Are Your Employees Leaking Confidential Information?


Alastair BrownChief Technology Officer at BrightHR

Thursday, September 27, 2018

Data compliance is a big issue in the modern business environment, but if employees are leaking precious confidential information, you can find yourself in hot water. How do you prevent employees leaking critical business information?

Article 3 Minutes
Are Your Employees Leaking Confidential Informatio

Last week, Amazon has said it is investigating suspected internal leaks of confidential data by its employees for bribes to remove fake reviews and other seller scams from its website.

The consequences of leaked confidential data

Confidential data can be a company’s most valuable asset, whether this is customer data, trade secrets or future developments which will bring significant updates once introduced. Data leaks, however small, can affect a company’s bottom line and reduce customer confidence in the security of the business. Additionally, under the recent EU data protection changes, a leak of personal data can result in a costly penalty for the organization.

How employers can maintain legal compliance

Employees are legally obliged to not share their employer’s confidential data, even if this obligation isn’t expressly included within the employee’s contractual documentation. It is often useful to include such an express term so that employees are reminded of this obligation when they join the company, and this term can be referred back to when necessary.

Confidentiality clauses are also important to include as post-termination covenants because, after employment ends, the confidentiality duty only applies to information which could be classed as a trade secret. Therefore, post-termination restrictions will need to be expressly included in contracts to protect a broader range of information after employment ends.

How are employees leaking data?

Data leaks can be taking place in your business through a variety of methods, for example, data may be intentionally leaked by staff or leaked through careless behavior. In order to reduce the likelihood of employees leaking confidential data, all members of staff should receive training on handling company data. This training should cover areas such as careless talk, email use, data protection obligations and confidentiality outside of the workplace.

Monitoring employees such as workplace email accounts and internet use will help identify where leaks are taking place. To avoid breaching privacy rights, employees will need to be informed of how monitoring will take place, in advance of this occurring. Where the business is aware there is an unidentified data leak, they may wish to consider whether a confidential reporting line can be introduced to encourage internal reporting.

How to fix confidential data leaks

Where careless data leaks are identified, usually through email errors such as attaching the wrong document or emailing an unintended recipient, employers should consider how they can address this. It may be the case that employees are working without paying attention, and a reminder of the importance of securely emailing data will help address this. Alternatively, employees may require training on email software systems to ensure they understand how to use these properly. 

Should it be identified that an employee is intentionally leaking data this needs to be addressed, without delay, through the formal disciplinary policy. Dependent on the circumstances, intentionally leaking data may be considered serious or gross misconduct by the employer.

A reasonable investigation into the allegations will need to be conducted, with further consideration as to whether suspension of the employee is necessary to prevent further data leaks or if other measures to temporarily restrict access can be introduced. Once a formal disciplinary hearing has been conducted, a disciplinary sanction which is reasonable in all circumstances can be imposed. Not only will this help prevent the particular employee leaking data in the future, it will also deter others from carrying out a similar action.

Alastair Brown

Chief Technology Officer at BrightHR

Alastair Brown is Chief Technology Officer at people management software company BrightHR where he is charge of increasing BrightHR’s product offering and meeting and exceeding the requirements of BrightHR’s customer. BrightHR offers a single place to record, monitor and manage all of your people data - from sickness and holidays to rotas and shifts. Plus a hub for employee records and unlimited document storage, all stored safely in the cloud.


Join the conversation...

24/09/2019 Aaqib Raza
When one of your employee leak confidential information of your software house accidentally. How would you respond in a way that is legal, moral, and ethical? Briefly explain.