Confidentiality in the Workplace
Confidentiality, or not disclosing certain information, is important in a wide range of jobs.
Confidentiality matters for legal and reputational reasons, and it also matters because your future employment may depend on it.
Some information is protected by law in several countries, including personally identifiable information and also ‘trade secrets’.
It is therefore important to understand the nature of confidentiality, and how to ensure that you comply with legal or ethical guidelines.
What is Confidentiality?
Confidentiality means the state of keeping secret or not disclosing information. It comes from confide, meaning to trust someone or tell secrets to them.
Confidential information, therefore, is information that should be kept private or secret. Confidentiality is simply the act of keeping that information private.
Types of Confidential Information
There are, broadly speaking, five main types of confidential information.
1. Employee Information
In the course of the job, you will hear information about individuals within your organisation. Some of this will be unsubstantiated gossip, and some will be information that you have come across in the course of your work, especially if you are a line manager or you work in human resources.
It goes without saying that you should not spread gossip, especially if you do not know if it is true. Even just asking someone else whether they know if it is true that x did y can have huge consequences for x’s reputation.
As a general rule, if you would not ask the person concerned, or mention it to their face, don’t mention it behind their back.
Get a reputation for integrity, rather than one for gossiping.
If you come across private information in the course of your work, including any information that identifies an individual (name, address, maiden name and so on), then you should not disclose it to others. This also applies to information collected at interviews about ethnic background, disabilities and so on.
There are legal requirements about keeping that kind of information safe and secure in many countries. If you break those laws, you are likely to be personally liable and potentially face prosecution.
2. Managerial Information
Managerial information includes both information about individuals, such as disciplinary action, and also about broad management actions such as planned redundancies or employee relations issues.
Some types of managerial information will become public in due course—such as planned redundancies—and other information may remain confidential for much longer.
3. Organisational Information
Organisational information is also known as business information or ‘trade secrets’.
The definition covers anything not in the public domain that helps the organisation do its work better or more efficiently. It would therefore include, for example, information about industrial processes, budgets, costs, forecasts, and even customer contact information.
Sometimes organisational information is covered by confidentiality agreements or contracts of employment. If you are tempted to disclose any information of this nature, you should check your contract first and, if necessary, get legal advice.
4. Customer or Contact Information
Customer and contact information is partially covered by ‘trade secrets’.
However, forthcoming changes to data protection law in Europe (and relating to any data held on a citizen of a European Union country) means that it needs to be considered and held differently.
If you think this may affect you or your company, you are advised to seek legal advice.
5. Professional Information
Some professionals — including doctors, lawyers and accountants — come across information about individuals or organisations through their professional position.
- Doctors know about the details of their patients’ conditions and treatments;
- Lawyers know about details of wills and court cases, some of which may be protected by law; and
- Accountants will know about their clients’ tax and income.
These professionals are often bound by professional codes of conduct as well as formal legal requirements.
Casual vs. Legal Confidentiality
There is a distinction to be drawn between casual expectations of confidentiality and legal requirements.
There is information which you may be told, and asked to keep secret, but where the only obligation to do so is personal
For example, a colleague tells you that she is pregnant, and explains that she has not yet told anyone else and would prefer it not to be public for the time being.
She wanted to tell you because you are a friend/someone she trusts to cover for her if her morning sickness is bad/her line manager.
There is no absolute or legal requirement on you not to tell anyone else. However, be aware that if you do so, you will have broken her trust.
You would not expect her to be happy, and your reputation as someone to trust and rely on will be gone (and probably not just with her).
There is information that legally cannot be shared with other organisations or individuals except under certain very specific circumstances
For example, you may want to share or sell a list of customer contact details to another organisation. In many countries, you can only do so if you have obtained explicit consent from those customers.
Most personal information (that is, any information which is personal to an individual, such as national insurance numbers, full name, address, email address or similar) cannot, by law, be disclosed without consent.
You can also be sued if you share information that is individual to your employer with any of the company’s competitors, or disclose it in a way that may damage the share price. This includes information about employees, processes, or products that is not already in the public domain.
Protecting Confidential Information
If you regularly handle confidential information, you should take steps to ensure that you protect it adequately.
These should include, for example:
Ensuring that confidential information is always locked away at night, and not left unattended during the day;
Password-protecting sensitive computer files;
Marking confidential information clearly as such, and ensuring that paper copies are shredded before disposal; and
Ensuring that you only disclose confidential information to those who need to know.
When to Break Confidentiality
There are a number of circumstances when you may and must break confidentiality.
You may break confidentiality when:
- The information disclosed to you suggests that something may happen or have happened that is not in the organisation’s interests. There may be a balance to be struck between the needs of the individual and the organisation.
- If something has happened which is against your professional code of conduct, or which you believe to be wrong. Many organisations have codes to protect ‘whistleblowers’ but this is still hard to do, and you should be aware that there may be fall-out in terms of your organisational reputation.
You must break confidentiality when:
- There is a possibility that a criminal offence has been committed, because you are obliged to report it to the police.
- If there is suspected child abuse or abuse of another vulnerable person, even if this may fall short of criminal activity. Under these circumstances, you should be careful to explain to the child — or the person who has told you — what you intend to do and why, to make sure that they understand and will be protected during the process.
Common Sense and Professional Standards
Much about confidentiality is either common sense, or covered by professional standards. It follows that you need to protect information that is about an individual, and which they would not want disclosed more widely.
What is changing, and rapidly, is the way the law regards wider disclosure. Tolerance is decreasing. If you regularly handle confidential information, it may be time to review what you do.