Client Confidentiality Policy ***************************** The Client Confidentiality Policy defines how Maryland Productions (MP) and Event Revolution (RV) protect client information, proprietary materials, and sensitive project details. Clients entrust MP/RV with confidential business information, creative assets, and operational data, and protecting that trust is essential to maintaining professional relationships and legal compliance. Confidentiality is a core professional obligation. Purpose ======= - Protect client information from unauthorized disclosure or misuse. - Define what constitutes confidential client information. - Establish clear rules for handling, sharing, and storing client data. - Prevent reputational harm and legal exposure. - Ensure consistent confidentiality practices across all departments. Who This Policy Applies To ========================== This policy applies to: - Employees (full-time and part-time) - Freelancers and independent contractors - Temporary staff and interns - Project Managers and Crew Leads - Anyone with access to client information or materials Compliance with this policy is a condition of employment or engagement. What Is Considered Confidential =============================== Confidential client information includes, but is not limited to: - Client contact details and internal communications - Contracts, proposals, and pricing - Event budgets and scope details - Technical designs, plots, and show files - Schedules, run-of-show documents, and call sheets - Security procedures or access information - Client-provided assets (logos, media, branding) - Non-public information learned through client interactions Information does not need to be marked confidential to be protected. Confidentiality Obligations =========================== All personnel must: - Use client information only for authorized business purposes. - Share client information only with individuals who need it to perform their role. - Protect client materials from loss, theft, or unauthorized access. - Follow all applicable SOPs and data security policies. - Treat all client projects as confidential unless explicitly stated otherwise. Confidentiality applies both during and after engagement. Disclosure & Sharing ==================== Permitted Disclosure -------------------- Client information may be shared only when: - It is necessary to perform assigned work. - The recipient is authorized and has a legitimate business need. - Disclosure is approved by a Project Manager or authorized manager. - Required by law or legal process (management must be notified immediately). Unauthorized Disclosure ----------------------- The following are prohibited without explicit authorization: - Sharing client information with third parties. - Discussing client details with other clients. - Posting client-related information publicly. - Sharing internal pricing or budgets. - Disclosing security or access information. When in doubt, do not share. Use of Client Materials ======================= - Client materials may be used only for the specific project. - Do not reuse client assets for other projects without permission. - Do not retain copies of client materials after the project unless authorized. - Client materials must be returned or deleted when required. Client intellectual property must be respected. Photography, Video & Social Media ================================= - Do not photograph or record client events without approval. - Do not post photos, videos, or behind-the-scenes content without authorization. - Follow all client-specific media restrictions. - Tagging or naming clients publicly requires approval. Assume all events are private unless told otherwise. On-Site Conduct =============== - Do not discuss confidential client information in public areas. - Be mindful of conversations around guests, venue staff, or other vendors. - Protect documents and devices from being viewed by unauthorized individuals. - Follow client-specific security or access rules. Discretion on-site is essential. Data Handling & Storage ======================= - Store client data only in approved systems. - Do not store client data on personal devices unless approved. - Protect physical documents from loss or unauthorized access. - Follow data retention and deletion requirements. Improper handling increases risk of exposure. Non-Disclosure Agreements (NDAs) ================================ - Some clients require NDAs. - NDAs must be followed strictly. - If unsure whether an NDA applies, ask a PM or manager. - Violations of NDAs may result in severe legal consequences. NDAs override general confidentiality guidance where applicable. Reporting Breaches ================== If you believe client information has been compromised: 1. Report the issue immediately to a PM or manager. 2. Do not attempt to conceal or resolve the issue independently. 3. Follow instructions for containment and mitigation. Prompt reporting reduces harm. Enforcement =========== Violations of this policy may result in: - Removal from client projects - Disciplinary action - Termination of employment or contract - Legal action where appropriate Severity depends on the nature and impact of the violation. Acknowledgement =============== All personnel may be required to acknowledge this policy in writing. Failure to read or acknowledge this policy does not exempt individuals from compliance. Related Policies ================ - :doc:`data_security` - :doc:`it_acceptable_use` - :doc:`code_of_conduct` - :doc:`social_media_policy`