The Sunday Times - Business Doctor: Stop staff leaks of confidential data

Peter Done: Managing Director and Founder

February 01 2016

HL Writes: With reports last year that various companies were targeted by hackers, I want to ensure that my employees are aware of the importance of keeping company information safe and protected. What can do to ensure my employees are not sharing private information? The term confidentiality is implied into all working relationships and therefore it is automatically understood that a company’s data is not to be shared with any other company and any breaches of this will result in disciplinary action, writes Peter Done, managing director of Peninsula. Despite this, employers often include an express provision in their contractual documentation to enforce the fact that all company data is considered confidential and that all reasonable care should be taken to ensure its security. Additionally, this is often backed up with the inclusion of any breaches of confidentiality as an act of misconduct, including gross misconduct for serious breaches such as deliberately passing client data to a competitors. This could also include carelessness which results in a breach of confidentiality, therefore breaching the requirement to take all reasonable care. This will enable employers to take action against the employee for any breaches, and the employee will be aware of the consequences of their actions. Simple instructions such as keeping confidential information locked away at the end of the working day, or that such information should be carefully disposed of by shredding or other such means are ways of keeping in control of office based information. The advancement of technology means that company information is available on several types of mobile device out of the office. The importance a robust policy on the use of a company’s Information Technology systems is that it allows for effective management and control of data within and outside of the workplace. This would be a wide ranging policy but can cover aspects such as monitoring communication; data security and, importantly these days, ‘bring your own’ devices. Implementing a system of monitoring emails and telephone calls will see that you can keep aware of the communication between your staff and their contacts. You should tell your employees first that you will do this so that they cannot claim that their calls are private, in case any personal calls are listened to. Ensuring all mobile devices have a password that is changed frequently, and reserving the right to remotely wipe all company data from an employee’s own device when it is lost; when there is a suspected breach, or when they leave your employment helps prevent any data loss too.  

Suggested Resources