In today’s increasingly litigious and highly competitive workplace, confidentiality is important for a host of reasons:
Failure to properly secure and protect confidential business information can lead to the loss of business/clients.
In the wrong hands, confidential information can be misused to commit illegal activity (e.g., fraud or discrimination), which can in turn result in costly lawsuits for the employer. Many states have laws protecting the confidentiality of certain information in the workplace. The disclosure of sensitive employee and management information can lead to a loss of employee trust, confidence and loyalty. This will almost always result in a loss of productivity.
What Type Of Information Must Or Should Be Protected?
Confidential workplace information can generally be broken down into three categories: employee information, management information, and business information.
Employee Information: Many states have laws which govern the confidentiality and disposal of “personal identifying information” (e.g., an employee’s Social Security number, home address or telephone number, e-mail address, Internet identification name or password, parent’s surname prior to marriage or driver’s license number).
The Americans with Disabilities Act of 1990 (ADA) requires employee medical and disability information be kept confidential and limits access to those employees who have a “business need-to-know” (e.g., supervisors who need to know about restrictions on the work of an employee or other reasonable accommodations that need to be made, safety personnel handling medical emergencies, government officers investigating complaints of disability discrimination).
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates healthcare providers’ use and disclosure of individually identifiable health information (known as Protected Health Information).
The Immigration Form I-9s must also be protected from accidental disclosure. The information contained on these forms (e.g., national origin, age) should be kept confidential so as to avoid discrimination claims from employees.
Confidential management information includes discussions about employee relations issues, disciplinary actions, impending layoffs/reductions-in-force, terminations, workplace investigations of employee misconduct, etc. While disclosure of this information isn’t necessarily “illegal,” it is almost always counterproductive and can seriously damage the collective “psyche” of a workplace.
We oftentimes refer to confidential business information as “proprietary information” or “trade secrets.” This refers to information that’s not generally known to the public and would not ordinarily be available to competitors except via illegal or improper means. Common examples of “trade secrets” include manufacturing processes and methods, business plans, financial data, budgets and forecasts, computer programs and data compilation, client/customer lists, ingredient formulas and recipes, membership or employee lists, supplier lists, etc. “Trade secrets” does not include information that a company voluntarily gives to potential customers, posts on its website, or otherwise freely provides to others outside of the company.
What Steps Can Be Taken To Better Protect Confidential Information?
Develop written confidentiality policies and procedures: Every business/organization should have a written confidentiality policy (typically in its employee handbook) describing both the type of information considered confidential and the procedures employees must follow for protecting confidential information. At the very least, we recommend employers adopt the following procedures for protecting confidential information:
- Separate folders should be kept for both form I-9s and employee medical information.
- All confidential documents should be stored in locked file cabinets or rooms accessible only to those who have a business “need-to-know.”
- All electronic confidential information should be protected via firewalls, encryption and passwords.
- Employees should clear their desks of any confidential information before going home at the end of the day.
- Employees should refrain from leaving confidential information visible on their computer monitors when they leave their work stations.
- All confidential information, whether contained on written documents or electronically, should be marked as “confidential.”
- All confidential information should be disposed of properly (e.g., employees should not print out a confidential document and then throw it away without shredding it first.)
- Employees should refrain from discussing confidential information in public places.
- Employees should avoid using e-mail to transmit certain sensitive or controversial information.
- Limit the acquisition of confidential client data (e.g., social security numbers, bank accounts, or driver’s license numbers) unless it is integral to the business transaction and restrict access on a “need-to-know’ basis.
- Before disposing of an old computer, use software programs to wipe out the data contained on the computer or have the hard drive destroyed.
A confidentiality policy should also describe the level of privacy employees can expect relating to their own personal property (e.g., “for your own protection, do not leave valuable personal property at work and do not leave personal items — especially your purse, briefcase or wallet — unattended while you are at work”) and personal information (e.g., “your medical records are kept in a separate file and are kept confidential as required by law”).
Finally, all businesses/organizations should have their confidentiality policies reviewed to ensure compliance with state law. For example, the New York Employee Personal Identifying Information Law, which became effective January 3, 2009, requires the creation of policies and procedures to prevent the prohibited use of “personal identifying information” and requires employers notify employees of such policies and procedures.
Train management and employees on confidentiality policy: Oftentimes, simply having a written confidentiality policy is not enough. In order for the confidentiality policy to be effective, managers, supervisors and employees must be educated on confidentiality issues and the company’s policies and procedures. Management and employees should be allowed an opportunity to ask questions about the policies, and everyone should be trained to avoid putting sensitive information in e-mails. Many companies and organizations include this training as part of the new-hire/orientation process.
Management should also be instructed as to the proper way of communicating with the company’s inside and outside counsel so as to ensure that certain work-related documents and e-mails are protected by the attorney-client privilege.
Enforce Confidentiality Policy:
This is one of the most important steps a business/organization can take to protect its confidential information, and unfortunately, it’s oftentimes the one step that is ignored. All the policies, procedures and training in the world will not matter if those policies and procedures are not enforced. In order for a confidentiality policy to have “teeth,” employees who violate the policy must be disciplined in accordance with an employer’s corrective action procedures.
Consider Having New and/or Current Employees Sign a “Non-Disclosure” Agreement:
These agreements go by many names. Sometimes they are called “non-disclosure agreements,” and other times they are called “proprietary information agreements.” Regardless of title, these agreements are contracts designed to protect the confidential “business information” described above (e.g., “trade secrets”). These agreements are vital to most businesses today, especially considering the ease in which employees can now electronically transfer large amounts of information, much of which would be incredibly damaging in the hands of a competitor.
When it comes to confidentiality, prevention and deterrence is key. The first question we ask our clients when they contact us in response to a potential confidentiality breach is “do you have a confidentiality policy and/or non-disclosure agreement?” The stronger your policies and agreements, the better you are prepared to take quick and effective action to protect your business/organization. Of course, we are always available to counsel employers in the area of confidentiality and to develop policies and agreements that provide businesses with the proper safeguards.
+ All Confidentiality Essays:
- Case Study of Ethics
- Counselling Skills
- Person Centred Approaches to Counselling- Creating a Safe Space
- NVQ 5 Communication
- Ethics and Law in the Field of Counseling
- How Group Leaders must Conduct themselves and their Group
- Managing Business Information Systems
- What Is Essential in the Helping Relationship?
- Be the Manager: Creating an Ethical Code
- Solving HealthCare’s eMail Security Problem
- Security Policy Framework
- The Ethical Dilemmas of Genetic Testing for Huntington's Disease
- Case Study
- Legal and Ethical Considerations - Task 1
- Computers and Homeland Security
- Waterfall Life Cycle Model and Agile Methodology
- Managing Medical Ethics and Legal Requirements in a Primary Care and Health Environment
- Unit 028 - Develop Positive Relationships with Children, Young People
- Professional and Ethical Issues in Person-Centred Counselling
- P4 – Outline Working Strategies and Procedures Used in Health and Social Care to Reduce Risk of Abuse. M2 – Describe Legislation and Regulations, Working Strategies and Procedures Used in Health and Social Care to
- Profession Issues in Counselling Person Centred
- Network Security
- Wgu Nut1 Nursing Informatics
- health communication
- Ethical Dilemmas for Lawyers, Staff, and Management
- Unit 4222-302 Engage in Personal Development in Health, Social Care or Children’s and Young People’s Settings
- Cost Accounting and Decision Making
- Ethics and Evaluations in Psychotherapy
- Why I Chose to Become a Mental Health Counselor
- Work-Related Project Analysis, Part I
- Cypcore33-1.1 Outline Current Legislation, Guidelines, Policies and Procedures Within Own Uk Home Nation Affecting the Safeguarding of Children and Young People.
- Litigation - Study Questions
- CSEC 610 Individual Assignment
- Health Care Communication Methods
- Counselor´s Record Keeping System
- Hnc Health Care Reflective Account
- Investigative Psychology
- Undestand the Impact of Policy, Legislation, Regulation, Codes of Practice and Standards on Organisation Policy and Practice
- It244 Access Control
- Code of Business Conduct and Ethics
- Task 4
- Butler Assessment 1 Facilitate the Counselling Process doc
- Identification of Ethical and Legal Dilemmas
- Abuse in Government Care
- Health Care Rights
- Traits of an Effective Counselor
- Stigmatization and Discrimination: Living with HIV/AIDS in Canada
- An Ethical Dilemma in the Description of a Case
- Internal Control for Information Security
- Unit 203 Business
- An Analysis of 'The Immortal Life of Henrietta Lacks'
- Proposal for the Relocation of an Office
- Analysis of the Movie 'Analyze This'
- The Changing Nature of Family Life
- Level 3 Health & Social Care Diploma(Adults)
- Unit 219 Nvq L3 Business and Administration
- Breaching the Security of an Internet Patient Portal
- Unit 301 Communication and Professional Relationships with Children, Young People and Adults.
- Effective Communication in the Early Childhood Education Environment
- Importance of HIPAA and the Bill of Rights in the Healthcare System
- Accountant Responsibility
- Ethical Issues in Psychology
- Benefits of Alternative Dispute Resolution
- Communication and Child
- Cypop Assessmsnt Task 3
- Ethical Issues in Group Counseling
- Patients' Rights and Access to Medical Records
- Unit 4222-301 Promote Communication
- School Counseling: A Case Study in Ethical Decision Making
- CCMH506 R2 Personality In Counseling Worksheet WK1
- 301 Communication
- Unit 3: Communication and Professional Relationships with Children, Young People & Adults
- Circle of Conflict and the Triangle of Satisfaction Models