In this time where companies are adapting to the digital trend, confidentiality in the workplace is becoming more challenging. Say, for example, trade secrets and client lists are now stored online, which means there’s a higher risk of data leakage. But I’m not blaming it all on the technology — in fact, employees are the highest risk to a company’s confidential information. They may accidentally leak information by clicking on phishing links. Additionally, it can be an inside job planted by an opposing company.
There’s truly no room for assurance in today’s upsurge of highly competitive companies. You need workplace confidentiality more than ever to avoid catastrophic consequences for your business. Failure to secure confidential data can lead to the loss of clients. Another result is the stolen data can be used for illegal activity, which might cause you a costly lawsuit.
Confidential Information in the Workplace
To establish confidentiality in the workplace, you must know what types of information are needed to be protected. Confidential workplace information is generally divided into three categories, including employee, business, and management information. The leakage of such information can be subject to legal actions under Republic Act No. 10173 (Data Privacy Act of 2012).
1. Employee Information
Personal information is considered sensitive and confidential in the workplace. Such information includes:
- Social Security number
- Home address
- Telephone number
- Email address
- Parent’s full name
- Driver’s license number
- Health information
- Immigration forms
To secure such sensitive data, companies must release data privacy notice and consent form for an applicant prior to his first day of work.
2. Management Information
Management information is simply the rules, policies, and management tactics of a company. While disclosure of this type of information is not directly illegal, it can cause damage to the spirit of the company.
3. Business Information
Also called “proprietary information” or “trade secrets,” this information isn’t generally known by the public. Common business information includes financial data, forecasts, computer software, ingredient formulas, and business plans.
Common Examples of Violation of Confidentiality in the Workplace
- Former employee disclosing your list of clients to your competitor
- Copying data from the office computer to a flash drive or hard drive
- Using work email to send a personal email
- Outsource software company using the same software they sold you for another business
3 Ways to Ensure Workplace Confidentiality
1. Add confidentiality clauses to your employment contracts
While it may sound pessimistic for some, employees are the biggest threat to your company. You can lessen this threat by having employees sign a contract with a confidentiality clause. As a result, this makes them legally responsible for any kind of confidential information that must only be between them and the company. They must not compete with your business by joining a similar business, solicit other employees, nor reveal any sensitive information even after their employment.
Make sure that your agreement contains a clear definition of what confidential information is. By doing this, it would help eliminate misunderstanding between you and the employees. Another thing involves the agreement to ownership of a newly created project (also known as “work made for hire”). Specifically, this agreement must specify whether the company keeps the right to the project after the employee resigns from the company.
2. Create social media policies and mobile phone policies
Confidentiality training is an integral part of a company’s on-boarding process. It is done through employee handbooks, training, or online lectures.
There are two policies that every company must implement as part of their confidentiality training: social media policy and mobile phone policy.
Social media is another threat to workplace confidentiality. Sadly, only 29% of companies implement a policy for this.
The reason why social media is a risk to your business is that it can damage your reputation. Moreover, it can be a medium for information leakage. Even what might seem like a harmless tweet could pose severe damage to the company.
Another thing is mobile phone policy. Most employees use their mobile phones to communicate with external entities (friends, family, or even competitors). This could compromise data in unobvious ways, like taking a picture of private data, dispel information, or upload them to their device.
Make sure to develop a mobile phone policy as it covers the use of mobile phones in the workplace. Moreover, don’t forget to include penalties for violation of the policy.
3. Develop a response plan and an employee exit process
Create a contingency or response plan for when private data gets leaked. Make sure to plan for all possible situations, like published trade secrets or an employee feeding private data to competitors. It is important to plan for various situations, so to prepared if confidentiality violations occur.
The HR department must have a clear process for employee exit. This is to ensure that they won’t be leaving with any private information. Your employee exit process must include an exit interview with the employee. Also, he must submit all of his work and return all properties owned by the company. Furthermore, make sure to disable all employee accounts, emails, and remove database permission on the day of his official resignation.
Extra Tips to Maintain Confidentiality in the Workplace
1. Store private data in a safe place
For manual files, there should be separate folders for I-9 forms and employee information. Make sure to keep private data in a locked cabinet or area. While for computerized information, you can protect it by installing a firewall, encrypting the data, and changing passwords regularly. Then for software like payroll software, choose a payroll software company that guarantees security.
Take note that these files should only be accessible to select employees — particularly those in the upper rank and some HR and IT employees.
2. Maintain organization to preserve confidentiality in the workplace
Employees must show their confidentiality skills by organizing their desks regularly. Always make sure to clean the desk of any confidential information before going home at the end of the day.
Additionally, avoid discussing confidential information in public places and team chat apps.
3. Ensure proper disposal of information
All private data — whether manual or computerized should be disposed of properly. For manual information, you must shred the copies before throwing away. You can also burn or wet it, just to be extra safe. For computerized information, don’t forget to clean the recycle bin after deleting it. Additionally, make sure to format the system and have the hard drive destroyed before disposing of an old computer.
From the HR department to the accounting department, all employees must adopt procedures to maintain confidentiality in the workplace. The HR department must lead all the employees by having a written confidentiality policy. Also, they must check up on every employee if they are observing proper confidentiality skills.