2. Confidentiality in the workplace
• Confidentiality means the state of keeping secret or not
disclosing information. It comes from confide, meaning to trust
someone or tell secrets to them.
• Confidential information, therefore, is information that should be
kept private or secret.
• Confidentiality is simply the act of keeping that information
private.
3. Why is Confidentiality Important?
• Many states have laws protecting the confidentiality of certain
information in the workplace.
• The disclosure of sensitive employee and management information
can lead to a loss of employee trust, confidence and loyalty.
4. Importance
• Failure to properly secure and protect confidential business
information can lead to the loss of business/clients. In the
wrong hands, confidential information can be misused to commit
illegal activity (e.g., fraud or discrimination), which can in turn result
in costly lawsuits for the employer.
• It prevents misuse of confidential information (illegal or
immoral use). It protects reputation. Employment may depend on it
(e.g. non-disclosure agreement). It ensures compliance with the
law.
5. What Type Of Information Must
Or Should Be Protected?
• Confidential workplace information can
generally be broken down into three
categories:
1.Employee information,
2.Management information, and
3.Business information.
6. Employee Information:
• Many states have laws which govern the
confidentiality and disposal of “personal
identifying information” (e.g., an employee’s
Social Security number, home address or telephone
number, e-mail address, Internet identification
name or password, parent’s surname prior to
marriage or driver’s license number).
7. Management Information:
• Confidential management information includes
discussions about employee relations issues,
disciplinary actions, impending
layoffs/reductions-in-force, terminations,
workplace investigations of employee misconduct,
etc.
• While disclosure of this information isn’t
necessarily “illegal,” it is almost always
counterproductive and can seriously damage the
collective “psyche” of a workplace.
8. Business Information:
• We oftentimes refer to confidential
business information as “proprietary
information” or “trade secrets.”
• This refers to information that’s not
generally known to the public and would
not ordinarily be available to competitors
except via illegal or improper means.
9. Business Information:
• Common examples of “trade secrets” include
manufacturing processes and methods, business plans,
financial data, budgets and forecasts, computer
programs and data compilation, client/customer lists,
ingredient formulas and recipes, membership or
employee lists, supplier lists, etc. “Trade secrets”
does not include information that a company
voluntarily gives to potential customers, posts on its
website, or otherwise freely provides to others
outside of the company.
10. What Steps Can Be Taken To
Better Protect Confidential
Information?
1. Separate folders should be kept for both form I-9s and
employee medical information.
2. All confidential documents should be stored in locked file
cabinets or rooms accessible only to those who have a
business “need-to-know.”
3. All electronic confidential information should be
protected via firewalls, encryption and passwords.
4. Employees should clear their desks of any confidential
information before going home at the end of the day.
5. Employees should refrain from leaving confidential
information visible on their computer monitors when they
leave their work stations.
11. What Steps Can Be Taken To
Better Protect Confidential
Information?
6. All confidential information, whether contained on
written documents or electronically, should be marked
as “confidential.”
7. All confidential information should be disposed of
properly (e.g., employees should not print out a
confidential document and then throw it away without
shredding it first.)
8. Employees should refrain from discussing confidential
information in public places.
9. Employees should avoid using e-mail to transmit
certain sensitive or controversial information.
12. What Steps Can Be Taken To
Better Protect Confidential
Information?
10.Limit the acquisition of confidential client
data (e.g., social security numbers, bank
accounts, or driver’s license numbers) unless it
is integral to the business transaction and
restrict access on a “need-to-know’ basis.
11.Before disposing of an old computer, use
software programs to wipe out the data contained
on the computer or have the hard drive destroyed.
13. What Steps Can Be Taken To
Better Protect Confidential
Information?
• A confidentiality policy should also describe the level of
privacy employees can expect relating to their own personal
property (e.g., “for your own protection, do not leave valuable
personal property at work and do not leave personal items —
especially your purse, briefcase or wallet — unattended while
you are at work”) and personal information (e.g., “your medical
records are kept in a separate file and are kept confidential
as required by law”).
• Finally, all businesses/organizations should have their
confidentiality policies reviewed to ensure compliance with
state law. For example, the New York Employee Personal
Identifying Information Law, which became effective January 3,
2009, requires the creation of policies and procedures to
prevent the prohibited use of “personal identifying
information” and requires employers notify employees of such
policies and procedures.
14. What Steps Can Be Taken To
Better Protect Confidential
Information?
• Train management and employees on confidentiality policy:
Oftentimes, simply having a written confidentiality policy
is not enough. In order for the confidentiality policy to
be effective, managers, supervisors and employees must be
educated on confidentiality issues and the company’s
policies and procedures. Management and employees should be
allowed an opportunity to ask questions about the policies,
and everyone should be trained to avoid putting sensitive
information in e-mails. Many companies and organizations
include this training as part of the new-hire/orientation
process.
• Before disposing of an old computer, use software programs
to wipe out the data contained on the computer or have the
hard drive destroyed.