Protecting confidential information is an individual and collective responsibility at MBO. Independent professionals and enterprise clients trust us to prioritize and secure the best interests of everyone we support.
When in doubt, always assume that information is confidential — and safeguard it according to the guidelines listed below (along with any other methods suggested or requested by companies you work with).
Certain enterprises make a point of only engaging independent professionals willing to sign and honor specific non-disclosure agreements (or NDAs) prepared by their legal departments. But in all scenarios, signed NDA aside, we expect that members of the MBO community will consistently respect and protect sensitive information of every type.
Examples include but are not limited to:
- Personal information
- Social security numbers, bank account numbers, credit card numbers
- Processes and plans
- Policies and procedures
- Trademarks and patents
- Sales data and plans
- Marketing data and strategies
- Financial statements and data
- Customer and supplier lists
- Relationships with third parties
Safeguarding strategies and best practices
Whenever accessing or processing confidential data:
- Do not transmit confidential data via wireless technology, email, or the Internet unless the connection is secure, or the information is encrypted.
- Password-protect all confidential data, and accounts with access to confidential data.
- Do not share passwords, and do not write passwords down.
- Do not store unencrypted confidential information laptop computer/desktop computer's hard drive, USB drive, CD, flash memory card, floppy drive, or other storage media. Eliminate the use of forms that ask for confidential information whenever possible.
- Always lock computers, offices, desks, and files that contain confidential information when unattended.
- Do not publicly display confidential data or leave confidential data unattended.
- Do not share confidential documents or information with anyone unless required by government regulations or business requirements. Be prepared to say "no" when asked to provide that type of information.
- Do not communicate confidential information to others unless you know they are approved to handle confidential information.
- Immediately notify the data steward if you suspect confidential information may have been compromised.
Additionally, it is never permissible to use any inside or confidential information to buy or sell securities of any company or client — or to ever use customer contacts or lists to solicit business.