Safeguarding Confidentiality: Preventing Breach of Sensitive Information

August 28, 2023 Employment Law

In today’s world, employers need to prioritize protecting sensitive information. Data breaches have become a regular occurrence; and, while cyberattacks targeting well-known companies make headlines, attacks targeting small and medium-sized employers are far more common.

Setting aside the risk of an external data breach, employers have important safeguarding needs to consider. If an unauthorized employee were to gain access to a co-worker’s personal information or company personnel inadvertently disclose employee sensitive information, the risk is the same as are the potential liabilities. 

Protecting Employee Sensitive Information

Companies of all sizes need to take several steps to protect employee sensitive information. While the specific needs (and legal obligations) of an employer often depends on a variety of factors like size, industry, number of employees, some steps to take include:

1. Implementing Cybersecurity Applications and Protocols

All companies need to implement cybersecurity applications and protocols that are suited to their specific needs. As noted above, although the needs may depend on various factors, companies must carefully assess their needs to ensure they are implementing adequate protections without overspending.

2. Implementing Physical Safeguards for Employee Sensitive Information

Along with cybersecurity applications and protocols, companies must also implement adequate physical safeguards to protect employee sensitive information. Here, too, specific needs will vary—and range from locking hardcopy employee files in a cabinet to issuing key cards and restricting access to the locations where employee files are stored.

3. Adopting and Enforcing Employee Access Policies and Procedures

To further mitigate the risk of a breach of sensitive information, companies must adopt and enforce appropriate employee access policies and procedures. Employees should receive training on these policies and procedures, and companies should have clearly delineated disciplinary measures for employee violations.

4. Monitoring, Reassessing and Addressing the Company’s Security Needs and Duties

Safeguarding employee confidentiality is not a one-time event. Instead, companies need to take proactive steps to protect employe’ sensitive information on an ongoing basis. This includes monitoring the effectiveness of their protocols, policies and procedures; periodically reassessing their needs and obligations; and upgrading their security measures when necessary.

5. Having Procedures in Place to Respond to Breaches of Confidentiality

Recognizing that a breach of confidentiality is a very real possibility, companies must have procedures in place to respond effectively when the time comes. Prompt action (including an internal investigation) can be crucial for mitigating the consequences of a breach—not only in terms of protecting employee confidentiality, but also in terms of protecting the company from liability.

Questions? Contact Us to Learn More

Do you have questions about what your company can (and should) be doing to protect its employees’ sensitive information? If so, we encourage you to contact us to learn more. To arrange a confidential consultation at AR Group, please call 720-452-3300 or get in touch online today.