Guides & articles Breach of confidentiality at work – What happens if an employee breaches GDPR?

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.

Your employees can have access to a lot of sensitive information about your business, like financial data and client details to name a few examples. If you have suffered a breach of confidentiality at work we can help put you in contact with expert solicitors that will investigate your data breach compensation claim.

Confidentiality breaches at work can be prevented by incorporating confidentiality clauses and restrictive covenants in your employment contracts. These should clearly set out to your employees what information they cannot disclose. Also, confidentiality clauses help to provide an explanation of what your expectations are and the consequences for any employee that misuses workplace data. Putting these boundaries in place will not only create trust between you and your employees and a better working relationship but it will protect your business too.

If you are an employee who has been the victim of a data breach click here for more information.

What is classed as a breach of confidentiality?

A confidentiality breach happens when an employee, contractor, or worker shares or uses specific information that could damage your business, its clients, or other employees. By law business information can be broken down into four types, they are:

•       Trade secrets – details that are protected during and after employment even if there isn’t a confidentiality clause in your contract
•       Confidential information – protected information that your employees know is confidential or it is obvious that it should not be used
•       Employee’s skill or knowledge – employee information that helps them to do their job
•       Public information – details that can’t be protected.

Different forms of information can be protected from a confidentiality breach in different ways. For instance, trade secrets are always protected no matter if they are referred to in your employment contracts or not.

As an employer you might want to protect intellectual property rights, trade secrets, competition from clients (such as through a clause within a contract saying that employees can’t use client lists to entice them away during or after termination of employment).

How can you protect your business from a breach of confidentiality?

Including the following in your contracts can help you protect your business when it comes to confidentiality breaches.

•       An express duty of confidentiality – this is when you state in your contracts what information is confidential, what your employee’s obligations are, and what the consequences will be if they share that information
•       Restrictive covenants – stopping an ex-employee from competing with your business for a certain amount of time after they have left your business.

There is an implied duty of good faith with employment contracts. This can provide some protection against employees sharing confidential information while they work with you but not if they have left. So, there is a high level of risk involved with implied duty.

Another thing to consider is whether all employees need access to specific areas of sensitive information such as client details. Where possible you should limit employee access to confidential information in order to lower the risk of a breach.

What should you do if you face a breach of confidentiality at work?

The most common approach when you discover a breach of confidentiality is to let your employee know that you are aware that they have breached confidentiality. You will have to inform them of the consequences and ask for an undertaking to stop misusing your business information.

You can pursue a legal claim against an employee in the event that they refuse to agree to an undertaking, or the breach has resulted in substantial harm to your business. A legal claim could lead to an injunction (a court order that stops someone using your private information) or damages that the employee is required to pay to you. The court will determine if an injunction or damages is more suitable based on how serious the breach of confidentiality is.

What are the consequences for an employee who breaches confidentiality at work?

Termination of employment

If your employee has intentionally and continuously breached confidentiality in your business, you can terminate their employment. You would need to complete an investigation and take any mitigation (supporting evidence they provide) into consideration before dismissal.

A civil lawsuit

If an employee has made a breach of confidentiality and is no longer employed by you then you can start legal action in the civil courts and/or an injunction.

Damaged reputation

This could affect the employee and the employer, depending on what information has been misused. As a business you could have a defamation claim for slander or libel against your employee. Going forward the employee might struggle with a negative reputation when attempting to seek other employment and the information breached could lead to an impacted reputation for your business too.

Was this article helpful?

Spread the word and share it with your friends and family