CLOSE SEARCH
We advise employers and employees on a range of workplace confidentiality issues, from drafting policies and contracts to handling breaches and disputes.
Failing to protect confidential information can lead to competitive disadvantage, reputational damage, financial losses from lost business or competitive edge and/or regulatory penalties particularly for data protection breaches.
Legal action may not always provide satisfactory employer remedies for confidentiality breaches in the workplace - once confidential information is exposed, the damage is often irreversible regardless of subsequent penalties or compensation. Therefore, preventing confidentiality breaches should be the priority for both employers and employees.
Unlike some legal concepts confidential information isn't clearly defined in any single UK law. Instead, courts decide what counts as confidential based on previous cases. Generally, information is considered confidential if it's not public knowledge, was shared with an expectation of privacy, and would harm the owner if disclosed without permission .
Confidential information in the workplace typically includes:
Trade secrets - manufacturing processes, formulas, recipes, technical designs
Commercial information - pricing strategies, client lists, marketing plans, financial data
Personal data - employee records, medical information, salary details
Intellectual property - unpublished patents, product designs, software code
Strategic information - business plans, merger/acquisition plans, expansion strategies
Operational data - internal procedures, security protocols, supply chain information
It's essential for employers to clearly define what they consider confidential, as ambiguity can lead to uncertainty and potential legal disputes. Courts recognise different levels of confidentiality - from everyday business information that employees can use after leaving, to true trade secrets that remain protected indefinitely. This is why being specific about what information needs protection is so important.
Serious breaches of confidentiality can constitute gross misconduct, potentially justifying dismissal without notice. Examples include:
Deliberately sharing trade secrets with competitors
Selling customer databases to third parties
Disclosing sensitive financial information to unauthorized persons
Removing confidential documents to use in a new role
However, employers should expressly define in their policies what level of confidentiality breach might constitute gross misconduct, as not all breaches will justify dismissal. The severity of the breach, intent, and resulting harm are factors that should be considered during disciplinary proceedings.
Employers should understand their various sources of confidentiality rights include :-
Express contractual terms - Specific confidentiality clauses in employment contracts
Implied duty of good faith - All employees have an implied duty not to disclose confidential information
Company policies - Detailed confidentiality and data protection policies
Standalone NDAs - Separate agreements for specific projects or information
Professional obligations - Industry-specific codes of conduct that may apply
Statutory obligations - Requirements under data protection laws
Clear communication about these obligations is essential to protect your business information and to ensure employees understand their responsibilities.
Modern workplace developments create specific confidentiality risks that prudent employers should address :-
Remote Working - creates unique risks, including family members or housemates potentially accessing confidential information, unsecured home networks exposing data to interception, physical documents being improperly stored or disposed of or personal devices being used for work purposes without adequate security
Social Media and Digital Communication - vulnerabilities include inadvertent sharing of information through social media, screenshot sharing of confidential conversations or virtual meetings, email misdirection or inappropriate forwarding
Unsecured cloud storage of sensitive documents
Improper access controls on collaboration platforms
Former employees - present ongoing confidentiality concerns such as knowledge of trade secrets that remain valuable long after employment ends, competitive advantages gained from confidential information and the difficulty of enforcing confidentiality agreements and/or restrictive covenants after employment
Prevention is more effective than seeking remedies after a breach. Employers should:
Define confidential information clearly in policies and contracts
Implement robust IT security including access controls, encryption, and monitoring
Train staff regularly on confidentiality obligations and proper handling of sensitive information
Label sensitive documents as "Confidential" or "Strictly Private"
Limit access to confidential information on a need-to-know basis
Respond to breaches - by investigating promptly to determine the extent of the breach and who is responsible, act to prevent further dissemination of confidential information, consider data protection obligations, follow disciplinary procedures fairly and consistently, evaluate legal options including injunctions if necessary and review and improve confidentiality measures regularly
If prevention fails, employers may consider:
Disciplinary action against the employee (including potential dismissal)
Injunctions to prevent further use or disclosure of the information
Damages claims for financial losses resulting from the breach
Account of profits to recover any financial gain the employee made from the breach
Specific performance to require the return of confidential materials
Enforced undertakings from the employee promising to stop using confidential information
Employees can also be victims of confidentiality breaches, which can have serious consequences:
Personal data breaches: When colleagues or managers improperly access, share, or discuss your personal information (medical records, salary details, performance evaluations, etc.)
Privacy violations: Sharing your contact details, photographs, or personal circumstances without permission
Breakdown of trust and confidence: When other employees or managers share confidential conversations, grievances, or HR matters, causing a hostile work environment
Reputational damage: Gossip or disclosure of sensitive information that affects your standing among colleagues
Data protection violations: Improper handling of your personal data in ways that breach GDPR and the Data Protection Act 2018
These breaches can be particularly damaging when they occur between colleagues, as they can destroy workplace relationships and create a toxic environment. In serious cases, such breaches may constitute a breakdown of the implied term of mutual trust and confidence, potentially giving you grounds for a constructive dismissal claim if the situation becomes untenable.
Confidentiality obligations are not absolute. You may legally disclose information in certain circumstances:
Whistleblowing - protected disclosures of information in the public interest
Legal obligations - court orders or statutory requirements to disclose
Regulatory reporting - disclosures to appropriate regulatory bodies
Health and safety concerns - imminent dangers to yourself or others
Legal advice - sharing information with your legal representative
Law enforcement - reporting criminal activity
If you're accused of breaching confidentiality:
Seek advice from a union representative or employment lawyer
Review the allegations and relevant policies carefully
Gather evidence to support your position
Cooperate with investigations while protecting your interests
Understand the disciplinary process and your rights
Consider whether the alleged breach falls under whistleblowing protection
Document all communications related to the allegations
If your confidential information has been improperly shared:
Document the breach - keep records of what was shared, when, and by whom
Report internally - follow your company's grievance procedure
Consider legal options - in serious cases, speak to an employment lawyer
Report to authorities - for data protection breaches, contact the ICO
Protect yourself - take steps to mitigate any damage from the breach
Get in touch
If you would like to speak with a member of the team you can contact us on:
Partner - Employment law
Luke is a specialist employment lawyer with over 20 years experience.
He specialises in employment law and advises both employees and employers. He is praised for being a creative thinker and is able to solve problems that arise in the workplace...