HR 23 May 2017

Dealing with an employee suspected of revealing confidential information

Confidential information
Does your workforce have access to confidential business information?
Writing for Business Advice, Alan Price, HR director for Peninsula, explains how employers should handle staff members that could be releasing a company’s confidential information.

A company’s information is one of its most important assets, covering client lists to trade secrets and future business plans. Any suspicions that an employee is divulging confidential information need to be resolved if true, not taking action to halt this could lead to information being lost to competitors.

The first step employers need to take is to carry out a full and thorough investigation in to the matter. The easiest way to resolve any suspicions is to monitor and review the employee’s company emails or computer use.


Any right to monitoring is usually set out in the company’s internet, email or technology policy and may also be outlined in any confidentiality policy. Monitoring should not be excessive and the employee must know what will and won’t be caught, for example, whether personal emails will be read.

Where the investigation uncovers evidence of divulging confidential information, then the employer should take formal action. This is essential to sanction the employee and also send out a clear deterrent to others.

The appropriate sanction will depend on matters such as the information divulged, the seniority of the person, whether this was intentional, the employee’s length of service and their previous disciplinary record. Any disciplinary sanction needs to be reasonable in all the circumstances.

In some cases, it will be reasonable for an employer to treat this as gross misconduct which summarily ends the contract of employment however, this will not always be the case.

Drafting a confidentiality policy

Employers who have these suspicions, whether proven or not, may wish to introduce a confidentiality policy to ensure their business is protected in the future.

A policy should set out the company’s rules on confidentiality, what can and can’t be done with company information, whether monitoring will be carried out including how and when, and any action that will be taken if the policy is breached.

Dealing with ex-employees holding confidential information