Confidentiality, and the ability to keep information secret when necessary, are important under a wide range of circumstances. There may be many times, both at home and at work, when someone tells you something, or you become aware of information, that should not be spread further.
How, though, can you identify those situations and be sure that you are acting correctly?
Some information is always confidential, such as information about someone’s health or medical history, especially if given to a healthcare professional. The formal status of other information may be less clear, and gossip would be a good example of this.
Learning to navigate your way through the choppy waters of confidentiality can be very challenging, but this page is designed to help you do it.
What is Confidentiality?
If something is confidential, it has been ‘given in confidence’, that is, in the trust that it will be kept secret. The root of the word is ‘confide’ or to tell someone something secret, often reluctantly.
There are many types of information that are broadly confidential, including personal information (names, addresses, contact details and so on), medical or health information, and information about people’s behaviour or habits and activities. Some types of information are protected by law, including personal information.
It is therefore helpful to be aware of the legal situation before you share any type of information about other people.
Confidentiality in the Workplace
There may be many circumstances in the workplace when you are privy to confidential information. Our page on Confidentiality in the Workplace explains these in more detail, and suggests how you can be sure that what you are doing is consistent with expectations and legal requirements.
Data Protection Law and Confidentiality
A number of countries and territories have formal laws governing data protection.
These include the United Kingdom and Europe, where the General Data Protection Regulation comes into force in May 2018. The General Data Protection Regulation, or GDPR, is unusual because it covers all personal information relating to EU citizens, regardless of who is holding or processing the information. It therefore binds companies from anywhere in the world, if they hold data about EU citizens.
Regardless of where you live or work, if you hold any data that can help to identify an individual—including names, addresses, other contact details, and any sensitive information such as medical records or bank details—you should, as a matter of good practice:
- Take steps to protect that information, for example, by password-protecting electronic files, and locking hard-copy information away securely; and
- Ensure that you understand the law on data protection in your location, as it affects you. You may need to take independent legal advice to be sure about this.
STOP! Ask before you share
One very good way of being confident that you are protecting other people’s personal information is always to ask before you share. Whether you are sharing on social media, or just passing on a phone number to a friend, always ask the person concerned before you do it.
Some professionals are privy to very sensitive information in the course of their jobs. For example:
- Doctors and other healthcare professionals have information about their patients’ medical history and current conditions. This type of information could affect people’s ability to obtain jobs, bank loans, mortgages and life insurance.
- Accountants hold information about their clients’ income, outgoings and tax status. Any leaks could result in reputational damage at the very least.
- Lawyers may have information about current court cases. For example, in the UK, Family Court cases are currently bound by rules on confidentiality that mean that nobody is permitted to disclose certain details of the court case to third parties.
- Journalists often hear confidential information in the course of their work. They may, for example, be asked not to disclose their sources, or to hold certain information for a period to avoid prejudicing a court case.
Over and above the legal requirements, many professionals are expected to abide by guidance from their professional body on confidentiality, and the professional body has its own ways of enforcing compliance. For example, the UK’s General Medical Council issues guidance on good practice on handling sensitive patient information, and all doctors in the UK are expected to follow this. Failure to do so would result in censure at the very least, and might be severe enough to result in a loss of the doctor’s licence to practise in the UK.
No discussion on confidentiality could be considered complete without touching on gossip.
Gossip is defined as idle talk or scandal. It is, therefore, unsubstantiated information that is spread by way of conversations and discussions. It may seem like a bit of idle chit-chat with friends, but spreading incorrect or untrue allegations about others can damage reputations beyond repair, and have long-term effects on people’s lives.
Even just asking the question ‘Do you think it’s true that so-and-so did such-and-such?’ can have the effect of spreading the information further.
As a general principle, sharing gossip is a bad idea and should always be avoided.
You may now be wondering about the situation where you know that something is true, for example, because one of those involved has told you about it.
Passing on information that you have heard from a third party is bad enough. Sharing information that you have been told in confidence, by the person concerned, is much worse.
If they told you in confidence, it means they trust you not to tell anyone else. So don’t. You can be sure that the news will get back to the person who trusted you, and they will be both angry and hurt. Your relationship with them is unlikely to recover.
Of course, if they asked you to share their side of the story with other people, then that is different. However, under those circumstances, you should be wary about the potential to be spreading false information about other people who may be involved in some way. You may trust your friend, but people can, quite legitimately, have very different views of the same events.
The bottom line: avoid talking about anyone who is not present
If you are not certain about the facts, or would not be completely happy saying it to their face, then it is best not to say it when they are not there.
A Guiding Principle for Confidentiality: Do As You Would Be Done By
Perhaps the best policy to ensure that you are handling information sensitively, and respecting people’s confidentiality is to consider how you would feel if it were your personal information, and what you would want done with it. Of course, if someone has explained how they would like the information handled, that is simple. Otherwise, ‘Do as you would be done by’ is a simple rule, but extremely powerful.