Think about the amount of information and records that you maintain about employees. Now, think about the valuable information you possess about your clients and customers. Do you treat those two groups of data the same when it comes to confidentiality?
Employment attorneys warn that some employers aren't. They're taking a substantial risk by plowing more time and effort into protecting client information and shrugging off employee data privacy. One problem hindering the effort is lax supervisor attitudes about the importance of privacy.
Editor's Note: For more information on protecting your employees' information, visit Personnel files: Identifying vulnerable record-keeping practices
The fact is confidentiality can quickly become a legal issue in many workplace decisions and activities. While certain employment-related data obviously must be protected, here are a couple more frequently overlooked employee data categories you should also protect:
Privacy during hiring
During the selection process, you should keep applications, interview notes and references under wraps. But other sources of confidential information exist beyond the personnel file.
With many organizations using 360-degree performance reviews and peer interviewing, managers and co-workers may stumble upon confidential information without knowing it. It's important to stop privacy leaks before they start. How? By teaching everyone involved to keep quiet about information that's shared in interviews and job reviews.
The hiring supervisor or HR should be the only ones who check references. And the results shouldn't be shared with others, especially subordinates , even if the employee helped in the interview process. Subordinates who are part of a search committee should be excused from the discussion when you develop hiring recommendations. Lastly, never allow outgoing employees to oversee the selection process for their replacements.
Privacy in health data
Consider the employee in drug rehab who returns from a leave of absence to find the details of his recovery had been announced at the office. Or say an employee talks over a private health issue with a co-worker only to find the secret spread to others.
Each of these scenarios carries potential legal hazards. When private medical information is disclosed, the employer opens itself to lawsuits under the ADA's confidentiality provision. (Employees don't need to be disabled to file such lawsuits, and former employees can file those suits, too.) And you face additional liability under the Health Insurance Portability and Accountability Act (HIPAA), which requires you to keep such data private and to ensure its security.
That's why it's important to hammer this point home to supervisors and employees: Never disclose medical information about employees or former employees.
"When it comes to confidentiality, the ability to see the facts from another person's viewpoint will be very helpful in preventing problems," says Joan Renne-kamp, an HR professional with Denver law firm Rothgerber, Johnson & Lyons LLP, who works with attorneys and clients in the firm's employment law practice. "Breach of confidentiality cannot only be a legal problem. Perhaps more importantly, it can create a breach of trust that is difficult, if not impossible, to repair."
Rennekamp says it's crucial to train every staff member on privacy issues. At least annually, management should discuss and review with all employees the types of confidential information they may encounter in their jobs and the proper way to handle it.
"It's not productive for any employee to become the 'rumor mill' for the company, and this point needs to be consistently enforced," she says.