Back to top

Protecting Confidential and Restricted Information

People with Purpose

Take careful and vigorous measures to prevent any unauthorized use of sensitive information.

We recognize that our information assets are vital and distinguish us from competitors. We are committed to protecting all company information but especially our confidential and restricted information, as well as any sensitive business partner information entrusted to us. Information security is everyone's responsibility, even if you discontinue your employment.

employees gathered around laptop on desk

Purpose in Practice

Protecting confidential and restricted information means we:

  • Identify and properly classify confidential and restricted information
  • Take appropriate security measures when storing or sharing such information
  • Share it only on a need-to-know basis for a legitimate business reason, even with colleagues, unless otherwise required by law
  • Never discuss it in public areas or forums
  • Never use it for personal gain or to benefit people outside the Company
  • Properly destroy or return all copies of sensitive information when we leave the Company
  • Never request or accept sensitive information unless we believe it's absolutely necessary
  • Report any suspected breach to Allstate Information Security by emailing AIS-CSIRT@allstate.com as soon as possible

Good Example

"Confidential or restricted information" can mean:

  • Nonpublic financial information or projections
  • Marketing plans
  • Proprietary processes, formulas, products or services
  • Intellectual property, patents and trade secrets
  • Information about investments or proposed transactions
  • Pricing strategies
  • Company-developed software and related documents
  • Business partner information
  • Certain operating procedure
  • Personal information of any individual (employee, agent, consumer or customer)

For more information, see Resources.

leadership

in action

leadership in action

I recently received an email from an external business partner, which appears to have confidential information in it. I think she didn't notice because it was part of an older chain of replies near the bottom of the email. Should I bother telling the partner or just not bring it up since I would never misuse or disclose the information anyway?

You should still warn the partner. That way, you could help prevent similar accidental disclosures in other emails the partner sends, which will likely be appreciated. It's our policy to always attempt to return confidential information if we believe it was shared with us by mistake. In this case, reply to only the sender (deleting the confidential information so it does not continue to be shared). Let her know that the email possibly contained information that she may not have meant to disclose, and ask her to resend you the important message without the confidential information. If the sender asks you to delete the prior email, do so.

ECC Monitor: OK