Every company has information it must keep confidential for the sake of the organization and its employees. The human resources department is typically tasked with making sure that sensitive information stays confidential, and doing so is no easy task. A breach in confidentiality can cause repercussions that may affect one or several employees, or even the company itself.
That’s why managing the confidentiality of sensitive information is of the utmost importance. HR departments often work with information that, if leaked, could jeopardize or harm an employee or the company. For example, Social Security numbers, if released, could lead to identity theft. Performance reviews and pay levels, if seen by other coworkers, could lead to dissatisfaction or even litigation. HR departments must establish procedures to safeguard all of this information and more. These procedures should include the following:
- Locked cabinets to store paper copies of documents containing any sensitive information. Keys to these cabinets should be personally carried by the HR manager at all times.
- High security, password-protected databases for digital files.
- A thorough orientation process for new HR staff on confidentiality procedures.
- Confidentiality training for all HR staff throughout the year.
- Non-disclosure agreements for employees, contractors, and vendors, to protect the company’s information.
- A detailed process for taking action should any breach of private information occur, including notifying the affected employees.
Regardless of the industry you’re working in, most companies have information they don’t want competitors or outsiders to know, such as financial details or creative content. Non-disclosure agreements are an effective way to make sure the company is protected from anyone who becomes privy to this information as part of their work with the company, whether as a full-time employee or a temporary contractor.
A non-disclosure agreement (or NDA) acts as a legally-binding contract between the signing parties to not disclose the information outlined within. This confidential accord protects the company, since the signing parties would be subject to legal action if either violates the agreement. An NDA should identify the parties involved, define the information that is confidential as narrowly or as broadly as necessary, and the time period during which the confidentiality applies (in some cases a company may choose to extend the confidentiality period for months or years after an employee leaves the organization, to prevent him or her from sharing private information with competitors).
Equally important to drafting a confidentiality policy is making sure that all employees fully understand it. Signing the non-disclosure agreement is the first step, and although many organizations don’t go beyond that, you may find it worthwhile to do so. In this day and age of social media, tweeting, and blogs, it’s easier than ever for employees to slip up and share a private piece of information about the company without even meaning to.
Training and reminders can help employees understand the intricacies of confidentiality, and not only how to avoid accidentally sharing the company’s sensitive information, but also about how the HR department handles their own private information. The more informed they are, the more they will come to appreciate the need for confidentiality and respect it.
Even after you’ve taken all the necessary precautions, a breach in confidentiality is still possible. If an employee’s personal information (Social Security number, immigration status, etc.) or company-related information (pay grade, performance reviews, etc.) has become compromised, the first step is to inform the employee and the employee’s supervisor. Depending on the type of breach, it may be advisable to change security measures, such as passwords and locks.
If the breach in confidentiality affects company information, through a current employee or a contractor, several steps can be taken. In the case of an employee, the breach may be cause for termination. With a contractor, the contract may be voided. In both cases, legal action may be taken against the violating party, especially if they have signed a non-disclosure agreement.
The role of HR in safeguarding sensitive information for both the organization and its employees is of paramount importance. Both the company and the employees could risk tarnishing their reputation if confidential information about either is breached. The HR department’s best bet is to take every possible measure to ensure that no such breach occurs, and if it does, to handle the matter quickly and professionally, whatever the circumstances
Sign up for our newsletter
