Data-Breach.com has dealt with over 14,000 data breach enquiries

Call free

Breach of confidentiality at work – What happens if an employee shares important or sensitive data or breaches GDPR?

what happens if an employee breaches gdpr?

Your employees can have access to a lot of sensitive information about your business, like financial data and client details to name a few examples. If as a business you have suffered a breach of confidentiality at work due to an employee data breach, we can help put you in contact with expert solicitors that will looking into your situation for you and potentially help you bring a compensation claim against those responsible

Confidentiality breaches at work can be prevented by incorporating confidentiality clauses and restrictive covenants in your employment contracts. These should clearly set out to your employees what information they cannot disclose to others.

Also, confidentiality clauses help to provide an explanation of what your expectations are and the consequences for any employee that misuses any workplace data. Putting these boundaries in place will not only create trust between you and your employees and a better working relationship, but it will protect your business too.

If you are an employee who has been the victim of a data breach click here for more information.

What is classed as a breach of confidentiality?

A confidentiality breach happens when an employee, contractor, or worker shares or uses specific information that could damage your business, its clients, or other employees. By law business information can be broken down into four types, they are:

  • Trade secrets – details that are protected during and after employment, even if there isn’t a confidentiality clause in your contract
  • Confidential information – protected information (including employee details) that your employees know is confidential or it is obvious that it should not be used or shared
  • Employee’s skill or knowledge – employee information that helps them to do their job
  • Public information – details that can’t be protected.
 

Different forms of information can be protected from a confidentiality breach in different ways. For instance, trade secrets are always protected no matter if they are referred to in your employment contracts or not.

As an employer you might want to protect intellectual property rights, trade secrets, competition from clients (such as through a clause within a contract saying that employees can’t use client lists to entice them away during or after termination of employment).

How can you protect your business from a breach of confidentiality?

Including the following in your contracts can help you protect your business when it comes to confidentiality breaches.

  • An express duty of confidentiality – this is when you state in your contracts what information is confidential, what your employee’s obligations are, and what the consequences will be if they share that information
  • Restrictive covenants – stopping an ex-employee from competing with your business for a certain amount of time after they have left your business.
 

There is an implied duty of good faith with employment contracts. This can provide some protection against employees sharing confidential information while they work with you, but not if they have left. So, there is a high level of risk involved with implied duty.

Another thing to consider is whether all employees need access to specific areas of sensitive information such as client details or personal data records of fellow employees. Where possible you should limit employee access to confidential information in order to lower the risk of a data protection breach.

What should you do if you face a breach of confidentiality at work?

The most common approach when you discover a breach of confidentiality is to let your employee know that you are aware that they have breached workplace confidentiality under data protection law. You will have to inform them of potential consequences and ask for an undertaking to stop misusing your business information.

You can pursue action against an employee in the event that they refuse to agree to an undertaking, or that the confidentiality breach has resulted in substantial harm to your business. A legal claim could lead to an injunction (a court order that stops someone using your private information) or damages that the employee is required to pay to you. The court will determine if an injunction or damages is more suitable based on how serious the breach of confidentiality is.

What are the consequences for an employee who breaches confidentiality at work?

Termination of employment

If your employee has intentionally and continuously breached confidentiality in your business, you can terminate their employment. You would need to complete an investigation and take any mitigation (supporting evidence they provide) into consideration before dismissal.

A civil lawsuit

If an employee has made a breach of confidentiality and is no longer employed by you then you can start legal action in the civil courts and/or an injunction.

Damaged reputation

This could affect the employee and the employer, depending on what information has been misused. As a business you could have a defamation claim for slander or libel against your employee. Going forward the employee might struggle with a negative reputation when attempting to seek other employment and the information breached could lead to an impacted reputation for your business externally, or internally, if personal data records concerned with your staff were involved.

Next steps if you discover an employee breaching confidentiality

As soon as you become aware of a breach of confidentiality by an employee, whether related to trade secrets or personal data breaches related to employees, you should seek legal advice. A legal representative will be able to inform you, or your company Data Protection Officer, about what steps to take to ensure that personal data is protected and not misused, and the right action is taken against the employee to minimise the risk .

You’ll also receive advice regarding aspects of employment law and how the situation should be handled in relation to your current or former employee. Additionally, you’ll be advised regarding any action you may need to take with regards to sending a personal data breach notification, as required under General Data Protection Regulation (GDPR), if the leak relates to any employee personal data. 

Table of Contents

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0333 070 5800

Lines open 9am – 5pm Mon to Fri

Has your data been handled incorrectly?