What is a breach of confidentiality?
A breach of confidentiality occurs when data or information provided in confidence to you by a client is disclosed to a third party without your client's consent.
While most confidentiality breaches are unintentional, clients can still suffer financial losses as a result. In order to recoup their money, they may take legal action against your firm. Professional indemnity insurance is designed to cover against such instances.
Example of claims scenarios include:
- An IT professional having a laptop stolen that contains sensitive data about their client
- A management or business consultant accidentally emailing a confidential attachment containing a client's future business intentions to a competitor (this is particularly relevant if you have several clients who operate in the same industry)
- A recruitment consultant sending a CV to an employer without getting permission from the applicant first
- A fitness professional (such as a personal trainer or dance teacher) emailing a personalised training plan to someone other than the person it is intended for
Breaches of confidentiality claims cost UK organisations millions of pounds each year. However, it is not only large companies who have to be aware of breaches of confidentiality. Increasingly, smaller businesses and freelancers are at risk. It is important to remember that maintaining confidentiality is not only a contractual requirement, but also a moral one, and it can destroy business relationships very quickly.
Tips for keeping confidential data safe
Whatever the size of your business, it is important to have the appropriate policies and procedures in place to help protect both parties' data. Providing confidentiality for your business begins with the creation of a confidentiality policy (if you have employees, make sure they read and sign it). These can differ from business to business but, once in place, there are a range of steps you can take to minimise the chances of a breach of confidentiality:
- Managing folder permissions to prevent unauthorised employee access
- Limiting access to 'shared' email inboxes
- Encrypting confidential information held on removable media
- Checking with clients whether they are happy for you to share potentially sensitive information
The outcome of breaching confidentiality can vary; sometimes an apology can be enough for a client, however if they have suffered a loss, legal action may follow. The costs just to defend the claim can be expensive, before factoring in settlements or court costs, which is why professional indemnity insurance is generally seen as vital cover for professionals working with confidential information.