Did you know that a quarter of employees have intentionally leaked confidential business data?
That is a huge statistic, and with GDPR deadlines rapidly approaching, now might be a fantastic idea to batten down the hatches and review your internal processes. Especially as a recent survey revealed that the information being shared is typically customer information and bank details. Data leaks like this can leave your business wide open for claims and irreversible reputation damage which can be the death penalty for some businesses.
Morrison recently had an employee who felt scorned after being reprimanded for a drugs incident and stole 100 records. 5,000 disgruntled employees made a claim as a result. Do you have the time and the resource to deal with such events? Most likely not. It is essential employers are aware of data protection clauses in employee contracts and the consequence of potential data leak risks.
If your employee is still employed by you, they are under a legal obligation to not disclose any confidential information, even if nothing has been stated in the contract. The parameters of data protection are a little fuzzy when their contract has ended on what information is protected if there is no clause in the employee’s contract. However, there is no long-term obligation to keep company information confidential.
Employment contracts that are well-drafted protect employers once the agreement has come to an end, therefore they are critical in business. If you have not had your contracts reviewed, now would be a good time to do so.
Not all data leaks are malicious. We’ve all sent an email to our friend John instead of the client we meant to. Statistically speaking, 37% of UK workers don’t always check their emails before sending them. Making mistakes is not a problem. We are human. It is our prerogative. The issue is the 10% of employees that accidentally sent an email with sensitive information attached.
Although very easily done, this is a severe break of confidential data and has serious risks for the business. By 25th May 2018, it also means a GDPR breach for you which you will have to report within 72 hours.
There are some avenues that you can investigate to prevent these breaches happening again. You can start by working with IT and sharing the responsibility on how to deal with incidents where employees do leak confidential data. From a HR standpoint, you can make a point of informing employees the consequences of a leak and review your organisation culture. A high-pressure workplace can result in mistakes where workers send emails without checking what has been sent. You can also revisit your old documentation to ensure you are compliant and protected.
There is a difference between an employee accidentally leaking business data and an employee leaking data to a competitor on purpose, therefore each incident should be investigated separately to determine whether or not the leakage of data was done intentionally and what can be done to prevent further occurrence.
If you need advice on preventing employees from intentionally leaking data or GDPR, please contact a member of the HPC team:
T: 0844 800 5932