Maintaining confidentiality in the workplace is vital. Particularly when it comes to data and personal or sensitive information. Being able to keep information that clients or customers have given to you secure and confidential is key to building trust. As well as keeping you on the right side of legal and regulatory requirements.
Unfortunately, breaches of confidentiality can happen relatively easily and unintentionally so it is important to understand the risks and areas in your business processes which may create possible weaknesses.
You also need to understand how you can protect your business if a breach of confidentiality does occur. Having the right business insurance in place that covers the risks associated with the business that you run will be a key part of this.
What is a breach of confidentiality?
A breach of confidentiality can be defined as the failure to keep confidential data or private information provided to you in confidence by a client. It involves disclosure to a third party without your clients or data owners’ consent.
Most breaches of confidentiality unfortunately happen inadvertently. Many through mistakes which can be easily made by employees. Very few are deliberate. This makes it all the more important to be aware of what a breach of confidentiality is, how they can happen and to tighten up your processes to minimise the risk to your business.
Examples of breach of confidentiality in the workplace
Businesses of all sizes can be open to breaches of confidentiality.
Breaches of confidentially can vary according to the type of workplace, but some general examples include:
- Sensitive information is stored on a laptop. The laptop is stolen.
- An employee accidentally sends commercially sensitive information to the wrong recipient.
- A discussion about business matters overhead by a third party
- An employee who is leaving your business, copies data from a work computer or server onto a hard drive or USB before their employment ends
What are the effects of breaches of confidentiality?
A breach of confidentiality can have far reaching consequences for a business. Including amongst others:
- Legal action from clients who feel harm has been done to them or their business through their information being breached
- Loss of trust
- Impact on your brand reputation and your ability to win new business
- Fines enforced by the ICO under the GDPR
How to protect your business from breaches of confidentiality
It is important to take steps to protect your business from breaches of confidentiality. As we mentioned above, breaches of confidentiality can happen easily. The majority are not deliberate, but the result of mistakes and errors. So having best practice and procedures in place can help minimise the risk.
Suffering a breach of confidentiality can have a significant impact on your businesses reputation and can also have potential financial repercussions in terms of fines or legal costs.
Some steps you can take to protect your business from breaches of confidentiality include:
Limit employee access to data and information
Give employees access to only data that they need to perform their jobs. If data is highly confidential or sensitive, then the employee access list should reflect this. The fewer people that have access to information, the lower the risk of an accidental breach of confidentiality
Adhere to all relevant data protection requirements
Make sure that you have a very clear data protection and privacy policy. This should make it clear to customers how you will collect information and why. It should also make it clear internally how data must be stored and handled. GDPR sets out the step’s businesses need to take to protect data. It also allows fines and penalties to be issued if the guidance is not followed.
Use strong passwords
It is good practice to encrypt and password protect any sensitive or confidential information. Also make sure that any IT equipment is secured with passwords so that data is not accessible. Having strong IT protocols in place helps reduce the risk of cybercrime. Or preventing someone else accessing data in the event of a work laptop/mobile etc being lost or stolen .
Consider putting non-disclosure agreements (NDA) in place
An NDA can help protect both parties for example and make it very clear what information can and cannot be shared
Train your staff
Train staff in security processes to help maintain confidentiality – locking computers when they step away, not discussing clients in public places etc. You may want to put a confidentiality policy in place so that employees know what is expected of them with regards to data etc when they first join your business and what is expected when they leave your business.
Get your business insurance right
Whilst having business insurance in place doesn’t reduce the likelihood of a breach of confidentiality happening, it can help protect you and your business if the worst should happen. From professional indemnity insurance to cyber insurance, knowing what cover you need for the business you run and the risks you face is vital.
Professional Indemnity Insurance
If you are responsible for or deal with client’s confidential information, then you may need to consider taking out professional indemnity insurance to protect yourself and business in the event of a breach of confidentiality. Professional indemnity insurance is designed to protect your business if a client sues you for a mistake you have made. It can provide cover for the legal costs of defending a claim as well as any compensation awarded as a result of the claim.
If a breach of confidentiality does happen in your business and causes harm to your client’s business, then Professional indemnity insurance will cover the costs of legal advice and any potential compensation that is due to your clients as a result of the breach.
Cyber Insurance
It may also be of use to consider cyber insurance. A cyber-attack may result in a data breach or customer data being compromised. Whilst exact cover varies by policy, cyber insurance can provide cover in areas such as investigating the source of a data breach caused by a cyber-attack, related legal and communications services as well as cover for regulatory investigations that may be required.
Whilst cyber insurance won’t offer legal protection etc in the event of a breach of confidentiality as professional indemnity insurance will, it can help provide support in remedying the data breach and fixing any problems caused by a breach.
At Anthony Jones we have a team of business insurance experts who can work with you to understand the risks your business faces and identify the insurance products that can help protect you against these risks. Get in touch with us today on 020 8290 9080 or email us business@anthonyjones.com.