Reading time: 6 minutes

Your business’ information and intellectual property may be its biggest asset. Your business might have confidential information about the business itself, alongside information that relates to your customers and clients. If so, it is always important to ensure that this confidential information is not leaked by one of your employees. This article will discuss what you should do if you believe an employee has leaked confidential information. It also provides some tips to prevent and manage this type of behaviour.

How Can I Prevent Information Leaks?


The best method to prevent confidential information leaking is to ensure you invest in secure IT systems and manage employee behaviour. You may want to establish systems that can monitor staff internet usage. This system can create alerts if your staff access unsecured websites, or input a USB device into a work computer. Keep in mind that if you do want to surveil your staff’s IT usage, you may need to provide them with the appropriate notice before doing so. 

For example, in NSW, you must provide existing employees with 14 days notice if you wish to surveil them. Further, you need to provide new employees with notice that they will be surveilled before they commence work. 

Each state has different legislation surrounding workplace surveillance, so it is important to make sure that you are aware of your obligations as an employer before you start any workplace surveillance or monitoring of IT systems.


You should regularly train your staff on safe IT practices in the workplace. You should also remind them of their confidentiality obligations and best practice. Here, for example, you can:

  • run training sessions on how to identify malicious websites or scams; or 
  • provide them with practical tips on how to make sure that they do not accidentally breach confidentiality obligations.

Most of the time, a cybersecurity risk or information leak will happen innocently, and not out of malice. By educating your staff on best practice, you will lower the risk of confidential information being inadvertently leaked.

Policies Regulating Employee Conduct

You should have clearly written workplace policies on IT usage and handling confidential information. This might include the fact employees should not download information onto a USB, or use personal devices to handle work information. 

You can also include an IT policy that sets out unacceptable behaviour, such as visiting certain websites or downloading software of any kind from the internet.

What to Do if You Believe An Employee Is Leaking Information

If you think a current or former employee may be at risk of leaking confidential information about your business, you could send them a warning letter to remind them of their confidentiality obligations. If you know that a breach has occurred, you could opt to send a more strongly worded letter of demand that details the legal action you will take. 

In contrast, if you believe an employee has leaked confidential client information, this could potentially be a much more serious matter. As such, you must deal with this issue as a matter of priority. You should take immediate action to discern: 

  • if any confidential information was leaked; 
  • the extent of the leak; and 
  • whether the conduct was intentional or accidental.

Consequences of a Leak of Client Information

Breach Of Contract

Your contracts with your clients will typically contain confidentiality provisions. If your staff have disclosed confidential client information to a party outside the workplace, your business may have breached your contract with your client. As such, you could be responsible for paying compensation to your client for damages they faced due to this breach.

Notifiable Data Breaches

If you are an APP entity, the Privacy Act may impose additional steps that you must take if you think a notifiable data breach has occurred.

Your business will be an APP entity if your business has:

  • an annual turnover of over $3 million; or
  • less turnover than $3 million, but provide health services, contracts with the Commonwealth Government, and sell personal information.

If you are an APP entity, you need to comply with the Notifiable Data Breach Scheme. This means that if an eligible data breach occurs, you will need to notify the individuals affected by the breach, as well as the Office of the Australian Information Commissioner (OAIC).

Not all data breaches will be eligible to be reported to the individual and OAIC. The test as to whether the leak of confidential information amounts to a notifiable data breach is that:

  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information that your organisation holds;
  2. this leak is likely to result in serious harm to one or more individuals; and
  3. your organisation has not been able to prevent the likely risk of serious harm with remedial action.

If you are an APP entity, and you think that an eligible data breach may have occurred, you should contact an experienced privacy lawyer immediately to understand how to respond, and who should be notified.

Managing Employees Who Have Leaked Information

If you have evidence that an employee has breached business or client information, you should investigate the matter thoroughly before taking any action. If you can confirm that the employee is responsible, you may have grounds to discipline them.

However, you should speak to a lawyer before commencing disciplinary action to ensure that you minimise your risk of exposure for unfair termination or disciplinary action.

Key Takeaways

The best way to prevent confidential information leaving the workplace is to make sure you have secure IT systems and procedures. You also need to educate your staff on acceptable conduct. A leak of confidential client information can be far more serious than a leak of confidential business information. If you leak confidential client information, you may be responsible for a breach of contract claim. APP entities also need to follow the Notifiable Data Breach scheme and make sure you take appropriate steps. If you have any questions about how to appropriately handle a leak of confidential information, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.


New Kid on the Blockchain: Understanding the Proposed Laws for Crypto, NFT and Blockchain Projects

Wednesday 25 May | 10:00 - 10:45am

If you operate in the crypto space, ensure you understand the Federal Government’s proposed licensing and regulation changes. Register today for our free webinar.
Register Now

How to Expand Your Business Into a Franchise

Thursday 26 May | 11:00 - 11:45am

Drive rapid growth in your business by turning it into a franchise. To learn how, join our free webinar. Register today.
Register Now

Day in Court: What Happens When Your Business Goes to Court

Thursday 2 June | 11:00 - 11:45am

If your business is going to court, then you need to understand the process. Our free webinar will explain.
Register Now

How to Manage a Construction Dispute

Thursday 9 June | 11:00 - 11:45am

Protect your construction firm from disputes. To understand how, join our free webinar.
Register Now

Startup Financing: Venture Debt 101

Thursday 23 June | 11:00 - 11:45am

Learn how venture debt can help take your startup to the next level. Register for our free webinar today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer