Privacy Policy

Confidentiality and Security of Information

 

Policy

1.   Preface

In today’s digital age, companies need to have a competitive edge in order to achieve a level of success in the business environment.  Real-time business requirements and economic drivers have necessitated the development and acquisition of new and useful information as a stepping stone to creating new and improved goods and services. Seen in this light, security assurance and data confidentiality have become increasingly important for businesses to protect themselves from outsiders who may knowingly or accidentally leak confidential information pertaining to the company.  In this context, if there is no measure of protection for confidential information, competitors may use the information gained to sabotage TCMHC’s functional processes or steal information for their own economic gain, thus causing TCMHC to lose its competitiveness.  This Data Confidentiality Document will therefore cover extensively the company’s attempts to restrict access levels for all information, especially sensitive ones like trade secrets.

 

2.   Definition and Risk Assessment of Trade Secrets

From a top-down perspective, TCMHC’s Management Team provides the impetus for protecting the company’s trade secrets. Trade secrets may be defined as information which is unknown to business circles in the same field, confidential information which may render economic benefits to competitors, or information in which reasonable efforts have been made or are required to maintain its secrecy. Examples of trade secrets include customer lists, prototypes, professional information, marketing and sales strategies, operational procedures such as bookkeeping, as well as proprietary technological information linked to the development of intellectual property and products.

TCMHC may face risks from software and hardware misuses from a number of internal and external stakeholders such as employees and students. For instance, these stakeholders may be the victims of hackers and crackers who can launch spoofing and denial of services attacks from a conjured list of known vulnerabilities and techniques, thus compromising the integrity of TCMHC’s official website. Another example is when an employee or student willingly steals and/or releases information to a third party competitor for economic or monetary benefits. On the flipside, internal stakeholders who do not take security seriously due to lack of knowledge or indolence may accidentally compromise TCMHC’s trade secrets. As a last point to note, physical threats like bombs and natural disasters like fire, floods and other acts of God must be considered, and potential measures should be in place as a preventive measure.

 

3.   Forms of Protection

TCMHC’s Management Team views it as important to explain to all stakeholders (especially employees) why information should be kept confidential and how to do so. On the former point, it must be communicated to all stakeholders that the company sets a top prerogative in protecting information assets from disclosure to any person not authorized to have access to them, and that those under obligation of confidentiality must be told when and who it is possible to disclose information. On the latter point, a number of functional controls can be put in place to prevent data leakage.

 

(i) Protection By Legal Frameworks

Trade secrets can receive a measure of protection vis-à-vis Non-Disclosure Agreements (NDA) or the insertion of Non-Disclosure clauses in contracts with internal and external stakeholders. In general, trade secrets are protected under obligation of confidence and their theft is considered unfair trade practice. An example of when this is applicable is when documents are marked as “Confidential” to restrict access to privileged members. Unauthorized disclosure would amount to a breach of confidentiality or breach of contract, and appropriate forms of legal jurisprudence may result, including but not limited to a termination of contract, fines instituted as compensation for damages, or police custody culminating in imprisonment.

Non-Compete Agreements (NCA) can be signed by employees upon their commencement of work to ensure that trade secrets acquired during the employees’ duties are safeguarded for a stipulated time period after they depart.

 

(ii) Access Control to Sensitive Information

TCMHC’s Heads of Department will be responsible for implementing access control to directories, databases, documents and password policies. Access control must be restricted to prevent unwanted disclosure of sensitive information to third parties and stakeholders uninvolved in the circulation of information. Importantly, at each level of information, it is important to indicate the Management Team as the body that authorizes the disclosure of information, and the Head of Department as system administrators in restricting access to information and issuing or discontinuing user IDs and passwords when necessary, for instance, in the case of new staff or leaving staff. The Documentation and Data Security Policy for Examination Papers and Results is a good example of TCMHC’s efforts to prevent unauthorized access, and allowing only lecturers and Operations Executives to view the privileged information as per their job scope.

 

(iii)  Intrusion Preventive Measures

It is also important to install and update antivirus systems, firewalls, and windows updates regularly to strengthen TCMHC’s operational apparatus as a hacker intrusion deterrence measure.

© 2014年 中医药与保健学院。版权所有。UEN : 200822303M - CPE Registration period 21-8-2018 to 20-8-2022 | 隐私政策