Confidentiality in the Workplace
Understanding Your Obligations
Laura recently learned that her long-term client, Jim, is retiring. She was quite surprised, as the company he manages is launching a new business initiative, and she thought he would surely want to lead it through this exciting time.
Unfortunately, Laura then shared this information with another client, who happened to be an investor in Jim's company. The investor promptly backed out of his investment, sending Jim's company into a tailspin.
This is an example of how damaging breaches of workplace confidentiality can be – both for the organization you work for, and for your own career. That's why it's important that you know what your obligations are when it comes to workplace confidentiality.
But what actually constitutes confidential information? And how can you ensure that you don't breach confidentiality? We'll answer these questions, and more, in this article.
What Is Confidential Information?
Confidential information is information that needs to be restricted to authorized people only.
In the course of your job, you may come across a lot of confidential information. For instance, you might know sensitive information about your organization, such as its future plans, expected revenues, or the "trade secrets" that give it a competitive edge in the marketplace. You might also know similar information about your clients.
As well as this, you may come across confidential customer information like credit card numbers, bank details, or medical information.
Also, there may be employee information that you need to keep confidential, including salary details, performance reports, and medical data, as well as the type of personal information we looked at the start of this article.
Very many business relationships are underpinned by confidentiality/non-disclosure agreements that define precisely what is considered – and is not considered – to be confidential. Employment contracts and service agreements typically contain these clauses as well. If you're wondering what is confidential or not, make sure that you read and understand these agreements in detail!
Overall, if you have any doubt about whether you should share information, treat it as confidential.
Consequences of Breaches in Confidentiality
Clearly, breaches of confidentiality are bad for business.
For instance, people don't want to do business with organizations that cannot be trusted to keep confidential information secret. And revealing private corporate information may damage your reputation and compromise your ability to get ahead in the workplace.
People also need to be confident that their private information will be kept confidential. This enables them to feel secure in the workplace, and prevents all sorts of internal problems.
Serious breaches of confidentiality can also lead to legal problems, disciplinary action, and criminal convictions. (Think of the havoc that could be caused by a breach of confidentiality during a merger or flotation.)
Protecting Confidential Information
Your workplace may already have clear rules regarding confidential information, and, if you work in a profession such as education or health, you may be bound by professional codes that protect the confidential information that you come across.
However, it can still be a challenge to protect confidential information in your team or organization, even if you know about the consequences of sharing that information.
Your approach depends on the nature of the confidential information that you're handling, and the consequences of a breach of confidentiality.
Start by analyzing the risks of a breach in confidentiality, and then develop an approach that addresses these risks effectively but efficiently, and with a minimum of bureaucracy. In many cases, it will be enough for people to know about confidentiality and act in a responsible way. In other cases, you'll need to be more rigorous in the way that you protect confidential information.
Ways to Protect Confidential Information
Depending on the consequences of a breach in confidentiality, you can protect confidential information with the following measures and strategies:
- Provide confidentiality training. This should include advice on not sharing confidential information unintentionally – for example, through gossiping, or with people outside of work.
- Only share confidential information with those who have a reason to know. The fewer people who know something, the easier it is to contain the information.
- Use confidentiality, nondisclosure, and non-compete agreements with employees, clients, and contractors to further protect your business. You should use these legal documents whenever you have to disclose confidential information to people outside your organization. (These agreements should be drawn up by a lawyer.)
- Where appropriate, have a confidentiality policy that describes what information is considered confidential, and which outlines how to manage and share confidential information within the organization. It can also define when confidentiality can be broken. This typically includes situations where there is a legal obligation to disclose information, when a criminal act has been committed, or when someone's health and safety is in jeopardy.
- Require the proper disposal of sensitive information: for example, by shredding documents with a cross-cut shredder, or by destroying old computer hardware. (Be aware that computer equipment that is "thrown away" may be salvaged rather than being sent to landfill.)
- Restrict the ability to view, remove, or copy confidential information. In a computerized environment, it's very easy to access and disseminate information. Encrypt highly sensitive information. Use passwords to protect and limit access to information. Also, be aware that there are different levels of encryption – some can be compromised quickly, while others are more secure. (Ask you IT department for help if you need to know more.)
- Stamp documents "confidential" if required. (But don't overuse this practice, as people then might ignore it.)
- Secure physical information and files using a lock and key or a safe. Be sure that you keep track of the keys, ask former employees to return their keys, and update access lists regularly.
- Require people who leave their employment to return all documentation and material to the organization.
Various privacy and confidentiality acts may govern confidentiality in your country or jurisdiction. These may include freedom of information acts, securities and trade laws, standards boards, and professional codes. Consult your lawyers to understand which regulations apply to you.
In many organizations, salary information is considered confidential, and people's salary and compensation arrangements should not be shared. (In many circumstances, salaries are negotiated, so comparing salaries among colleagues can cause issues with productivity and morale.)
If you work in accounts or human resources, or if you manage employee or personal data, you should take all measures necessary to secure information. This includes storing accounts and personnel files securely, and limiting the number of people who have access to this data.
Think about how your approach to confidentiality fits with other initiatives – for example, with whistleblowing policies and suchlike.
Confidential information is information that needs to be kept private and be restricted to only to a select group of people. Breaches in confidentiality at work can have very serious consequences.
You'll find detailed rules on what is and what is not confidential in the non-disclosure agreements and contracts that govern the way that you work. Make sure that you're familiar with the detail of these.
As a general rule, unless information is known to be public, then you should consider it confidential and not share it with anyone. If you have any doubt, don't share it.
You can protect confidential information in your organization by using common-sense strategies such as training and coaching employees, encrypting electronic files, and using nondisclosure agreements with employees and contractors.