Nan DeMars
Ethics Training For Admins
Ethics Training For Employees
Conferences Keynote Speaking
You Have to be Kidding!

Office Ethics Columns

Confidentiality Maintenance

How do you protect yourself, the boss, and your company from prying eyes?

Dear Nan,
I'm an experienced administrative assistant and have never really had any problems with the confidentiality aspect of my job. My boss, however, has recently been promoted to CEO of our company. And now it seems as if both his office and mine have become Grand Central Station.
Officers float in and out (he has an open-door policy) with a barrage of questions about projects, budgets, etc. When my boss is out of town, they inquire about his travel schedule and what he's doing, and even enter his office and go through papers on his desk.
Thus far, I've been able to handle things and maintain confidentiality where necessary. But my boss and I are increasingly processing a huge amount of sophisticated, confidential information. I'm afraid the wrong person is going to get his hands on the wrong information. I also know if something confidential ever leaks, I'll be hung out to dry. How can I gain control of this situation?

You’re right to be concerned. Unfair as this may sound, if you don’t get a handle on this confidentiality aspect of your new position, it will be a runaway train, with all fingers pointing to you in the caboose. You have just described what is probably the foremost occupational hazard of the administrative professional of today: the maintenance of confidentially. The good news is that you are where the action is; the bad news is that you have to immediately establish boundaries and take control of that action.

Those formerly known as “secretaries” will recall the word “secretary” is derived from the same root as “secret.” The concepts of secret-keeper, protectorate, and confidante have been part of the administrative profession’s code of ethics since the beginning of the profession itself.

While most administrative professionals enjoy the pace and prestige of being the “go to” person, they also are aware that information is power. And some individuals will work diligently (and sometimes unscrupulously) to go through or around you to gain such information. Plus, the rules are different today. In the past, all you had to worry about was keeping people from reading papers on your desk upside down; now you have to worry about those same people reading your computer screen.

Arm yourself with my Ethical Priority Compass: Protect yourself first, your company second, and your boss third against all sorts of rascals both inside and outside the company who may place their personal interest above those of the company. Whether you like it or not, simply because of your position, you are the “side door” through which these individuals may try to creep because you’re in possession of so much of the company’s information.

Even ethical people are naturally curious and interested in what is going one, especially at the top. However, this natural curiosity bent may lead to the wrong people gaining confidential information at the wrong time. And you know the old adage that “a little bit of knowledge is a dangerous thing.”

Prepare for the Inevitable

Sit down with you boss and try to gain some understanding about managing sensitive information before it gets loose. Your boss will appreciate your professional concern and desire to protect his confidentiality.

  • Ask the boss to interpret his open-door policy. “An open-door policy is an approach by a person to be available. It doesn’t mean the work/information is available,” says Gwen Hurley CPS, executive assistant to the director of the Avalon West School District in Bay Roberts, Newfoundland, Canada. “When my executive is away from the office, I keep the door closed at all times. When he is out of town or out of the office for a period of time, I keep the door locked and the key in my possession.”
  • What employee/company information does your boss wish to know? Because you’re the information hub of the boss’ office, you see and hear a lot. It’s often difficult to determine what to share with your boss. Just be sure you both agree about precisely what types of information merit reporting back to him (e.g. an illegal act, a safety violation, or sloppy quality control).
  • Consider telling your boss you won’t bother her with trivialities or gossip, nor will you be a tattletale. Then, explain how you will keep in mind two guiding words: “job affecting.” If something is affecting the company’s overall well being or someone’s ability to do his job, you will so report. Otherwise, you’ll keep mum about everything else.
  • What documents are strictly confidential—for your eyes and your boss’ eyes only? Are there any exceptions, such as other officers, managers, etc.? What about his spouse and children? What documents are private only to your boss? He will appreciate the question.
  • Do you have authority to open any type of package or mail, including those items marked “Personal” or “Confidential?” How about reading the boss’ e-mail and listening to voicemail messages? One administrative professional had complete access to all her boss’ activities and permission to open all mail. She drew the line at opening his paycheck envelope, however; and, when she retired, her boss told her that special respect for his personal privacy was one of the many professional traits he always admired about her.
  • Besides you and your boss, who else has access to particular information? Under what circumstances? Be specific here, with examples such as “Can your travel schedule be shared with anyone?”
  • With whom, besides your boss, can you share materials relating to current projects? Any specific limitations or exceptions? Be sensitive to the political environment and turf wars. Ask about likely scenarios: “So, it’s OK if the vice president of sales comes in and looks at your sales projections?”
  • Does your boss prefer to personally approve all requests for access to restricted materials? And, under what circumstances are you authorized to use your own judgment regarding requests for access?
  • When your boss is unavailable, how should you handle requests from other personnel for information, documents, computer files, etc.? Be specific with examples: “If Ms. Martin, vice president of marketing, requests her department’s budgeting file, do I give it to her?”
  • Who else has the right to access your boss’ office and files and under what circumstances, and who has permission to remove documents from your or your boss’ office? Clarify your boss’ preferences. For instance, should you accompany them, stand next to them, and ask if you can help them find something? Should you document what is taken? A great question to ask: “Do your spouse or children have access to your personal file drawer?” A word of caution to protect yourself here: Tell your boss you will always report to her any such actions that have occurred and how you handled the situation.
  • Is anyone else allowed to use your boss’ computer? Are her computer files protected with a password? Should you know the password?
  • How are special records and documents to be protected? Examples: client list, corporate records, new product ideas, performance evaluations, salary information and other employee records, advertising and publicity campaigns, the company’s future plans to expand or downsize, lawsuits, financial records, forecasts, and contracts?
  • Under what circumstances, if any, are you allowed to talk to the media? Should you defer requests to someone else from the company, call the boss on the road, etc.?
  • What materials does your boss value most? A great question to ask: “If there ever was a fire in the office and I had time to grab only one or two things, what would you want me to save?” Here is your opportunity to establish some additional security, such as a backup copy of your boss’ most precious materials.
  • Does your boss have any pet peeves about confidentiality? Suggested questions: “If you get a phone call when I’m in your office, would you like me to leave until you have finished the call?” Your boss will appreciate the question because it shows respect for his privacy.

One final point: Keep in mind that perhaps the most confidential work products of your boss will be his current personal notes—that legal pad he always has in his hands, or those computer files or a special notebook. Whatever it is, it is probably always close by and not backed up regularly. Become familiar with these and watch out for them during those panic moments.

Is this kind of conversation with your boss worth it? You bet it is. “I passed along my confidentiality concerns, made them my boss’ problem also, and offered suitable suggestions,” says Hurley. “My CEO was pleased with my perception, my willingness to secure the offices, and my suggestions for implementation. Accordingly, he now stands behind my approach and is more assured of my reliability in this area because it was confirmed I was willing to take a stand.”

Words to the wise: some guidelines to protect yourself:

Prying questions from employees.

Immediately start communicating your rules regarding confidential information. “When people ask about my boss’ travel schedule or things I don’t feel are appropriate for them to know, I ask them ‘Why do you ask?’” says Teresa Davenport CPS, administrative assistant for Farm Credit Services of America in Perry, Iowa. “This politely diffuses them and allows them to think about their need to know. Maybe there is a legitimate reason, which you both can then determine.”

I have always believed the reply “I don’t know” reflects poorly on your professional status because you’re implying you do not have a position of confidence, and this diminishes you. Besides, is anyone really fooled? The questioner knows you know the information, and you know he knows that you know. Burdening yourself with a lie sends the wrong message also—namely, that you will lie under some circumstances. Suddenly, your integrity seems negotiable.

You can, instead, establish the reputation of saying “no” politely, firmly, professionally and consistently. A reliable response is always: “I hope you can understand I’m not able to share any information about that.” If they still persist, try this show-stopper: “Please don’t take this personally, but as a professional, I can’t tell you that.” Most of the time, they will know better than to pursue the issue. Granted, you will always run the risk of some people feeling you are a bit standoffish; but you will have earned their respect and trust.

Securing your work station.

“Take a good look at the physical area of responsibility (your office) and rearrange your furniture so you have visual and verbal control of the traffic flow,” suggests Patricia Knapp, executive secretary for Trinitas Hospital in Elizabeth, New Jersey.

Because you are the gatekeeper; it is appropriate your desk or office be positioned in such a way that you can control who has access to your boss. You also will be able to minimize needless interruptions because you can handle many matters on your own.

Protecting written documents.

“Don’t lead others into temptation” is your best guide to protecting written documents. It’s only natural for people to be tempted to at least glace at papers if you leave them in plain view. Your job is to protect the value of all information in your office.

A few suggestions:
  • Keep your desk clear of any papers you consider confidential. Flip your papers over even if you are just leaving your desk for coffee. Remember, snoops and thieves can be clever and persistent.
  • If you’re going to be away from your desk even for a short time, be sure all important documents are either placed inside your desk or locked in a file cabinet.
  • If you’re working on a confidential document that requires you to have a lot of sensitive materials on your desk for several hours at a time, you can avoid any curious traffic around your desk by scheduling to work on the project during off-peak times, or by setting up camp at another work station.
  • Always clear your desk before you leave at the end of the day and lock up anything you don’t want others to see. This includes check/deposit books, plans, schedules, correspondence, and even your manual note-taking books. It is always prudent to err on the safe side.
  • Neutralize or sanitize documents when you remove them from your office. Conceal them inside a folder or envelope, even if you are just hand delivering them to someone on the next floor. Someone standing behind you in the elevator may be able to see just enough to get the rumor mill cranked up.
  • If you carry confidential documents to and from work, or on business trips, keep them in a locked briefcase; and, never leave the briefcase unattended in public places.
  • Again, when attending meetings or conferences, don’t leave papers exposed where people nearby can see them. Make sure they are face down or in a protective folder.
  • When mailing confidential documents, seal them in an envelope marked “confidential.” Then, seal that envelope inside another envelope and mark that “confidential,” too.
  • Shred confidential documents, rough drafts, photocopies, and notes. Never dispose of these papers in a wastebasket or recycling box from which they can be recovered by the curious or dishonest.
Protecting electronic documents.

Deleted files can be recovered, network security is never perfect, and automatic backups may put a complete copy of your work for the day within easy reach of the wrong people. To avoid getting the “byte” put on you, learn the security limitations of your system.

A few suggestions:
  • Position your terminal screen in a way that prevents anyone from reading it. Be prepared for a quick sign-off, or use a hot key to engage your screen saver if potentially prying eyes approach your desk.
  • Know the limitations of your system. The computer is just another tool, not a black box that assures secrecy. Lean who in your company knows how to use your computer better than you do and use them as a resource. It is your responsibility to understand the realistic limitations of your system.
  • Develop a sound system of backing up and archiving files, and then stick with it. You may be your own worst enemy if you do not follow consistent procedures. You should be able to retrieve important files quickly, ensure they will be safe, and remove files you no longer want in ways that render them unrecoverable.
  • Store floppy disks in a locked area.
  • Use a password sign-on procedure to prevent anyone from accessing your hard drive without your permission. This is not unbeatable, but it slows down the casual interloper. Best system: use two passwords known only to you and your boss.
  • Sign off whenever you leave your terminal if working on confidential information—even if for just a short break.
  • Remove your printouts as quickly as possible from the printer.
  • Put your original program disks under lock and key. Remember, these are rarely used after the software is loaded onto your hard drive; so they may be borrowed and you wouldn’t miss them for months.
A few other security risks.

Don’t ever send anything confidential via the fax machine. Send the document by courier or overnight delivery if you have to or, if you absolutely must transmit something confidential on the fax, call ahead to let the receiver know the exact moment to retrieve it. Even though reading someone else’s fax is like reading someone else’s mail, not everyone treats faxes with this same respect.

Never leave a confidential (or serious personal) message on voice mail, because it won’t be confidential. Anyone can access one’s voicemail in a minute and the results could be devastating. Likewise, don’t say anything confidential on a cellular phone or speaker phone. Most cellular phones can be easily pirated. And, although a speaker phone may be convenient, it can also compromise privacy.

Follow the Golden Rule

That protecting confidentiality is on the short list of professional job skills presumed to be simply understood by bosses everywhere is a compliment to our profession. Our bosses assume we will always recognize confidential information whenever we see it, and then take whatever action is appropriate to protect it.

Because the confidentiality aspect of the job of the administrative professional defies prediction and standardization, it would be prudent to always adhere to my Golden Rule of Confidentiality: Unless otherwise instructed by your boss, treat all information received, written or spoken, as strictly confidential. You will never regret it.

Because you are a professional committed to upholding high standards of behavior, your company’s security will always be a part of your job description. But, it’s an ongoing challenge because you will be relied upon more than ever to “bar the door” against all types of threats to compromise the company’s information and property. It isn’t simple anymore, either—it requires technical expertise and a lot of psychological moxie. The challenge is to do your job with a healthy skepticism of others, while still expecting others to trust you.

Who said our jobs were easy?

< Back To Columns


A past international president of IAAP, Nan DeMars CPS is an internationally recognized authority and seminar leader on office ethics. She is president of Executary Services in Minneapolis, MN, and author of You Want Me to do What? When, Where, and How to Draw the Line at Work (Simon & Schuster).

Contact Nan for more information about executary consulting services or seminars