As an employer, gathering information about your employees (and monitoring them in some cases) is an effective way in getting to know your staff members and assessing whether they are capable of fulfilling certain roles. It is also a way to ensure that no regulations are being breached, as well as being a form of crime detection and prevention.
That being said, some of the information that you’ll have access to about your employees will need to be treated as confidential, and if confidentiality were to be breached, it could have negative consequences for everyone involved.
In this article we will take a look at the ins and outs of employee confidentiality in the workplace, and how to remain fully compliant with the rules.
What is employee confidentiality?
Confidentiality means to confide in and to trust, and is a state of secret keeping. The term ‘employee confidentiality’ is usually used to refer to the confidential data that companies store of employees. Companies have a responsibility to treat this data with sensitivity, and ensure that only authorised personnel have access to this data.
Why is employee confidentiality so important?
Strict and clear confidentiality regulations in a company help build trust between employer and employee. When there is trust between an employee and employer, information will flow more easily and you’re bound to see healthy levels of communication and productivity.
Failure in prioritising confidentiality could cause you to lose both clients and employees, and you may garner a reputation as an untrustworthy or unprofessional business owner. When employees don’t trust you, they are more likely to lose loyalty towards your company and decreases in productivity are common.
In a worst case scenario, sensitive information could be leaked and it could be used for fraud or to potentially blackmail someone within your company. The legalities of dealing with a confidentiality breach can be time-consuming, stressful, and highly detrimental to your reputation.
This is why it is so important to ensure that you stick to data protection regulations, and have detailed confidentiality agreements and regulations within your own company.
There are a number of different ways in which employers can monitor their employees, including:
Recording phone conversations
CCTV cameras in the workplace
Monitoring emails and internet usage
Bag checks and searches
If you are an employer that plans on monitoring your staff in any of the above ways, you’ll have to be able to fully justify why you find it necessary to do so. According to Citizens Advice, you should perform an impact assessment to determine what sort of negative effects monitoring your employees could have on them.
You should also try and come up with the least invasive monitoring systems possible. Once you’ve decided to go ahead with monitoring you’ll need to inform each and every one of your employees and have your monitoring policies confirmed in writing. The policies will have to be included in employment contracts, staff handbooks and workplace regulations and policies, so that everyone is fully aware of the ways in which they can be expected to be monitored.
Remember that you’ll have to receive employee consent when it comes to bag checks and drug testing. Searches would also have to be conducted by members of the same sex, and there should be valid reasons for these acts of monitoring to be done.
One of the most important roles fulfilled by HR professionals is to provide a confidential platform for employees to talk about their issues in the workplace. On top of this, HR is usually the department responsible for storing the sensitive information of employees, such as:
Date of birth
Previous work details
This information will usually come to the HR when a potential employee applies for a job, and employees may be asked to update their information if anything changes, or every 6 months.
It is very important that HR knows how important it is to keep this information from getting into the wrong hands. HR professionals are there to ensure that your business is run ethically and to avoid any unwanted legal consequences.
What do employers need to know about monitoring calls?
Call monitoring is one of the most common types of employee monitoring. Phone monitoring can only be done on equipment that is meant for business usage (i.e. you won’t be able to monitor your employees’ personal cell phone calls). You won’t have to receive employee consent if you are monitoring phone calls for any of the following reasons:
Checking that workplace standards are being upheld
Crime detection and prevention
Ensuring that there is no unauthorised use of equipment
Checking if systems are working efficiently
For purposes of national security
Keep in mind that you will have to comply with the data protection laws in the UK if you monitor phone conversations, emails, and other forms of communication.
What are the data protection laws in the UK?
Data protection laws are governed by the General Data Protection Regulation (GDPR). The GDPR was introduced in 2018 with an aim to give employees and customers more control over how companies use their data, sensitive and otherwise. Very hefty penalties can be expected for companies that do not comply. There are six main focal points of the GDPR, which include:
Data minimisation – companies should only collect the data that they feel is truly necessary, and not create unnecessary data and personal information surrounding their clients or employees.
Integrity and confidentiality – any personal data gathered by a company needs to be protected from any unlawful or unauthorised access and processing. You have a responsibility to keep all of your security, and cybersecurity, systems up to date.
Accountability – accountability is the newest concept introduced by the GDPR, and it focuses on holding companies fully accountable for data breaches and confidential data leakages.
Lawful, transparent, and fair – business owners need to ensure that their data capturing policies and information storage do not break any laws, are fair, and are fully transparent and understood by employees.
Purpose limitation – the information that you collect as a company should all have a specific purpose. You should not be collecting large amounts of personal data simply for the sake of it.
Accuracy – steps (including regular updates) need to be taken to ensure that all of the data and personal information that a company holds is as accurate as possible.
Storage limitation – when personal data is no longer necessary, companies need to ensure that it is properly deleted or discarded. They should not hoard information that is no longer relevant to them as it poses an unnecessary risk.
What rights do employees have when it comes to their information being gathered by their employers?
The GDPR is passionate about educating employees about their rights regarding their personal information. Employee rights include:
Access to information – as an employee you have the right to request access to any and all of the information that your employer has about you. You will need to request your data through a Subject Access Request form, which once cost a nominal fee but the GDPR has ensured that it is now free to access any of your data. Requests need to be answered within a month, and you should receive every bit of information that a company has on you. SAR forms go beyond employee to company, and can be sent to big corporations such as Tinder or Facebook if you want to find out what information they have stored about you.
Automated processing and erasure – in certain cases, you will have the right to have your personal data erased, in cases in which no consent was given or in which the data was illegally processed, for example.
The GDPR has been known to punish businesses who do not comply with fines and penalties. They have increased the amount that companies are eligible to pay in fines, so it is very important that companies ensure that they’re completely compliant with their data capturing, storage and handling.
What about non-disclosure agreements?
On the other side of the coin, you may have some company and trade secrets that you may not want to get out into the world, and in these cases you should have your employees sign non-disclosure agreements.
Non-disclosure, or confidentiality agreements, have become very popular and are commonplace in most larger companies. Some of the most popular clauses include:
Employees cannot discuss certain trade secrets with anyone including their families
Employees cannot work for a competitor brand for a specified time after leaving their current position.
Concepts produced while in their position will be property of the company
Employees could risk termination of their contracts, or even claims made by their employer, if any part of their non-disclosure contract is breached. So it is very important to realise what you are signing in to.
When is breaking confidentiality justified?
There are certain situations in which a breach of confidentiality can be justified. While you may feel like you are breaking someone’s trust, and that you are stepping outside of a confidentiality agreement, there are certain cases in which you are encouraged to breach confidentiality, and either inform higher management or the authorities. These situations include:
When you believe that there is a significant risk that the employee may put themselves or others at risk by harming themselves or others. If a child or other vulnerable person is involved, action should be taken as soon as possible.
In situations where sharing certain information complies with the law.
When certain laws have been broken.
Where it is safe to do so within the terms of the 1998 Public Disclosure Act.
It’s advisable for HR to have, in writing, scenarios where confidentiality may be breached so that everyone involved is aware of the situations in which their information may be shared.
How can companies ensure that employee information is kept safe?
Do not talk to friends and family about personal information .This may sound obvious but many people struggle with gossiping. It may seem tempting to reveal interesting or ‘juicy’ information that you may have come across about an employee, but it is very important that you refrain from doing sp. Not only is it morally wrong, but it is unlawful and could affect the employee’s personal life.
Keep information secure. Keeping information on a secure database is a necessity. Security updates should be done regularly and only authorised personnel should be able to gain access to this information. Ensure that you are using cutting-edge, top of the range security software.
Have a professional team in place that is dedicated to keeping certain information confidential and ensuring that employees feel secure with being monitored/ sharing certain information.
What happens once there’s been a confidentiality breach?
If you are an employer or an employee that has breached confidentiality in some way or other it is best to come clean and own up to it as soon as possible. The breach will probably come back to you eventually and it will look better on your part if you come clean first. Depending on the type of information that was shared, you could possibly endanger the company or an employee so it is best to get it sorted out swiftly. Speak to HR, or legal professionals if you feel that it is necessary.
If you are an employer that is currently struggling with issues involving employee confidentiality, one of the best things you could do would be to consult with your HR representative as this is their area of expertise. If you don’t have one, you could always look at hiring an HR professional on a short term basis. At the end of the day it is important to remember that confidentiality in all forms should be taken very seriously and it should be handled by a professional team of experts.