BY Judah Hirsch Regulations
As an HR professional, keeping personal and company information confidential is extremely important. Committing confidentiality breaches can compromise your company in two ways:
Here is a list of things HR personnel have to ensure are kept confidential:
In today’s age of social-everything, HR practitioners have to be more vigilant with confidentiality. In the Philippines, your data is also protected by law. It is everyone’s basic right to have privacy.
That’s why perhaps one of the hardest cases you’ll have to deal with are confidentiality breaches. Let’s take a closer look at the problem.
Let’s say you handle a team in the Human Resource department of your company. All goes well the entire week until Friday. One of your teammates comes up to you with an urgent matter:
One of the workers in the Finance division caused a breach in confidentiality.
The employee involved – let’s call her Hannah – revealed the salary information of the company by accident. Your staff discovered the act. They reported that Hannah was speaking about it on the phone with her friends.
Hannah also doesn’t deny her wrongdoing, claiming she didn’t mean to tell her friends. She was just excited about working in the company.
Upon further review, you find out Hannah is a new employee. She’s also still on her probation period. You know she must have signed a non-disclosure agreement when she began her work.
Now, here’s the problem: should you forgive Hannah? She is new, after all. But you also know salaries are meant to be kept confidential. You don’t want to make exemptions in protocol.
So, what do you do with Hannah?
It’s best to go over your Employee Handbook when cases like this arise. Ask yourself if you did enough to reiterate what kinds of information must be kept confidential. Is your handbook comprehensive? Can all employees understand the penalties of going against the rules therein?
You may want to review your materials that stress employee confidentiality. This assures that employees are well aware of the consequences of sharing confidential material.
This also becomes a chance to see if your data policies are solid or need to be tweaked. As your company grows and times change, policies must sometimes be reformed. It’s especially crucial to check and update your policies on employee confidentiality from time to time.
Next, you’ll need to investigate the matter.
You’ll first have to make sure if the employee’s actions are intentional. Sometimes you’ll find that the breach happened as some kind of accident. In other cases, you’ll discover that the employee did in fact mean to reveal confidential information.
Next, you’ll need to review the gravity of the information leaked. Will that information affect your company’s reputation? Will it cause harm to anybody? Does it compromise safety? These things are important for you to decide what measures to take.
Some cases are dire enough to need immediate termination or dismissal from the company. In these cases, you’ll have to conduct formal disciplinary measures. You may also have to decide whether the information leaked is grounds for legal action versus the person involved. This is especially if the act was intentional.
In unintentional cases, pay more attention to the gravity of the leaked material. Review your employee contract then see if the act is grounds for termination.
Should you find that the breach didn’t reveal any serious information, you can opt for informal measures instead. You can address a letter or have a short meeting with the person involved. Inform them of your company policies again so they’re aware of their misconduct.
After dealing with the employee involved, now is the time to ask yourself:
Inform new employees using basic preventive measures, like a nondisclosure agreement. Orientations can also better inform employees about company policies. You can also use practical measures like giving information access on an as-needed basis.
A good place to start would be a good, clean investigation. Be sure to consider all possible sides to the case, especially if it’s a serious one. Some cases are easier to dismiss than others. But don’t use this as an excuse to skimp out on collecting the facts.
Keep in mind that you should take action immediately.
You may find that the breach affects your company in some significant way. Later, you may learn it was something you could have controlled – had you acted sooner.
Be sure to be fair and honest in your investigation so you know the right action to take.
Now after all these steps, you tackle Hannah’s case with a little more ease. You confirm that the leak was in fact an accident. Your boss and HR colleagues agree that the leak may be serious but not enough to cause dismissal. After a short talk with Hannah about her misconduct, you find she’s more careful now in her work.
Of course, you don’t just stop there. You also find ways to inform your other employees by releasing a news bulletin or circular letter to remind them of company policies.