Professional Documents
Culture Documents
US Confidential Information Policy
US Confidential Information Policy
CONFIDENTIAL INFFORMATION
P
PROTECTION PROG GRAM (CIPP)
B
BOSE GLOBAL
G POLICY
Y
IIntroducttion
AAs used in th
his document, Employee es are regular full‐time oor part‐time employees o of Bose Corp
poration
oor one of the
e Bose subsidiaries. In‐H
House Contractors are non‐employeees (including independeent
ccontractors and
a employe ees of staffin
ng agencies)) that regula rly work witthin a Bose ffacility.
C
Classification of In
nformatio
on
Information is classified into the thre
ee categorie
es illustratedd in Figure 1 and describ
bed below:
1
1. Public Infformation –
– information
n that can bee
shown too be in the public domain, including
such info
ormation as:
2
2. Confidenntial Informa ation (CI) – nonpublic
n FIGURE 1
information related tot or held byy Bose,
includingg (but not lim
mited to):
technnical informaation
identtity of existin
ng and poten
ntial suppliers
unrelleased produ ucts
organnizational ch harts
Classification of Information, continued
1. Financial HCI. Except for total annual Bose revenue (which is Confidential Information), all other
Bose financial information is HCI. This includes sales by division, theater, channel, country,
product, store, etc., margins, cost of goods sold, component costs, profit and loss statements,
balance sheets, cash flow statements, forecasts, other forward‐looking financials, as well as cost
center financials.
2. Research HCI. Descriptions of active Bose research projects, and key findings (typically
documented in research reports) of active or previous research projects, are HCI.
4. Engineering Tools HCI. Bose‐generated engineering tools used to create, optimize, or tune Bose
products, including (but not limited to) custom modules developed for off‐the‐shelf engineering
software programs such as Matlab and PSpice, are considered HCI.
6. Product, Plans and Strategy HCI. Corporate and division strategies, succession plans, product
plans, marketing plans, and technology roadmaps are HCI.
7. Security HCI. Encryption keys and users’ security credentials (e.g., login passwords) are HCI.
8. Personal Information HCI. Employee or customer personal information, including (but not
limited to) taxpayer identifications, salary, and credit card information, is HCI. Note that much of
this information is also protected by privacy laws throughout the world. Bose Employees and In‐
House Contractors must comply with this policy as well as all applicable privacy and other laws.
In addition to these categories of HCI, a General Manager or Vice President of a business unit may
designate additional Confidential Information as HCI. If a GM or VP makes such a designation, they
must communicate this to the appropriate people within Bose.
Questions about how to classify information should be directed to a Bose manager or a CIPP
representative.
2 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
Bose Confidential Information: Bose Employees and Bose In‐House Contractors shall use their best
judgment in determining whether to share Bose Confidential Information with Bose Employees.
1. Perform a Self‐Check. Bose Employees must first satisfy themselves that Bose has a legitimate
business need to disclose the information. If an Employee can effectively get the job done
without disclosing the Confidential Information, the Employee shall not disclose it.
3 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
a. Verify that a valid and sufficient NDA (or equivalent confidentiality agreement*) is in place
with the business associate to whom the Employee will make the disclosure; or
b. Enter into a NDA with the business associate by following the procedure set forth on the
Corporate Legal Department’s intranet site. (Questions about NDAs should be directed to
the Corporate Legal Department.)
4. Make the disclosure. Once the above steps have been completed, the Employee may make the
disclosure to the external business associate. Even with an NDA in place, the Employee must
only disclose that Confidential Information which is necessary for the external business
associate to complete the work. As discussed further in the next section (Identifying
Confidential Information), the Employee must make clear to the external business associate
that the information being disclosed is confidential.
Bose In‐House Contractors are generally not permitted to disclose Bose Confidential Information or HCI
to External Business Associates. However, a Bose director (or above) may give an In‐House Contractor
permission to disclose Bose Confidential Information or HCI to an external business associate, provided
(i) that the above steps are followed and (ii) the Bose director (or above) gives written permission to
make the disclosure to the external business associate (email permission is acceptable).
4 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
5 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
Vice Presidents and General Managers may impose additional limitations on the disclosure of
Confidential Information residing within their organization.
6 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
Bose Confidential or
Bose Highly Confidential
In addition, after making an oral or visual disclosure to a third party under NDA, the Employee or In‐
House Contractor making the disclosure is highly encouraged to follow up in writing (e.g., e‐mail) to
confirm that the Bose information disclosed is considered confidential. This written confirmation
should not describe in detail the Confidential Information itself. A sample follow‐up email message can
be found on the CIPP website here.
The failure to mark or identify information as confidential does not render the information non‐
confidential. Employees should assume that all non‐Public Information generated or held by Bose is
confidential whether or not the information is marked as confidential.
7 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
Before receiving confidential information from a third party, Bose Employees shall follow the
following steps:
Bose In‐House Contractors are often not permitted to receive the confidential information of
external business associates. A Bose In‐House Contractor seeking to receive the confidential
information of an external business associate should contact the Bose Legal Department for
guidance.
Bose competes vigorously but fairly, in conformity with Bose Corporation’s ethical guidelines and
legal requirements. Just as Bose carefully safeguards its intellectual property, Bose expects its
Employees and In‐House Contractors to respect the intellectual property and confidentiality rights
of others.
If any Bose Employee or In‐House Contractor is offered by one party the confidential information
belonging to another party (e.g., a Bose competitor or customer), he/she shall not accept, review or
make any use of that confidential information. Instead, the Bose Employee or In‐House Contractor
should immediately notify his/her supervisor and the Legal Department.
8 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
Bose Employees and In‐House Contractors shall not retain, use, disclose or bring to Bose any
information of a former employer or client that might be considered to be confidential information
of that employer or client.
If an Employee’s or In‐House Contractor’s responsibilities at Bose might risk the use or disclosure of
confidential information of a former employer or client, the Employee or In‐House Contractor
should promptly disclose that risk to his/her manager. Any questions regarding the possession,
retention or use of information of a former employer or client should be referred to the Legal
Department.
9 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
CIPP provides general guidance on handling of all types of information possessed within Bose.
However, there are also many laws, contractual agreements, and other Bose policies that provide
additional rules applicable to various types of information possessed by Bose. The following is a
summary of some (but not all) of the other applicable laws, policies and agreements:
This list is not exhaustive. Employees and In‐House Contractors with questions about handling of
information should be directed to the Corporate Legal Department or your CIPP representative.
10 | BOSE CONFIDENTIAL
CIPP POLICY v2.0
Penalties
Individuals who violate the provisions of this policy will be subject to disciplinary action in accordance
with the Bose Corrective Action Policy.
Exceptions
Exceptions to this policy may be granted on a case‐by‐case basis by written approval from a Bose Vice
President (or above).
11 | BOSE CONFIDENTIAL