11 Feb How To Handle Confidential Information
Mishandling confidential information – even if it happens accidentally – can have significant financial and legal consequences. Human Resources typically ensures that confidential information is kept safe. However, most small businesses do not have a dedicated HR representative, so this responsibility typically falls directly on the owner. Close the door to an easily avoidable lawsuit by knowing how to handle important confidential information.
Define Protected Information
Personally identifiable information is generally protected under a privacy law at the state or federal level. Such information can include but is not limited to social security numbers, mother’s maiden name, addresses, photographs, financial details or email addresses. There is a lot of information that is considered to be confidential, and a large portion of that protected, private information is medical related.
Americans With Disabilities Act
The Americans with Disabilities Act – along with other similar state disability discrimination statutes – widened the scope of confidential employee materials to include all medical and disability information. Employers may only disclose the related information to supervisors who are in need of being informed, and to safety personnel in emergency situations. There are many state and federal laws that prohibit employers from disseminating medical information to non-essential parties.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) protects identifiable health information of health plans and health care providers. The act safeguards workers and their families through prohibiting the discrimination in enrollment and in premiums charged to employees and their dependents based on existing health complications. Even though HIPAA does not directly regulate the information employers hold, it does apply confidentiality to employer-sponsored health plans. These plans cannot use or disclose individually identifiable health information without authorization from an individual.
Ban the Box
The “Ban the Box” campaign started as an effort to break down the rigid barriers that stood in the way of people with prior convictions when they were searching for housing options and job opportunities. It aims to erode the discrimination of people with a criminal conviction by requesting that employers choose the best fit candidate based on skills and qualifications, not past mistakes. The semi-recent “Ban the Box” law that went into effect Jan. 1, 2015, making it illegal to ask for an applicant’s criminal background until after an applicant has been notified of his or her selection for an interview.
Management Information that is not directly used to identify an individual is information that does not need to be heavily protected. While it may not always be legally required to keep it private, if the information was disseminated it could erode employee morale or have other unhealthy social consequences. This includes discussions about employee relations issues, such as layoffs, discipline, employee misconduct or proprietary information.
Keep Confidential Information Safe
Having a dedicated location to store your confidential information is a good idea as long as it is well protected. If you prefer to have physical files, then make sure they are locked up and the key is kept on you at all times. Being in the digital age, many confidential files are stored online. If that is the case, then be sure to have a strong password and to change it frequently. When it is time to dispose of confidential information, there are additional steps that need to be taken. Simply throwing away or deleting a file is not enough. Shredding and wiping a hard drive are the minimum steps that need to be taken to ensure the confidential information is disposed of properly.
Knowledge is key to preventing unwanted and avoidable legal complications which may arise from mishandling confidential information. The reason there is such a large emphasis on protecting the privacy of employee information is to prevent identity theft, embarrassment and discrimination. It is a smart business decision to take internal and external steps to safeguard employee data. Understanding the obligations a business has when handling employee information is the first step to protecting employees. Consulting legal counsel can help further your prevention efforts by increasing your depth of knowledge in confidential information.