Confidentiality in the Workplace

IN THIS SECTION

It’s an unfortunate reality for business owners that employees are a potential source of commercial risk.

While it’s rare that a breach of confidentiality at work will occur intentionally, even an honest mistake can result in severe consequences.

This makes it business-critical to take certain measures to protect your commercial interests, such as using confidentiality clauses in employment contracts and having effective confidentiality policies and procedures in place.

In this guide for employers, we discuss the potential threats presented by breaches of confidentiality in the workplace and the measures employers can take to help mitigate these risks.

 

Why is confidentiality at work important?

Confidentiality laws work to protect information that is shared on the basis it will remain private property. An agreement doesn’t need to be signed for this law to apply, although companies will usually include a confidentiality clause in employment and client contracts.

Workplace confidentiality refers to any confidential information that you come across in the course of business. The information could relate to proprietary information, employee information collected by their employer or personal information of clients and customers captured through the course of business.

In this article, we focus on commercially-sensitive proprietary information, although employers also have to ensure compliance in respect of personal information under the GDPR.

In the UK, the general public is also protected by the General Data Protection Regulation – more commonly known as ‘GDPR’. The implementation of these regulations means that any business using personal data is responsible for using the information lawfully, transparently and securely. Failing to adhere to these laws and regulations can result in fines and legal action.

 

What is confidential information?

For information to be considered ‘confidential,’ the owner must believe it would be detrimental to them for it to be leaked, that the information is not already in the public domain, there is no consent to share it, or it is marked as confidential in some way. Examples of confidential information could include:

  • Existing and prospective activities of the business e.g:
    • Business plans
    • Financial information
    • Existing and prospective customers
    • Customer lists
    • Existing and prospective suppliers
  • Existing and prospective marketing information e.g:
    • Plans
    • Strategies
    • Tactics
    • Timing
    • Research and development activities
  • Any information given to the employer or employee in confidence by:
    • Customers
    • Suppliers
    • Employees
    • Other business contacts

 

Consequences of a confidentiality breach

Regardless of whether sensitive information has been intentionally leaked or unintentionally or negligently shared, the implications of a confidentiality breach can be hugely damaging and costly.

As a business, a breach of confidentiality could result in sizeable compensation pay-outs or legal action, depending on the scale of the breach.

Beyond the financial implications, it can be incredibly damaging to the company’s reputation and existing relationships. If it becomes public knowledge that private information was shared without consent or you experience a data breach, you could lose trust not only from your existing clients but from prospective ones too. Recovering from a data breach can be costly and takes a strong PR strategy to get back on track.

For example, if an employee left their work laptop on a train, any sensitive information stored on it is then available for somebody else’s viewing pleasure. Or it could even be something as simple as sending a private email to the wrong person.

As an employee, the consequences of breaking confidentiality agreements could lead to termination of employment. In more serious cases, they can even face a civil claim, if a third party involved decides to press charges for the implications experienced from the breach.

 

Confidentiality clauses in employment contracts

 

 

Preventing breaches of confidential information in the workplace

Employers should take steps to support confidentiality in the workplace and manage the risk of breaches.

 

Confidentiality clauses in employment contracts

Confidentiality clauses or agreements should be included within employment contracts. This should be read and signed by all new starters, to confirm they legally agree to keep confidential information private. It’s important for them to understand why it’s essential to protect private data and what the procedures are for keeping information safe.

Non-disclosure, or confidentiality agreements, have become very popular and are commonplace in most larger companies. Some of the most popular clauses include:

  • Employees cannot discuss certain trade secrets with anyone including their families
  • Employees cannot work for a competitor brand for a specified time after leaving their current position.
  • Concepts produced while in their position will be the property of the company

 

Employees could risk termination of their contracts, or even claims made by their employer if any part of their non-disclosure contract is breached.

Confidentiality clauses should be reviewed regularly and adapted to suit the changing needs of the business. Boilerplate, one size fits all text rarely works or provides the required protection.

If the employer wants to amend an existing employment agreement to deal with, for example, confidential information in detail, it will need the employee’s written consent.

If an employee withholds consent to the change to his employment agreement unreasonably there may be grounds for dismissal.

 

Non-Disclosure Agreements/ Confidentiality Agreements

Confidential information can sometimes make its way outside of the workplace – so you want to make sure you’re protected from that too.
Even though you may not be formally engaging with someone as an employee or contractor, you might still be sharing business information through commercial discussions.

For example, an investor may be interested in your business or a contractor may be undertaking work for you.

This could involve a series of discussions where you might be disclosing lots of confidential business information to make your business look good – from your financial data to clientele and sales strategy.

If this is the case, it is always a good idea to have a Non Disclosure Agreement (NDA), or a Confidentiality Agreement, to make sure that investor doesn’t use or share that confidential information anywhere else.

 

Confidentiality policies

It’s important that employees understand their roles, responsibilities and obligations. Well-drafted confidentiality policy can help ensure your workplace guidelines are consistent and practical. This should be supported by adequate training for employees. For example, highlighting how social media and gossiping may lead to confidentiality breaches.

While it may seem like common sense not to share private documents with third parties, it’s all too easy to let one’s guard down during casual conversations or on social media. Gossiping about a co-worker interviewing for a rival company or repeating something that another person said about their boss – these are both examples of sharing information you were told in confidence.

 

IP Assignment Deeds

This is a type of legal document that completely transfers ownership of any intellectual property (IP) created by one person to another person. IP is key to the success of many businesses – and making sure that your IP is protected also makes sure that your business is protected.

In business, having this legal contract will make sure that any employees, shareholders or contractors who access or contribute to any intellectual property made within the course of your business will therefore assign that IP right back to you. For example, if you hire a contractor to help create your company logo, you want to make sure that company logo belongs to your company. Otherwise, that contractor will have every right to resell and distribute that logo to other businesses. Under an IP Assignment Deed, that contractor will assign all rights of the logo to your company, so that only you and your company have an exclusive right to use it.

 

Insurance & indemnity

Having professional indemnity cover and cyber and data risk cover as part of your business insurance policy can help to cover costs incurred in the event of a confidentiality breach.

 

Security & tech

In today’s world, technology has made it easier to access sensitive and confidential information within a business. This means it’s critical to have security and procedures in place to effectively protect your company from the potential consequences of confidentiality breaches.

For example, encrypting files and databases with passwords, using a secure storage platform that prohibits outside access or potential security threats, and systems that restrict access and permissions to certain information and documents within your business. This helps to manage and restrict who can access commercially-sensitive and confidential information, and also promotes a workplace culture of confidentiality. For example, you could restrict all the accounts and financial data of your business to the specific people who work with this information directly. This avoids other workers from accidentally (or intentionally) stumbling across this sensitive information, which may invite bias, discrimination and criticism.

 

Does a departing employee have a duty of confidentiality?

Can an employer deter an employee and new employer from using its confidential information? Unfortunately, without express written agreement from the former employee, the employer can be in difficulty.

It is an implied term of employment that whilst employed and afterwards that an employee must not:

  • Disclose to third parties the employer’s confidential information and trade secrets, if
  • Obtained during and as a result of, the employment;
  • Use the employer’s confidential information for their own purposes.

Employers should draw attention to this implied duty of confidentiality during employment, through training and workplace policies. To reduce risk, emphasise this contractual duty post-termination.

Once employment ends, however, the implied duty of confidentiality survives only to protect genuine trade secrets.

Relying on an implied duty does not put the employer in as good a position as relying on an express duty. Reliance on an implied duty is very limiting for employers in practice. There will be resistance from the employee as to what is covered and what is not. A number of important clauses such as not to copy client databases and use them are not automatically implied into any employment agreement.

It is best practice for employers to define ‘confidential information’ sufficiently widely in the contract of employment to include everything your employees may create or access whilst employed.

A contract term requiring an employee to delete and return confidential information is usually enforceable. Courts do order the destruction of confidential information on ex-employee’s work and personal electronic devices. If necessary, the court order could stretch to their new employer’s devices.

 

Absence of clause in employment contract

In practice, it can be difficult to control the deletion of confidential information if there is no express agreement. Employers can expect employees to resist interference with their personal devices unless the employer has reserved the ability.

Settlement agreement

Employers can restate confidentiality obligations in a settlement agreement. This is useful if the employment contract was wrong, or the employer wishes to enhance the original obligations.

To be legally effective, if you restate the obligations then the ex-employee should receive payment in return. The payment for the re-stated obligations is taxable under PAYE. There is often little guidance as to the re-stated obligation’s taxable value.

 

Need assistance?

As business employment lawyers, we advise employers on the effective use of confidentiality terms and agreements within employment contracts. Taking a proactive approach to managing the risk of confidentiality breaches is the best way to protect your commercial interests by detering breaches and providing you with access to remedies in the event you are the victim of a breach. For specialist advice, contact us.

Last updated: 9 July 2022

About DavidsonMorris

As employer solutions lawyers, DavidsonMorris offers a complete and cost-effective capability to meet employers’ needs across UK immigration and employment law, HR and global mobility.

Led by Anne Morris, one of the UK’s preeminent immigration lawyers, and with rankings in The Legal 500 and Chambers & Partners, we’re a multi-disciplinary team helping organisations to meet their people objectives, while reducing legal risk and nurturing workforce relations.

Contact DavidsonMorris
Get in touch with DavidsonMorris for general enquiries, feedback and requests for information.
Sign up to our award winning newsletters!
We're trusted