New research by Cass Business School shows that leaking details of a takeover approach before formal announcement is more common in the UK than anywhere else.
This practice helps to drive up the purchase price of companies being sold and can even scupper a sale. Other types of wrongful disclosure of confidential information can have equally serious commercial ramifications.
How then can an employer protect itself from leaks of sensitive confidential information, and what should an employer do if it discovers a leak has taken place?
Preventing the problem
This is about a variety of steps designed to ensure that employees understand what amounts to confidential information, which must not be disclosed, and the serious repercussions in the event of disclosure.
An employer should achieve this through clear express provision within employees’ contracts – specifying exactly what is confidential information, carefully identifying particular categories of documents and data, together with clear provision, that wrongful disclosure will amount to misconduct, potentially gross misconduct which could lead to summary dismissal; i.e. dismissal without notice.
It is also, however, about practical steps designed to ensure that confidential information is protected within the workplace. This should include steps such as ensuring that the most confidential information is only circulated amongst the smallest possible group of employees who genuinely need access to it for their role. That data needs to be password protected, with individuals signing to confirm receipt, that they understand the obligations of confidentiality, will not wrongfully disclose and, possibly, even remove from the office.
What should an employer do when it discovers a leak?
The first step an employer will want to take is to identify the source and, having done so, to ensure that no further leaks take place. This may require a review of employees’ use of email, internet or other technology which should be permissible notwithstanding employees’ data rights in accordance with a properly drafted email and internet usage policy – making clear that employees cannot have an absolute expectation of privacy and that emails and internet usage may be reviewed to check compliance.
It may also require assistance of specialist IT computer forensics who can frequently assist in ‘uncovering the tracks’ where there has been wrongful misconduct. It may also necessitate interviewing employees, in which case it must be done carefully with a view to ensuring that those interviewed keep matters confidential and also avoiding doing so in such a way so as to risk an allegation of constructive dismissal.
More on confidential details in the workplace:
Once the culprit has been identified, ordinarily they will be suspended, reminded of their continued obligations during suspension and then the investigation will be completed prior to calling them to attend a disciplinary hearing. The disciplinary hearing will need to be carefully conducted with a view to mitigating any risk of a subsequent unfair dismissal claim.
The employee should receive details of the allegations against them in advance of the hearing, be informed of their right to attend with a colleague and have a full opportunity to present their version of events before a decision as to any disciplinary sanction is reached. If there is clear evidence of deliberate wrongful disclosure then no doubt dismissal will be likely and, dependant on the circumstances, the individual may be summarily dismissed.
In summary, protecting confidential information is of paramount importance to any business. The ways of ensuring this are through properly drafted employment contracts and policies, through practical steps within the workplace to protect information and through ensuring that, in the event of disclosure, matters are swiftly investigated prior to a proper disciplinary process.
Taking these steps should also provide a virtuous circle as employees will become aware of the importance to the company of protecting information and of the likely repercussions in the event of a breach.
