In light of the recent events surrounding the Assessment of Professional Competence (APC) exam*, it has become apparent that we need to remind ourselves what confidentiality entails and the repercussions of a breach thereof. In its shortest form, confidential information is information that must be kept secret.

This is a concept that is applicable to businesses in general, as they try to secure trade secrets or proprietary information from falling into the wrong hands, leading to the loss of business or clients. Confidential information can also be categorised into employee and management information. Employee information is generally personal information while the latter could be information regarding pending terminations, disciplinary hearings, etc. As Chartered Accountants, RSM is also privy to information supplied in the course of professional duties. This shows how the issue of confidentiality affects almost everyone and is not some unfathomable concept.

How to protect confidential information

Employee awareness is probably the most important way to ensure that information does not fall into the wrong hands. Employers include confidentiality clauses in employee contracts and in their staff policy manuals but, chances are, there are very few people who know that there are such clauses, and there are even a fewer number of individuals who know what those few lines even mean. If there are contracts and policy manuals in place for your employees and other parties, that is great news. However, this needs to be explained very well to all affected. Prevention and deterrence is key, right? What good is a solid confidentiality/privacy policy or a non-compete agreement if you have already lost your biggest client(s) because no one trusts you anymore.

Below are a few of the (other) things you could do to protect confidential information:

  • Educate your staff on likely situations where they might unwittingly reveal confidential information
  • Educate staff on the penalties/consequences and be prepared to take legal action on perpetrators
  • Employee activity monitoring. This simply means conducting information security audits or document marking/assigning different levels of authorisation to employees
  • Change your password often or set-up/update your IT policies/procedures
  • Make use of firewalls, anti-spyware and anti-virus
  • Keep as little information on your computer as possible. It is advisable to save proprietary information on company servers.
  • Invest in a shredder
  • Install programs that block the downloading from company servers and distribution of documents

*the APC forms the second half of the Qualifying Examination (QE), which is a prerequisite to qualify for registration as a chartered accountant registered with The South African Institute of Chartered Accountants, i.e. a CA(SA). The first half is made up of the Initial Test of Competence (ITC), which assesses core technical competence.

Samuel Mapungwana

Audit Manager, Cape Town

Also read: Importance of independence in the assurance engagement