Managing Confidentiality 2

Every company has information it must keep confidential for the sake of the organization and its employees. The human resources department is typically tasked with making sure that sensitive information stays confidential, and doing so is no easy task. A breach in confidentiality can cause repercussions that may affect one or several employees, or even the company itself.

That’s why managing the confidentiality of sensitive information is of the utmost importance. HR departments often work with information that, if leaked, could jeopardize or harm an employee or the company. For example, Social Security numbers, if released, could lead to identity theft. Performance reviews and pay levels, if seen by other coworkers, could lead to dissatisfaction or even litigation. HR departments must establish procedures to safeguard all of this information and more. These procedures should include the following:

  • Locked cabinets to store paper copies of documents containing any sensitive information. Keys to these cabinets should be personally carried by the HR manager at all times.
  • High security, password-protected databases for digital files.
  • A thorough orientation process for new HR staff on confidentiality procedures.
  • Confidentiality training for all HR staff throughout the year.
  • Non-disclosure agreements for employees, contractors, and vendors, to protect the company’s information.
  • A detailed process for taking action should any breach of private information occur, including notifying the affected employees.

Regardless of the industry you’re working in, most companies have information they don’t want competitors or outsiders to know, such as financial details or creative content. Non-disclosure agreements are an effective way to make sure the company is protected from anyone who becomes privy to this information as part of their work with the company, whether as a full-time employee or a temporary contractor.

A non-disclosure agreement (or NDA) acts as a legally-binding contract between the signing parties to not disclose the information outlined within. This confidential accord protects the company, since the signing parties would be subject to legal action if either violates the agreement. An NDA should identify the parties involved, define the information that is confidential as narrowly or as broadly as necessary, and the time period during which the confidentiality applies (in some cases a company may choose to extend the confidentiality period for months or years after an employee leaves the organization, to prevent him or her from sharing private information with competitors).

Equally important to drafting a confidentiality policy is making sure that all employees fully understand it. Signing the non-disclosure agreement is the first step, and although many organizations don’t go beyond that, you may find it worthwhile to do so. In this day and age of social media, tweeting, and blogs, it’s easier than ever for employees to slip up and share a private piece of information about the company without even meaning to.

Training and reminders can help employees understand the intricacies of confidentiality, and not only how to avoid accidentally sharing the company’s sensitive information, but also about how the HR department handles their own private information. The more informed they are, the more they will come to appreciate the need for confidentiality and respect it.

Even after you’ve taken all the necessary precautions, a breach in confidentiality is still possible. If an employee’s personal information (Social Security number, immigration status, etc.) or company-related information (pay grade, performance reviews, etc.) has become compromised, the first step is to inform the employee and the employee’s supervisor. Depending on the type of breach, it may be advisable to change security measures, such as passwords and locks.

If the breach in confidentiality affects company information, through a current employee or a contractor, several steps can be taken. In the case of an employee, the breach may be cause for termination. With a contractor, the contract may be voided. In both cases, legal action may be taken against the violating party, especially if they have signed a non-disclosure agreement.

The role of HR in safeguarding sensitive information for both the organization and its employees is of paramount importance. Both the company and the employees could risk tarnishing their reputation if confidential information about either is breached. The HR department’s best bet is to take every possible measure to ensure that no such breach occurs, and if it does, to handle the matter quickly and professionally, whatever the circumstances.

Integrating ATS with Skills Testing: How Skills Testing Enhances Recruiting with an Applicant Tracking System

This simple and practical infographic breaks down Millennials’ values and ambitions, what drives their job satisfaction, and what they expect out of companies. It provides a better understanding of Millennials and useful statistics about this pool of candidates.

View Now


  • Tina says:

    Confidentiality can quickly become a legal issue in many workplace decisions and activities. That’s why I think that in order to prevent an unintentional leak of information employees should be provided with regular trainings about how confidential information should be treated so that it would stay confidential. It’s also important to make sure that every paragraph of NDA is clearly understood by an employee so that you won’t expect unpleasant surprises.

  • Paul Weller says:

    HR departments usually have access to very sensitive information such as employment history, salary records, health status etc. This information should be kept confidential not only in order to keep a good company reputation, but also in order to help your employees feel secure when they consult with HR.

  • lizzy says:

    true they must make use of NDA like seriously

  • Sandi says:

    We know that HR is to safe keep confidential data. I would like to know what’s your protocol if sensitive data (SSN, DOB, salaries) were accidentally emailed out to numbers of managers?

  • Iulia from eSkill says:

    Thank you for your message, Sandi.
    We recommend you promptly notify the other party of any suspected or actual data breach involving sensitive data or any suspected misappropriation or misuse. Additionally, you should cooperate with the other party to investigate and remediate any suspected or actual data breach involving sensitive data.

  • David says:

    When the HR person is the person sharing your information such as a wreck at work that no one else has knowledge of happening is this not a conflict of interest? Is it illegal? Isn’t the HR person suppose to protect our information?

Subscribe to Our Blog

Stay Social