Breach of confidentiality explained

Breaches of confidentiality refer to unauthorised access, use or disclosure of confidential information, such as sensitive data about finances or personnel. Breaches can be accidental or intentional and can lead to the security or integrity of a client being compromised, which in-turn can result in financial losses and reputational damage.

In this guide, we explain exactly what a breach of confidentiality is. We also look at how to best prevent breaches from occurring in your organisation.

What is a breach of confidentiality?

A breach of confidentiality occurs when information that has been given in confidence is disclosed to a third party without consent. Typically, confidentiality breaches occur accidentally, and those parties affected by a breach can experience a financial losses or reputational damage as a result.

To recoup their money, they may take legal action against your firm. Professional indemnity insurance is the ideal policy to provide cover against such occurrences.

Why is confidentiality so important?

In business, it is crucial that you adhere to data protection laws when handling sensitive information and that your business takes confidentiality seriously.

Failure to protect confidential information that you hold, whether it’s your own data or data that you manage for a client, can not only result in a loss of client trust and business, but also exposes that data to misuse for illegal activity such as online fraud, which could lead to legal proceedings against you in the form of a negligence claim against you.

What is considered confidential information?

Confidential information means any information disclosed by one party to another party that is designated as confidential, proprietary, or similar, or that reasonably should be understood to be confidential given the nature and circumstances of the disclosure.

Confidential information may include information related to the business and its products such as business plans and intellectual property, research and development, technological information, trade secrets, customers, employees, finances, or patents of the disclosing party or a third party.

Confidential information may be in written, oral, visual, electronic, or other tangible form, and may be confirmed in writing after the initial disclosure.

Confidential information does not include information that is or becomes publicly known or available, is received from a third party without breach of confidentiality, was previously known by the receiving party, or was independently developed by the receiving party

What is an example of a breach of confidentiality?

Confidentiality forms the trust needed to attract and retain customers whilst helping to create the foundations for good working relationships. Below are some hypothetical breaches of confidentiality.

• A company laptop containing sensitive client data is stolen or left behind on public transport.
• An employee shares confidential information about a client with friends.
• An employee discloses business information, such as news of redundancies or bankruptcies before they are officially announced.
• An employee emails an attachment containing a client’s business intentions to a competitor.
• An employee talks about confidential information somewhere where they can be overheard, such as a public space.
• A recruitment consultant emails the CV of a potential candidate to employers before getting permission from the candidate.
• An employee leaves an electronic device, such as a laptop or mobile phone, that contains confidential information unlocked and therefore accessible to other people.

Claims for breaches of confidentiality cost UK organisations a lot of money each year, either in physical losses and/or in legal costs. It is not just large companies that have to be careful, small businesses and freelancers are also at risk and need to be vigilant and ensure they are protected just in case they are accused of a breach.

What happens if confidentiality is breached?

For an employee, the consequences of a confidentiality breach could include a HR reprimand such as a suspension or even a termination of employment. Individuals can also be subject to a civil lawsuit if the harmed third party opts to press charges.

Legal action can result in large compensation pay-outs, which could be very damaging to a business. The accused business could also suffer reputational damage as a result of breaching confidentiality, which can harm the company’s ability to attract new business, and it could also mean existing clients leave for a new service provider.

Recovering from a public confidentiality breach can be expensive and require a charm offensive via a strong PR strategy or a complete rebrand.

Remember – maintaining confidentiality is not only a typical contractual requirement, business ethics must also be considered because breaches of confidentiality can cause serious damage to business relationships.

How can organisations prevent confidentiality breaches?

Organisations that store data given in confidence need to protect themselves, and in-turn protect their clients. To do this, confidentiality policies need to be put in place in the organisation and employees trained to follow them.

A few of the best ways organisations can avoid breaches includes:

• Ongoing staff training

Organisations should provide all new employees the correct confidentiality training as an integral part of their onboarding process. This should include the importance of locking computers when they are unattended and not discussing clients in public places. If your organisation works with freelance contractors, then you should ensure they also fully understand your confidentiality policies. This may involve training sessions and non-disclosure agreements (NDAs).

• Use contract law

Organisations should require each employee to sign an employee non-disclosure agreement (NDA), which can help protect the organisation and the client in the event of a confidentiality breach. NDAs make it clear what information can and cannot be shared.

• Limit access to sensitive data

Organisations should restrict access to sensitive data to those who specifically need access to it. Staff who do not need access to data for their job roles should not be granted access. Minimising access to sensitive data can help to mitigate the risk of a breach.

• Use passwords and encryption

Data must be protected using passwords and encryption, such as two factor authentication (2Fa) . This can reduce the risk of cybercrime and prevent a third party from accessing data if a company device is lost or stolen.

• Get comprehensive business insurance

Professional indemnity insurance will not prevent breaches from occurring, but it can protect your business should a breach occur. Cyber insurance is also a good insurance option for organisations that store and/or manage sensitive data, such as financial institutions and recruitment agencies.

For organisations and employees, understanding confidentiality is a fundamental responsibility. Ensuring confidentiality policies are up-to-date, simple to understand, and easy to implement is an essential part of good business management.