How To Deal With Employee Confidentiality Breaches

BY Judah Hirsch Regulations

How To Deal With Employee Confidentiality Breaches

As an HR professional, keeping personal and company information confidential is extremely important. Committing confidentiality breaches can compromise your company in two ways:

  1. It can destroy business relationships. Revealing confidential information opens you up to lawsuits. Not only that, it also destroys the company’s reputation in the marketplace and the industry.
  2. It can lead to criminal acts. When the information falls into the wrong hands, it can lead to discrimination, fraud, theft, and more.

Here is a list of things HR personnel have to ensure are kept confidential:

  • Employee information related to compensation, job performance, personal contacts, and work history
  • The employee’s government issued documents like social security, passport, and driver’s license.
  • Medical information including insurance and compensations
  • Staff responsibilities including employment actions and departmental issues
  • Investigative files, if any
  • Departmental files on employee performance, attendance, notes, and supervisor feedback

In today’s age of social-everything, HR practitioners have to be more vigilant with confidentiality. In the Philippines, your data is also protected by law. It is everyone’s basic right to have privacy.
That’s why perhaps one of the hardest cases you’ll have to deal with are confidentiality breaches. Let’s take a closer look at the problem.

You Can Control Confidentiality – But Not People

Let’s say you handle a team in the Human Resource department of your company. All goes well the entire week until Friday. One of your teammates comes up to you with an urgent matter:

One of the workers in the Finance division caused a breach in confidentiality.

The employee involved – let’s call her Hannah – revealed the salary information of the company by accident. Your staff discovered the act. They reported that Hannah was speaking about it on the phone with her friends.
Hannah also doesn’t deny her wrongdoing, claiming she didn’t mean to tell her friends. She was just excited about working in the company.
Upon further review, you find out Hannah is a new employee. She’s also still on her probation period. You know she must have signed a non-disclosure agreement when she began her work.
Now, here’s the problem: should you forgive Hannah? She is new, after all. But you also know salaries are meant to be kept confidential. You don’t want to make exemptions in protocol.

So, what do you do with Hannah?

What To Do When Someone Reveals Confidential Information

 1. Review if the employee involved understands the effect of the breach

It’s best to go over your Employee Handbook when cases like this arise. Ask yourself if you did enough to reiterate what kinds of information must be kept confidential. Is your handbook comprehensive? Can all employees understand the penalties of going against the rules therein?
You may want to review your materials that stress employee confidentiality. This assures that employees are well aware of the consequences of sharing confidential material.
This also becomes a chance to see if your data policies are solid or need to be tweaked. As your company grows and times change, policies must sometimes be reformed. It’s especially crucial to check and update your policies on employee confidentiality from time to time.

2. Look over all the facts objectively

Next, you’ll need to investigate the matter.
You’ll first have to make sure if the employee’s actions are intentional. Sometimes you’ll find that the breach happened as some kind of accident. In other cases, you’ll discover that the employee did in fact mean to reveal confidential information.
Next, you’ll need to review the gravity of the information leaked. Will that information affect your company’s reputation? Will it cause harm to anybody? Does it compromise safety? These things are important for you to decide what measures to take.

3. Check your options and decide on action steps

Some cases are dire enough to need immediate termination or dismissal from the company. In these cases, you’ll have to conduct formal disciplinary measures. You may also have to decide whether the information leaked is grounds for legal action versus the person involved. This is especially if the act was intentional.
In unintentional cases, pay more attention to the gravity of the leaked material. Review your employee contract then see if the act is grounds for termination.
Should you find that the breach didn’t reveal any serious information, you can opt for informal measures instead. You can address a letter or have a short meeting with the person involved. Inform them of your company policies again so they’re aware of their misconduct.

4. Take preventive measures

After dealing with the employee involved, now is the time to ask yourself:

  • What you can do to prevent these things from happening again?
  • What are steps you can take to make your employees more aware of your policies on confidentiality?

Inform new employees using basic preventive measures, like a nondisclosure agreement. Orientations can also better inform employees about company policies. You can also use practical measures like giving information access on an as-needed basis.

What To Do After The Breach

A good place to start would be a good, clean investigation. Be sure to consider all possible sides to the case, especially if it’s a serious one. Some cases are easier to dismiss than others. But don’t use this as an excuse to skimp out on collecting the facts.

Keep in mind that you should take action immediately.

You may find that the breach affects your company in some significant way. Later, you may learn it was something you could have controlled – had you acted sooner.
Be sure to be fair and honest in your investigation so you know the right action to take.

  • Do you dismiss your employee?
  • Are they being dismissed without prior warning?
  • Is there a need for compensation brought about by the damage?

Now after all these steps, you tackle Hannah’s case with a little more ease. You confirm that the leak was in fact an accident. Your boss and HR colleagues agree that the leak may be serious but not enough to cause dismissal. After a short talk with Hannah about her misconduct, you find she’s more careful now in her work.
Of course, you don’t just stop there. You also find ways to inform your other employees by releasing a news bulletin or circular letter to remind them of company policies.

Signup now to keep informed of the latest HR and payroll trends.
Subscribe to our newsletter Here