Confidentiality of information is a particularly important part of maintaining and operating a Company. In addition to creating appropriate barriers to access information for organizations/individuals outside the company, preventing the dissemination of confidential information from internal sources, especially from its staff is essential for the management and ownership of every Company.
Accordingly, the commitment to confidentiality of information should be specified in the labor contract between the employer (company) and the employee (staff), or in other written agreements between the company and its employees to ensure confidentiality of important information and create a legal basis for taking appropriate action in case of violation.
In this article, we shall focus on analyzing regulations related to information security in labor relations
According to the provisions of the current Labor Code, there are no specific regulations defining the meaning and scope of information security. Some current regulations that address information security issues such as such as stipulations of the contract include:
“If the employees’ job is directly related to the business secrets or technological secrets as prescribed by law, the employer has the right to sign a written agreement with the employee stipulating the protection of the business secrets or technology secrets. Benefit and the compensation in the event of violation by the employee shall also be included in the contract”.
Accordingly, the employer (Company) has the right to agree in writing with the employee on regulations related to the protection of “business secrets” and “technology secrets“. In addition, the Labor Code also stipulates that the company can specify the protection of assets, business secrets, technology secrets, and intellectual property of the company in the company rules and its internal documents and has the right to discipline employees who disclose business and technology secrets.
However, the Labor Code does not specify and define the concepts of “business secret” and “technology secret” yet. In fact, this concept is being understood in a narrow sense, i.e., business secrets and technology secrets do not entirely cover the information that a company needs to keep confidential. For example: personal information of company employees and customer information are not obtained from financial, investment and intellectual activities but can be used in the business without disclosure.
Non-Disclosure Agreement (“NDA”) or Confidential Disclosure Agreement (CDA), or Secret Agreement (SA), or Confidentiality Agreement (CA) is a written agreement between at least two parties for protection of confidential information, which may include but not limited to information obtained from business operations, financial investments, intellectual property, and other information relevant to and potentially useful in business, information of commercial advantage, information accessed by employees in the process of employment, etc. for the purpose of protecting such information from environs and access by third parties.
In other words, an NDA is a legally binding agreement for the purpose of protecting information and establishing a relationship of trust between the parties to the agreement.
In labor relations, NDA is often used for the purpose of protecting the Company’s information, business secrets, and customer information from unauthorized disclosure and illicit use.
To create a binding legal relationship between the parties, NDA is required to be in written format and can exist in the employment relationship in the following forms:
There are currently no regulations on the required contents of an NDA. Therefore, the company may consider drafting an NDA with the following basic contents:
3.1 Definition and scope of confidential information
The Company sets forth the definition and/or scope of confidential information and/or lists the confidential information and criteria for determining what amounts to confidential information.
Confidential information includes all information that the employee accessed during the performance of the contract with the employer related to management, operation, technology, products, services, business strategies, marketing or financial information, customer information of employer or any business entities affiliated with the employer, and any confidential information received by the employer from third parties.
3.2 Expression of confidential information
Confidential information is expressed in various forms including but not limited to: information, documents, papers, records, electronic files, text files, data, email messages, voice recordings, conversations, video recordings, electronic data, etc.
Accordingly, the Company may list the forms in which confidential information is contained or may describe the manner in which confidential information is contained or collected.
3.3 Time and space of commitment
The Company shall ensure the rights of employees to stipulate the time and space of the commitment based on a balanced assessment of the interests of the parties, the ability to protect information, and competitive advantages and at the same time. The duration can be the term of the labor contract or a specific term even after the end of the labor contract. The space of commitment can be a geographical at the provincial or national level, or the space in terms of industries and fields.
Reference: NDA is valid throughout the territory of Vietnam – from the time the labor contract takes effect until 02 (two) years after the labor contract expires.
3.4 Liability and compensation for damage
Regulations on liability of the employees and compensation for damage should be based on the principle of ‘compensation in proportion to the damage’. The regulation is aimed at preventing employees from failing to comply with their commitment to information security. In addition, companies need to develop a system to prevent and handle the violating party or even a third party when such commitment is breached.
In addition, to encourage compliance among employees, the company may consider providing employees with adequate benefits and allowances for complying with NDA strictly.
The article is based on applicable law at the time noted as above and may no longer be appropriate at the time the reader approaches this article as the applicable law has changed and the specific case that the reader wishes to apply. Therefore, the article is only for reference.