HR often has vague policies for when they’ll share an employee’s confidential information. Fact: You can’t always promise an employee that her conversation with HR will be confidential.
Say an employee requests an off-the-record conversation. You explain that you’ll share her information only on a “need-to-know” basis. The employee proceeds to describe a nasty sexual-harassment incident. She doesn’t want to push it further, but you need to begin an investigation to protect the organization from a lawsuit.
The employee is hurt because she thought “need to know” meant the discussion was confidential.
Bottom line: You need a clear policy for handling off-the-record conversations. Mishandled confidential information can lead to lawsuits, hurt morale, damage employees’ reputations and threaten their jobs.
1. Go beyond the boilerplate phrase, “We will share information on a need-to-know basis.” Try this policy language:
“We can’t always promise confidentiality, but we want to be mindful of our employees’ privacy rights. To respect the privacy of individuals in this organization, the HR department has a general policy that it will release information about employees strictly on a need-to-know basis with the appropriate person or people within the organization.”
2. Don’t promise confidentiality. If an employee requests confidentiality, set the ground rules by saying: “I can try to handle it confidentially, but if you tell me something that I have a duty to share with the appropriate people, then I must do so.”
3. Protect yourself from “reluctant victims.” Suppose an employee reveals confidential information but insists that HR take no action.
Do the following: Have the employee sign a dated letter describing what she revealed, and explaining that she requested no HR action. That protects you if she later “remembers” that she asked HR to act on the complaint.