Whether you’re working with multiple clients across many projects or managing a team of employees, safeguarding confidential information is crucial for maintaining your small business’ reputation. Clients and customers trust you to handle their details or other private information securely, so experiencing a breach can be damaging.
Whilst you might not be able to always avoid it, for example, if there is a theft, there are lots of measures you can put in place to ensure any information you hold is protected. We’ll look at the impact of a breach of confidentiality and the ways you can proactively protect your business and avoid a breach of confidentiality.
What is a breach of confidentiality?
A breach of confidentiality is when private information is disclosed to a third party without the owner’s consent. It can happen accidentally to anyone, from a sole trader or freelancer to a small business owner with several employees.
What is an example of a breach of confidentiality?
A classic example of a breach of confidentiality is mistakenly sending Client A an email that was meant for Client B. In this instance, you’ve shared Client B’s sensitive information with a third party without their consent. This could either be by you as the business owner or one of your employees.
What is considered confidential information?
Confidential information isn’t just limited to personally identifiable data. It could also include business plans, financial information, or intellectual property that you share with a client as part of your work.
What could happen?
There are three main consequences of a breach for your business: legal, financial, and your reputation.
Legal
From contractual disputes to liabilities for damages, the legal fallout of a breach may have significant implications for your business. It may lead to legal action and depending on the information concerned, could expose you to liability under data protection/GDPR legislation and/or court action for breach of confidence. In addition, the Information Commissioner can prosecute you for breaches of data protection law.
Financial
Legal action can be costly, especially if you’re working on your own. If your reputation takes a hit, this could result in lost business opportunities, or your business ideas may be leaked by an employee, freelancer, or other business you’re associated with.
Reputation
At the heart of it, confidentiality is built on trust and is often the foundation of successful business relationships, future work, and recommendations. That’s why it’s so important to put the correct precautions in place to protect your reputation.
What can I do to avoid a breach of confidentiality?
There are several steps you can take to prevent a breach in the first place. Here are seven questions to ask yourself when handling confidential information.
What information do you have?
Even if it’s just you, understanding and taking stock of what information you have from clients and customers is the first step towards being able to safeguard it. This will give you an awareness of the risks you’re dealing with.
You’ll usually find that your contracts will outline what information is confidential. For example, if you’re a graphic designer working on promotional material for an unreleased and yet-to-be-announced new product line for a business, this may be considered confidential.
Who has access to this information?
Next, you should identify who in your business has access to certain information. If you have a small team, which employees have access to client files? Is any confidential information taken away from the workplace and is this necessary? Do you have employees working remotely or from home who deal with sensitive data?
What are your best practices?
Be clear on the processes and procedures you follow when it comes to protecting sensitive information, just as you would with data protection. How do you collect and process files that are sent to you? How do you store files – are they password-protected?
What policies do you have in place?
Non-disclosure agreements and confidentiality policies are commonplace for helping to protect valuable business data and assets, and can also help you to protect your own business if you have employees. All businesses must have a privacy policy that deals with how they obtain, store, and process personal data, and this must be in plain English and brought to the attention of all individuals who come into contact with the business, online or otherwise. Templates are available on our online legal library for FSB members.
How do your suppliers and the other businesses you work with manage their privacy?
If you use contractors or freelancers on certain projects, make sure you have steps in place to protect your information and any sensitive information you’re passing on.
Is your team trained on confidentiality?
If you have employees, you should train them on your best practices to minimise the risk of mistakes, such as:
- not taking sensitive information away from work
- your password policy, including two step-authentication
- what to do if they’re accessing data whilst working remotely or from home