Your business’ information and intellectual property may be its biggest asset. Your business might have confidential information about the business itself, alongside information that relates to your customers and clients. If so, it is always important to ensure that this confidential information is not leaked by one of your employees. This article will discuss what you should do if you believe an employee has leaked confidential information. It also provides some tips to prevent and manage this type of behaviour.

How Can I Prevent Information Leaks?

Surveillance

The best method to prevent confidential information leaking is to ensure you invest in secure IT systems and manage employee behaviour. You may want to establish systems that can monitor staff internet usage. This system can create alerts if your staff access unsecured websites, or input a USB device into a work computer. Keep in mind that if you do want to surveil your staff’s IT usage, you may need to provide them with the appropriate notice before doing so. 

For example, in NSW, you must provide existing employees with 14 days notice if you wish to surveil them. Further, you need to provide new employees with notice that they will be surveilled before they commence work. 

Each state has different legislation surrounding workplace surveillance, so it is important to make sure that you are aware of your obligations as an employer before you start any workplace surveillance or monitoring of IT systems.

Training

You should regularly train your staff on safe IT practices in the workplace. You should also remind them of their confidentiality obligations and best practice. Here, for example, you can:

  • run training sessions on how to identify malicious websites or scams; or 
  • provide them with practical tips on how to make sure that they do not accidentally breach confidentiality obligations.

Most of the time, a cybersecurity risk or information leak will happen innocently, and not out of malice. By educating your staff on best practice, you will lower the risk of confidential information being inadvertently leaked.

Policies Regulating Employee Conduct

You should have clearly written workplace policies on IT usage and handling confidential information. This might include the fact employees should not download information onto a USB, or use personal devices to handle work information. 

You can also include an IT policy that sets out unacceptable behaviour, such as visiting certain websites or downloading software of any kind from the internet.

What to Do if You Believe An Employee Is Leaking Information

If you think a current or former employee may be at risk of leaking confidential information about your business, you could send them a warning letter to remind them of their confidentiality obligations. If you know that a breach has occurred, you could opt to send a more strongly worded letter of demand that details the legal action you will take. 

In contrast, if you believe an employee has leaked confidential client information, this could potentially be a much more serious matter. As such, you must deal with this issue as a matter of priority. You should take immediate action to discern: 

  • if any confidential information was leaked; 
  • the extent of the leak; and 
  • whether the conduct was intentional or accidental.

Consequences of a Leak of Client Information

Breach Of Contract

Your contracts with your clients will typically contain confidentiality provisions. If your staff have disclosed confidential client information to a party outside the workplace, your business may have breached your contract with your client. As such, you could be responsible for paying compensation to your client for damages they faced due to this breach.

Notifiable Data Breaches

If you are an APP entity, the Privacy Act may impose additional steps that you must take if you think a notifiable data breach has occurred.

Your business will be an APP entity if your business has:

  • an annual turnover of over $3 million; or
  • less turnover than $3 million, but provide health services, contracts with the Commonwealth Government, and sell personal information.

If you are an APP entity, you need to comply with the Notifiable Data Breach Scheme. This means that if an eligible data breach occurs, you will need to notify the individuals affected by the breach, as well as the Office of the Australian Information Commissioner (OAIC).

Not all data breaches will be eligible to be reported to the individual and OAIC. The test as to whether the leak of confidential information amounts to a notifiable data breach is that:

  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information that your organisation holds;
  2. this leak is likely to result in serious harm to one or more individuals; and
  3. your organisation has not been able to prevent the likely risk of serious harm with remedial action.

If you are an APP entity, and you think that an eligible data breach may have occurred, you should contact an experienced privacy lawyer immediately to understand how to respond, and who should be notified.

Managing Employees Who Have Leaked Information

If you have evidence that an employee has breached business or client information, you should investigate the matter thoroughly before taking any action. If you can confirm that the employee is responsible, you may have grounds to discipline them.

However, you should speak to a lawyer before commencing disciplinary action to ensure that you minimise your risk of exposure for unfair termination or disciplinary action.

Key Takeaways

The best way to prevent confidential information leaving the workplace is to make sure you have secure IT systems and procedures. You also need to educate your staff on acceptable conduct. A leak of confidential client information can be far more serious than a leak of confidential business information. If you leak confidential client information, you may be responsible for a breach of contract claim. APP entities also need to follow the Notifiable Data Breach scheme and make sure you take appropriate steps. If you have any questions about how to appropriately handle a leak of confidential information, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Blythe Dingwall
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy