for non-compliance. The Economic Espionage Act (EEA) of 1996 provides...
About the author
Tom Peltier has been an information security professional for more than 25 years. He has written books on information security policies and contributed to several books on CISSP preparation, and computer and data security.
- You shouldn't be developing your organization's security policies by yourself. Find out who should be sharing the responsibility in this tip.
- Learn what components should be included in each of your Tier-1 Policy statements.
- Thomas offers an overview of Tier-1 Policies, beginning with this tip.
This was first published in January 2008