Legal Advice · 7 July 2021

Employee confidentiality & the rules

Employee confidentiality & the rules

As an employer, gathering information about your employees (and monitoring them in some cases) is an effective way in getting to know your staff members and assessing whether they are capable of fulfilling certain roles. It is also a way to ensure that no regulations are being breached, as well as being a form of crime detection and prevention.

That being said, some of the information that you’ll have access to about your employees will need to be treated as confidential, and if confidentiality were to be breached, it could have negative consequences for everyone involved.

In this article we will take a look at the ins and outs of employee confidentiality in the workplace, and how to remain fully compliant with the rules.

What is employee confidentiality?

Confidentiality means to confide in and to trust, and is a state of secret keeping. The term ‘employee confidentiality’ is usually used to refer to the confidential data that companies store of employees. Companies have a responsibility to treat this data with sensitivity, and ensure that only authorised personnel have access to this data.

Why is employee confidentiality so important?

Strict and clear confidentiality regulations in a company help build trust between employer and employee. When there is trust between an employee and employer, information will flow more easily and you’re bound to see healthy levels of communication and productivity.

Failure in prioritising confidentiality could cause you to lose both clients and employees, and you may garner a reputation as an untrustworthy or unprofessional business owner. When employees don’t trust you, they are more likely to lose loyalty towards your company and decreases in productivity are common.

In a worst case scenario, sensitive information could be leaked and it could be used for fraud or to potentially blackmail someone within your company. The legalities of dealing with a confidentiality breach can be time-consuming, stressful, and highly detrimental to your reputation.

This is why it is so important to ensure that you stick to data protection regulations, and have detailed confidentiality agreements and regulations within your own company.

Monitoring employees

There are a number of different ways in which employers can monitor their employees, including:

  • Recording phone conversations
  • CCTV cameras in the workplace
  • Monitoring emails and internet usage
  • Drug testing
  • Bag checks and searches
If you are an employer that plans on monitoring your staff in any of the above ways, you’ll have to be able to fully justify why you find it necessary to do so. According to Citizens Advice, you should perform an impact assessment to determine what sort of negative effects monitoring your employees could have on them.

You should also try and come up with the least invasive monitoring systems possible. Once you’ve decided to go ahead with monitoring you’ll need to inform each and every one of your employees and have your monitoring policies confirmed in writing. The policies will have to be included in employment contracts, staff handbooks and workplace regulations and policies, so that everyone is fully aware of the ways in which they can be expected to be monitored.

Remember that you’ll have to receive employee consent when it comes to bag checks and drug testing. Searches would also have to be conducted by members of the same sex, and there should be valid reasons for these acts of monitoring to be done.

HR confidentiality

One of the most important roles fulfilled by HR professionals is to provide a confidential platform for employees to talk about their issues in the workplace. On top of this, HR is usually the department responsible for storing the sensitive information of employees, such as:

  • Contact numbers
  • Address
  • Medical history
  • Date of birth
  • Marital status
  • Banking details
  • Previous work details
This information will usually come to the HR when a potential employee applies for a job, and employees may be asked to update their information if anything changes, or every 6 months.

It is very important that HR knows how important it is to keep this information from getting into the wrong hands. HR professionals are there to ensure that your business is run ethically and to avoid any unwanted legal consequences.

What do employers need to know about monitoring calls?

Call monitoring is one of the most common types of employee monitoring. Phone monitoring can only be done on equipment that is meant for business usage (i.e. you won’t be able to monitor your employees’ personal cell phone calls). You won’t have to receive employee consent if you are monitoring phone calls for any of the following reasons:

  • Checking that workplace standards are being upheld
  • Crime detection and prevention
  • Ensuring that there is no unauthorised use of equipment
  • Checking if systems are working efficiently
  • For purposes of national security
Keep in mind that you will have to comply with the data protection laws in the UK if you monitor phone conversations, emails, and other forms of communication.

What are the data protection laws in the UK?

Data protection laws are governed by the General Data Protection Regulation (GDPR). The GDPR was introduced in 2018 with an aim to give employees and customers more control over how companies use their data, sensitive and otherwise. Very hefty penalties can be expected for companies that do not comply. There are six main focal points of the GDPR, which include:

  • Data minimisation – companies should only collect the data that they feel is truly necessary, and not create unnecessary data and personal information surrounding their clients or employees.
  • Integrity and confidentiality – any personal data gathered by a company needs to be protected from any unlawful or unauthorised access and processing. You have a responsibility to keep all of your security, and cybersecurity, systems up to date.
  • Accountability – accountability is the newest concept introduced by the GDPR, and it focuses on holding companies fully accountable for data breaches and confidential data leakages.
  • Lawful, transparent, and fair – business owners need to ensure that their data capturing policies and information storage do not break any laws, are fair, and are fully transparent and understood by employees.
  • Purpose limitation – the information that you collect as a company should all have a specific purpose. You should not be collecting large amounts of personal data simply for the sake of it.
  • Accuracy – steps (including regular updates) need to be taken to ensure that all of the data and personal information that a company holds is as accurate as possible.
  • Storage limitation – when personal data is no longer necessary, companies need to ensure that it is properly deleted or discarded. They should not hoard information that is no longer relevant to them as it poses an unnecessary risk.

What rights do employees have when it comes to their information being gathered by their employers?