Confidentiality in the Workplace

“What Happens in Vegas Stays in Vegas.” We are all familiar with that phrase and tend to chuckle a little when we hear it. A similar phrase exists in the HR world that goes like this: “What Happens in HR Stays in HR.” It’s a humorous play on words, but the meaning is serious. For those who are tasked with HR responsibilities, confidentiality is something that always needs to be “top of mind”. Let’s go over the basics of it all.

What is the problem with confidentiality at work?

Let’s be blunt: You have a problem. You have to make sure all of the information that is on your hands doesn’t get leaked and you have to comply with the different data protection laws and agencies. It is what it is and it’s not a joking or simple matter. Some GDPR fines can go up to 100,00 euros and, as an HR manager, it’s all in your hands. A whole company could close because of a small mistake. So, with that said, you must keep certain information about all of your employees, and rules are in place governing how you must keep this info confidential. These rules are regulated by corresponding agencies in each country, and it’s very important that you go over them before even collecting information. Whether you keep them physical or electronically in-the-cloud records, for those who work in an HR capacity, you are entrusted with maintaining sensitive information about employees and management issues. You must also protect information under laws that govern confidentiality. Not keeping certain information confidential can result in lawsuits, identity theft, and other serious issues. It can also undermine the HR Department’s credibility and integrity.

In HR, there are three general areas where confidentiality is a must:

Employee and Applicant’s information

Employee information includes employee files, termination records, absence records, compensation data, performance reviews, hiring documents, etc. Anything that is specific to an employee and doesn’t need to be known except by those who have a “legitimate need to know”, should not be shared. You cannot keep information on race, sexual orientation, religion or political affiliation… EVER. Also, be very careful with what you do with recruitment information including CVs, you cannot eternally keep a CV on you unless you have explicit permission.

Legal Issues and Sensitive Data

HR personnel are privy to a variety of legal and sensitive data. Whether it be internal investigations concerning workplace complaints, conduct or disciplinary problems, drug testing, employee medical issues, benefits enrollment, etc. This type of information should always remain confidential. Be very careful with medical issues because the regulations of what you can and should know are subject to where you are in the world.

Strategic Decisions and Actions

HR can be actively involved in senior management discussions regarding company layoffs, expansions, and restructuring. HR can also be involved in management discussions regarding future business strategies, proprietary workforce information, and other processes that may affect the workplace. All this information should be considered confidential.

How can you keep confidentiality as an HR professional?

As an employer, you hold personal data about your employees, and probably some sensitive data, about your employees. Even if you haven’t entered it onto a computer system, the government rules will apply to you. Having ownership of personal or sensitive data means that you are a Data Controller, who determines how personal data will be handled and used, or a Data Processor, who obtains, records or hold information or data or carries out any operation on that data, including adding it to a file. To be on the safe side and make sure you are a trustworthy HR professional, you should:

1. Set up a culture of confidentiality… and make sure everyone follows it. If you see someone, including managers, chatting or gossiping with personal information of another employee, immediately stop it and make it a case to not let it happen again.
2. Get employees’ and contractors’ explicit permission to process their data. The simplest way to do this is to include a clause in the employment contract or service contract. Make sure that no unauthorized parties, for example, marketing partners, have access to the data. If there’s a third party processing data, you need to add a clause for it and make sure they are compliant with the correct laws.
3. Follow the corresponding information mandates and follow the guidance on how long to retain employee records and interview records for candidates (of course paying attention to the eligible destruction dates).
4. Make sure that managers keep personal data, including notes of one to one meetings, in a secure place and they don’t store unnecessary personal information.
5. Keep electronic data in password protected files and folders or in-the-cloud software that encrypt all the data for your peace of mind.

Most of these things can be solved with in-the-cloud HR software, so the solutions are at the tip of your fingers. If there’s a chance for your company to move to such a safe way to handle information, you can be sure you’ll save yourself a couple of headaches.

It’s a tough world out there working with sensitive data…

Those tasked with HR responsibilities are given a great deal of moral, ethical, and legal responsibilities. Breaches in confidentiality can have a huge impact on the trust of the HR Department and possibly on the business at large. It’s important that those delegated with HR responsibilities maintain the level of confidentiality that is needed and that they are doing it for the common good of their employees and their company. We understand, when HR does their job right, no one gets a simple congratulations, but when they have a small hiccup, it could mean big trouble for everyone. That’s why it’s important that you are doing processes like this as correctly as possible so that you can focus on excelling in your other tasks.