Confidentiality in the workplace

Confidential information is a very important asset for your business.

Your client lists, strategies and plans are essential to your success.

And as a business owner you need to protect the information most critical to your operations and to your competitive distinctiveness by, amongst other measures, only sharing it on a need-to-know basis, so preventing your ideas from being used, copied or shared by others.

But while a need-to-know basis is a good starting point for disclosures outside your business, sometimes it’s a bit harder to control disclosures when it comes to what happens inside your business.

That’s where statutory and contractual protections come in very handy.

In this guide, we look at the legal and practical steps you can take to ensure confidentiality in the workplace.

Commencement of Employment

First, it is important to educate your employees about confidential information when you hire them.

Depending on the nature of your industry and roles, there may be specific regulations in place on confidentiality of client information or privacy laws and policies.

Be clear on what kind of information is confidential and what can and cannot be discussed outside the workplace.

Secondly, your employment contracts should include detailed confidentiality clauses which set out your employees’ obligations.

This is important, since while they are working for you, they will unavoidably have access to, or indeed be creating, much of your confidential information, and you won’t want that leaking out during, or after, their employment with you.

These clauses should clearly indicate that the confidentiality obligations operate even after the employee leaves their job.

In addition to the contractual obligations that you impose on them, your employees also have a statutory duty to keep certain information confidential: your trade secrets and secret processes.

But this is best reinforced by the contractual terms of their contract with you.

If you didn’t have the contract term as well, the statutory obligation on the employee may not last, in its entirety after they leave.

Employee statutory duties in relation to your trade secrets and secret processes should continue to bind them even after they leave their job with you.

But other forms of confidential information, like customer lists, business strategies, financials and projections, would not fall within that category and without contractual protection, could lawfully be disclosed by an employee.

And in some cases, disclosure of these to a rival business or even to one of your customers, could do just as much harm to your business as the disclosure of something categorised as a trade secret.

It is much easier to enforce a breach of confidentiality clause that is clearly set out in writing.

So, make sure you always have a contract in place with your employees, that it describes clearly, what you consider to be your confidential information and how you expect this confidential information to be handled and respected by the employee, during and after, their engagement by you.

Take a look at our guide on confidential information under a contract to find out more.

Restrictive covenants

Take real care as well in drafting these contract terms and any restrictions that you want to impose on your employees, particularly those that extend after they leave the job.

There are quite strict rules around how long these restrictions can last, how they are judged to be reasonable (and therefore enforceable), and what you are entitled to do in the event of them being breached by the employee.

Our separate guide to restrictive covenants covers these elements.

If this is an area you’re interested, take a look at this guide.

During Employment

There are several practical steps you can take during a worker’s employment to protect your confidential information.

These include:

• making sure all email and other folders are password protected;
• only providing access to relevant confidential information; and
• not allowing employees to take files home without permission.

You should also discourage employees from using their personal devices to access confidential information and have a clear policy around this issue.

Additionally, set up a clear and legally compliant surveillance policy to monitor potential wrongdoing.

For example, your policy may allow you to monitor an employee’s work email or keep track of what they are printing.

You can then check if the employee has emailed anything to their personal email or downloaded client files without permission.

Termination of Employment

Your employment agreements and workplace policies should have clear guidelines on what confidential material your employees must return once they leave their job.

This may include:

• returning company property that has confidential information on it (e.g. a laptop); or
• agreeing to delete any confidential information that the employee may have on their personal devices.

On their last day of employment, make sure you:

• disconnect the employee’s access to email and other confidential information; and
• remind them of their ongoing confidentiality obligations under their employment contract.

If employment has ended because of a disagreement or dispute, you might want to think about entering into a settlement agreement with the employee, which reiterates their confidentiality obligations.

Post-Employment Breach of Confidentiality

If you believe your employee has breached their confidentiality obligations after employment has ended, you can send them a cease and desist letter requesting that they:

• comply with any restrictive covenants;
• stop using any confidential information; and
• sign an undertaking to delete and/or return any relevant confidential information. An undertaking is a legal promise to do something or to not do something.

An employment or disputes lawyer can help you in putting together this letter of demand and undertaking.

If the employee does not accept your requests and you urgently need to stop their use of your confidential information, you can apply for an interlocutory injunction with a lawyer’s help.

This is an order the court can make to temporarily stop someone from doing something before the full matter is heard in court.

The court considers several matters when assessing whether to grant an interlocutory injunction.

If the matter is less urgent, you may be able to commence a civil action for breach of contract or confidentiality.

The consequences of a confidentiality breach

Its rare that a breach of confidentiality at work will occur intentionally.

But even an honest mistake can carry grave consequences.

For example, if an employee left their laptop on a train, any sensitive information stored on it is then available for somebody else’s viewing pleasure.

Or it could be a s simple as sending a private email to the wrong person.

We all know how easy that could be.

As a business, a breach of confidentiality could result in a sizeable compensation pay-out or legal action, depending on the scale of the breach.

Beyond the financial implications, it can be incredibly damaging to your reputation and existing relationships.

Check out our guide on some very simple legal and non-legal steps you can take to ensure confidentiality in the workplace