Confidentiality in the workplace: What you need to know
When you give advice to clients or patients for a living, you'll know that protecting sensitive and personal information is crucial. But are you clear on what counts as a breach of confidence or what to do if one occurs?
From how to protect confidential information, to what breaches of confidence look like for different jobs, here's what you need to know about confidentiality in the workplace.
What is a breach of confidentiality?
In short, a confidentiality breach is the disclosure of information to someone without the consent of the person who owns it. In other words, failing to respect a person's privacy or the confidence in which they gave the information or data to you, by passing it onto someone else.
Why is confidentiality important?
Protecting confidential information is vital. If you're in a position where you have access to or are given this type of data at work, your career relies on your ability to keep patient or client confidentiality. If you don't, you could lose trust and integrity in the eyes of your existing (and potential future) clients, who could terminate your contract and take legal action against you.
Unsurprisingly, patient confidentiality is highly important for therapists and counsellors. It forms part of the therapeutic frame of appropriate boundaries, which creates a safe space for a good working relationship to form.
Here’re some examples of ways you could unintentionally break patient/therapist confidentiality:
- Sharing confidential information about a client with a family member or friend
- Talking about confidential information somewhere you can be overheard
- Leaving your computer containing confidential information open to others
- Continuing to work with a client when there's a conflict of interests (for example, they know one of your family members or friends)
- When permission to share information is given but isn't specific, this can create confusion and result in a potential breach (for example, a patient may give permission for their information to be shared with a teacher but not their GP)
Accounting consultants have a responsibility to act in their clients' best interests. As an accountant, you're required to comply with codes of practice when handling confidential information, which means clients often speak openly and reveal information to you that could damage their business if it got into the wrong hands.
Here's some ways you could end up breaking client/accountant confidentiality:
- Sharing client information with a third party without permission or the authority to do so
- Using confidential information for your own personal gain (or someone else's)
- Leaving personal or sensitive information accessible to others (for example on an unsecure computer or mobile device)
HR consultant/client confidentiality
As an HR consultant, maintaining confidentiality when working with a client is essential for building integrity with business leaders and management. Clients must be able trust you to openly share the information you need to do your job. Here’s some breach of confidentiality examples you could find yourself facing:
- Saving sensitive information on an unsecure computer that leaves the data accessible to others
- Sharing employees’ personal data, like payroll details, bank details, home addresses and medical records
- Using materials or sharing information belonging to one employee for another without their permission, like PowerPoint presentations
- Disclosing information that’s not of a personal nature, like leaking news of redundancies, new products or mergers
Breaking confidentiality – is it ever justified?
There are a small number of cases when breaching confidentiality might be OK. Here are some of them:
- If there’s a significant risk of the client harming themselves or someone else, particularly if a child or vulnerable person is involved
- When sharing the information is required to comply with the law. If it came to light that your client’s company was breaking a law, depending on the circumstances, you may have an obligation to report this, or risk appearing complicit by association
- If the matter falls under the scope of the Public Disclosure Act 1998 (“Whistleblowing”). Strictly speaking, this legislation is there to protect employees. But if the matter is of a serious enough nature and/or it’s in the public interest to breach confidentiality, this law might protect consultants, too
How to protect confidential information in the workplace
There are a few steps you can take to protect yourself and your livelihood from breaches:
- Talk to your client early on about what information you’ll have access to (if they’re a business), how their information will be used and when (if ever) you would need to break confidentiality and share their data. A written contract or agreement is useful here
- Treat personal data very carefully. Don’t store information for longer than necessary, and make sure your computer is secure and compliant (for example, that it has the right security software)
- It sounds obvious, but don’t talk about confidential information relating to clients outside your professional practice. If you are given permission to share sensitive or confidential information, make sure you and your client/patient are both completely clear about who you have permission to share it with and in what circumstances
I think I've breached confidentiality – now what?
Despite your best efforts, sometimes breaches can still happen. When they do, it's best to be honest, so come clean quickly. If you're working with a business client, let their Internal Data Compliance Officer (or equivalent) know. If your breach relates to a patient, speak to your accrediting body – like the UKCP and/or BACP – for advice. You should also contact your own legal representative and tell your professional indemnity business insurance provider.
Do you give advice or provide professional services to your clients? Protect yourself and your business from confidentiality breaches and more by including professional indemnity cover in your business insurance.