Confidentiality in the workplace is rule number one in the book of business etiquette. Not only are you showing your customers, clients and employees a level of common courtesy by protecting their data, you’re fulfilling your legal responsibility to prevent sensitive information from being leaked. Such breaches of confidentiality can have catastrophic consequences for your business, so it’s worth ensuring you understand how to adhere to this ethical, legal duty.

Look at it this way, in a single day one employee could be handling all sorts of private or intellectual information, from customer contact details to financial information regarding the company. Not to mention the data that could be retrieved if your computer systems were accessed by an external party. Without an employee confidentiality agreement and security procedures in place, your data is at risk of breach. The same applies whether you work in finance, healthcare, HR, you name it.

It’s important for an employer to take the necessary steps to ensure confidential information is kept exactly that, or the consequences will be yours to contend with.[1]

How to prevent a breach of confidential information in the workplace

Ensuring that private business information and intellectual property is protected can throw up challenges. Firstly, with the rise of paperless offices and online filing systems, information can be more accessible than ever and therefore, more vulnerable.

Yahoo became the victim of the biggest data breach in history in 2013 and again in 2014, when two different hacker groups broke into their database and stole a total of 3-billion users’ details. The breach was only revealed when the company were in sale negotiations with Verizon in 2016, resulting in the sale price being knocked down by a monumental $350 million.[2]

Encrypting files and databases with passwords and limiting access to only the necessary individuals can help to keep the information safe and strengthens the company’s legal position if the worst happens.

This isn’t exclusive to written or digital data, however, as verbal exchanges can also become problematic. Employees talk, and they make mistakes – they’re only human, after all.

While it may seem like common sense not to share private documents with third parties, it’s all too easy to let one’s guard down during casual conversations or on social media. Ever had gossip about a co-worker interviewing for a rival company or repeated something that another person said about their boss? These are both examples of sharing information you were told in confidence.

For business owners, every employee is a risk and, while controlling employee access to social media platforms can be controversial, how your employees share information should be a consideration when protecting confidentiality.

To limit the potential data breaches, add a confidentiality agreement to all employment contracts. This must be read and signed by all new-starters, to confirm they legally agree to keep confidential information private. It’s important for them to understand why it’s essential to protect private data and what the procedures are for keeping information safe.[3]

Hiscox offer a CyberClear Academy as part of their cyber and data insurance, which provides employers with online interactive cyber security training modules for them to use for their employees.

The consequences of a confidentiality breach

It’s rare that a breach of confidentiality at work will occur intentionally, but even an honest mistake can carry grave consequences. For example, if an employee left their work laptop on a train, any sensitive information stored on it is then available for somebody else’s viewing pleasure. Or it could even be something as simple as sending a private email to the wrong person. We all know how easy that could be!

As an employee, the consequences of breaking confidentiality agreements could lead to termination of employment. In more serious cases, they can even face a civil lawsuit, if a third party involved decides to press charges for the implications experienced from the breach.[4]

As a business, a breach of confidentiality could result in sizeable compensation pay-outs or legal action, depending on the scale of the breach. Beyond the financial implications, it can be incredibly damaging to the company’s reputation and existing relationships. If it becomes public knowledge that private information was shared without consent or you experience a data breach, you could lose trust not only from your existing clients, but from prospective ones too. Recovering from a data breach can be costly and takes a strong PR strategy to get back on track.

Staying on the right side of the law

Confidentiality in the workplace laws in the UK[5] work to protect information that is shared on the basis it will remain private property. An agreement doesn’t need to be signed for this law to apply, although companies will usually include a confidentiality clause in employment and client contracts

For information to be considered ‘confidential’ the owner must believe it would be detrimental to them for it to be leaked, that the information is not already in the public domain, there is no consent to share it, or it is marked as confidential in some way.

In the UK, the general public are also protected by the General Data Protection Regulation – more commonly known as ‘GDPR’[6]. The implementation of these regulations means that any business using personal data is responsible for using the information lawfully, transparently and securely.

Failing to adhere to these laws and regulations can result in fines and legal action. Having  professional indemnity cover and cyber and data risk cover as part of your business insurance policy will help to cover any costs incurred in the case of a confidentiality breach.

The high-profile Facebook case of September 2018 is the perfect example of this. Up to 90-million Facebook user accounts were exposed by a security breach and Facebook is now facing a maximum fine of up to 4 percent of its global annual revenue from the prior year, which works out at $1.63 billion (£1.25 billion).[7]

The results of a breach of confidentiality can be devastating for your business, so it’s critical to have security and procedures in place to effectively protect your company from the potential consequences. Encrypting data, adding confidentiality agreements to your employment contracts and offering adequate training to employees will reduce risk. On top of this, by having the appropriate business insurance and professional indemnity cover in place, you can have peace of mind that your business will be covered if the worst does happen.

If you want to start planning protection for your own business, Hiscox can provide you with a quick online quote to get things started. Or, if you’d like to continue researching your options, check our our Indemnity Insurance FAQ Hub. You’ll find answers to queries such as how the cost of professional indemnity is calculated and what level  your business requires.

[1] https://www.personneltoday.com/hr/how-employers-can-protect-confidential-information/

[2] https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html

[3] https://www.lawdepot.com/blog/3-ways-employers-can-protect-confidentiality-in-the-workplace/

[4] https://d-w-s.co.uk/breaches-of-confidence/

[5] https://www.gov.uk/data-protection-your-business

[6] https://www.gov.uk/data-protection

[7] https://www.techworld.com/security/uks-most-infamous-data-breaches-3604586/