Confidentiality in the Workplace

Why is Confidentiality in the Workplace Important?

Due to increased digitalization, especially after the international lockdown period, workplace confidentiality has become increasingly important. When organizations fail to protect confidential business information there can be serious consequences. There can be legal action against a business and they will likely lose clients/customers along the way.

Sensitive information needs to be kept confidential for a number of reasons. Some of a person’s private information can be used to commit illegal activity using their credentials. Fraud and low degrees of identity theft are common where a data breach occurs. Because of the increase in digital data usage, there are now many places in the world that have laws protecting private information that is kept online, in databases, and even regarding physical copies of documents.

While the idea is always that this refers to clients only, it is actually a general rule related to information collected about employees as well. An employer is responsible for keeping their staff information safe and out of the public domain. When certain information about an employee is discovered by co-workers or released in another way, there is usually a loss of trust. This has dire consequences for company culture and staff turnover rates.

What Type Of Information Should Be Protected?

In addition to staff documentation and information that needs to be kept safe, there is also business-related information that needs to be kept secure. Generally speaking, confidential workplace information can be divided into three categories:

• Business Information
• Management Information
• Employee Information

Business Information:

Sensitive corporate information is called proprietary information, or more colloquially, trade secrets. This is usually not information that is available to the public or competitors. This might include things like computer programs, budgets, business plans, etc. Anything that can be considered as ‘trade secrets’. This would not include information that a company offers up voluntarily to outside parties, like their website, brochures, etc. If there is a breach of this kind of information, for example, a competitor might be able to copy a process to improve their production which can mean an increase in revenue for the competitor.

Management Information:

Management information might include things like employee relations issues, employee misconduct, workplace conflict reports, disciplinary actions, etc. This kind of information is not illegal to disclose, but sharing it can be damaging to the workplace. Disclosure can lead to conflicts and a general lack of trust.

Employee Information: 

Confidentiality in the workplace regarding the workforce refers specifically to personal identifying information, and not management information related to an employee’s career journey. This means that employee information refers to things like employment contracts or the driver’s license number of an employee. Laws related to confidentiality in the workplace cover both the storage and disposal of confidential information. Companies are therefore also responsible for the safe disposal of this information after the storage period has passed. Disclosure of this kind of information does not necessarily impact clients, but can have a negative impact on employees and can result in an employee taking legal action against the company they work for.

What Steps Can Be Taken To Better Protect Confidential Information?

In general, a business is meant to have a written confidentiality policy that should be enforced. These procedures and policies are usually implemented by an appointed representative. Employees are also required to protect confidential information. Some of the minimum steps that employers can take to protect confidential information are:

• When changing technology, software programs needs to be used on each old computer to remove all information from the hard drive.
• Part of what protecting confidential information entails is to limit the amount of confidential data that is collected in the first place. If it is not absolutely necessary for a business transaction it is best to restrict access or not collect it at all. This includes things like driver’s license numbers or social security numbers, etc.
• Where possible, the need to protect information might include a practice from employees not to share certain types of information via email or other unsecured channels.
• Certain types of information should not be discussed in public places.
• Disposal of confidential information also needs to be done properly.
• It can be helpful to clearly mark any written documents as ‘confidential’.
• Employees need to take care with confidential information. It should not be kept on computer monitors or elsewhere where it can be easy to access.
• Confidential information should not be kept on employees’ desks.
• Encryption, firewalls, and passwords should protect electronic confidential information.
• Physical documents need to be locked away in a protected area.
• Each employee must have a separate folder containing their documents.
• Where necessary, an employee confidentiality agreement must be in place.

Having a confidentiality policy gives employees a good idea of what to expect in terms of their personal information.

Any confidentiality policies need to be reviewed to ensure that they follow the law. Any data protection law is usually country or state specific. Employers need to inform employees of the data protection law in their country and how company procedures coincide with this law.

Training regarding confidentiality in the workplace and the corresponding confidentiality policy is important. Just having a written confidentiality policy is insufficient if it is not implemented, enforced, and employees trained and held accountable for their role in keeping confidential documents safe.

Employees and other responsible parties may have questions about sensitive information. Having a representative person for confidentiality agreements and regulations is important as they are the people who can answer these questions and make sure that their company is on the right legal side.

Enforce Confidentiality Policy

This is an essential step for any business. The policy is supposed to protect confidential information, but this can only happen if it is enforced. A company and employee needs to feel pressure to a degree for procedures to be enforced. Both the employer and employees need to be held accountable when these procedures are not enforced. It is never the responsibility of only one employee or a manager in isolation and needs to be enforced by each person in the company at all times. This is part of the company culture that needs to be modeled and supported.

Consider Having a “Non-Disclosure” Agreement for Employees to Sign

These non-disclosure agreements, or proprietary information agreements, are helpful for companies to implement. Their purpose is to protect confidential business information. They are vital in most businesses and not having them, or not enforcing them, can be incredibly damaging.

As with many things, prevention is important in confidentiality. A data breach needs to be an expected event and there must be plans in place to avoid a breach as far as possible, and procedures in place for what actions are taken should a breach occur anyway. Policies need to also cover specific information, such as how customer contact details are stored, how limiting access is implemented, how long financial information is stored, how information needs to be destroyed once the storage period is over, etc.

Confidentiality is the legal responsibility of everyone. When each person leads by example, uses their common sense, and takes the responsibility for confidentiality in the workplace seriously, it will be much easier to ensure legal and regulatory compliance. When business relations are built on trust a business is likely to thrive.