Employee confidentiality is required for conducting an investigation that has minimal impact on employee well-being, business operations and employee/employer reputation. A successful investigation needs many boxes to be ticked. One of them is keeping all information secure internally and not allowing outsiders to access any sensitive data that could negatively affect the investigation process or business growth. How can this be done? We have come up with some strategies that will be helpful.

What does employee confidentiality cover?

When referring to confidentiality in an investigative context, it means protecting the privacy of those involved in the investigation, such as the complainant, witnesses and accused individual(s). Confidentiality is essential to ensure that these individuals feel safe to report any wrongdoing or cooperate fully with the investigation without the fear of retaliation or unwanted publicity. Employee confidentiality includes names, positions or anything else that could potentially identify employees. 

 Maintaining confidentiality is crucial in any investigation, but it becomes even more significant when dealing with high-profile cases like the Wells Fargo scandal. In such cases, ensuring the anonymity of the parties involved can prevent media coverage, encourage more witnesses and whistleblowers to come forward, and ultimately lead to a more effective investigation.

Protecting employee confidentiality

So, how can businesses ensure that they maintain confidentiality during an investigation? Here are some practical tips and best practices:

  1. Establish clear confidentiality policies
  2. Use secure software
  3. Hire experienced investigators
  4. Limit the sharing of information
  5. Communicate securely
  6. Seek legal advice
  7. Conceal and double check

1. Establish clear confidentiality policies

Companies should have clear policies in place that outline how they will handle confidential information and communicate these policies to all employees involved in an investigation. They should also communicate their policies to the investigator responsible for carrying out the process.

Just like most policies, investigation confidentiality policies should be established with employee contribution to get a better idea of what will work for the organisation. For example, the IT department can share what is possible within the systems, while the accounting department can share whether something can be afforded. Other employees can offer ideas about how the policy can be improved.

2. Use secure software

Many programs purport to provide case management solutions or features – for example, there are numerous ‘case managers’ built on the back of popular CRM software, or your HRM system may allow for ‘case notes’ on an employee file. However, these are not dedicated investigation systems designed for running investigations and, along with not having the same kind of features required for running an efficient investigation, they’re also not designed with detailed security in mind.

 To maintain confidentiality in an investigation, while being able to share the information you need to share, you need a dedicated investigation management system designed with granular security – down to the level of individual documents and individual fields. This way, you can share the information that needs to be shared with stakeholders, while ensuring the rest is only accessible on a need to know basis. Further, everything that is kept confidential should be stored in an encrypted format, and accessible only with strong password security and multi factor authentication. Many of the points discussed here require, or are at least easier to control, with the right software

3. Hire experienced investigators

When it comes to protecting employee confidentiality, businesses cannot take any chances. Even though hiring experienced workplace investigators may seem like an added cost, it is a wise investment that can save the company from potential lawsuits and reputational damage.

Experienced workplace investigators have the necessary skills and expertise to conduct thorough investigations that respect employee privacy and confidentiality. They know how to collect evidence without violating anyone’s rights and can identify any breaches of company policies or legal requirements.

Moreover, hiring reputable investigators can enhance the trust and confidence of employees in the company, making employee morale and loyalty increase. When employees feel that their privacy is respected and protected, they are more likely to stay with the company and perform at their best, especially when it has to do with a sensitive matter.

Conducting internal investigations can be time consuming and detract from other important business functions. By outsourcing this task, companies can free up their own resources and focus on core business operations, while also ensuring the investigator is impartial. That way they ensure that confidentiality is protected and they reduce both administrative time and costs.

4. Limit the sharing of information

In order to protect employee confidentiality during an investigation, it is crucial to limit the information that is shared. Gossiping and sharing confidential information with outsiders can have a negative impact on employees who are under scrutiny or are suspected of wrongdoing.

Outsiders could create rumours or spread false details that could make the investigation process more stressful and potentially cause retaliation. Making it clear to employees that they are not allowed to share any information with outsiders (except for professionals) can help to preserve the integrity of the investigation as well as the privacy of employees who may be involved.

By not leaking the details of the investigation, management can maintain control over the process and ensure that sensitive information does not fall into the wrong hands. It is important to communicate only what is necessary to those who are directly involved in the investigation, such as HR staff and legal counsel. This may require the company to implement strict protocols for handling information and limiting access to certain documents or files.

employee confidentiality

5. Communicate securely

When conducting a workplace investigation, employers need to ensure that sensitive information remains secure at every stage of the process. Failure to do so could harm or embarrass the individuals involved. 

 Secure communication channels, such as encrypted messaging or password-protected file sharing, can help prevent unauthorised access to personal data. These technologies provide an additional layer of protection against cyber threats that may attempt to access confidential information as well as any other outsiders.

 When conducting interviews with employees, it is important to ensure that the conversations remain confidential. One way to achieve this is by conducting interviews in a private and secure location, away from prying eyes and ears. During the planning phase of the process, investigators should take some time to consider where the interviews will take place and why. A place away from the workplace (such as the investigator’s office) or a place within the business with low foot traffic could be ideal. 

 Another detail that must be considered is how the investigator records interview notes. Should they use handwritten notes or a digital device? They should think of how strong their security is and what the chances are of physical notes ending up compromised. If the interviews are taking place online, the meeting should be password protected to prevent third parties from joining. 

 All parties involved in a workplace investigation should be mindful of their communication practices. This includes avoiding discussing investigation progress and updates over unsecured channels, such as social media or personal email accounts. This will ensure that employee confidentiality is protected, as people will not be able to forward or screenshot messages and emails.

6. Seek legal advice

Obtaining legal advice can ensure that all aspects of the investigation are conducted in compliance with the applicable laws and regulations, preventing any breach of employee confidentiality. This is especially important when an investigation is led by internal staff members. They might not have enough experience or might not be aware of all the relevant rules they need to follow.

Legal advisors can provide guidance on how to maintain employee confidentiality during an investigation. They can advise the employer on what information can and cannot be shared with third parties, including other employees, to prevent the breach of privacy of the employees under investigation. It is always beneficial to have another perspective or someone more knowledgeable sharing strategies and assisting with completing a smooth investigation.

Legal advisors can help employers to establish strict procedures for handling sensitive information, including documentation, evidence gathering and witness statements, to preserve the confidentiality of employees throughout the investigation process. This can directly relate to the first tip which requires strong policies and procedures.

7. Conceal and double check

One of the most effective ways to protect employee data is by concealing their names in interviews or documents. This method ensures that their identities are not disclosed to unauthorised persons who may try to access these records. It would be beneficial to have a conversation with the employer and discuss whether it is necessary for the accused to know who reported the incident.

Concealing would also include witnesses not knowing who else is involved – that way, individuals will not be able to agree on a fixed story. They will be able to provide a more honest recount of events. It is necessary to note that this is not always possible if witnesses are friends or work closely together as they will share their involvement with each other.

However, it can increase the integrity of investigations as they will not be aware of the questions asked if they are interviewed one after the other. As mentioned above, using investigation software with detailed, granular security will allow you to provide necessary information to witnesses and other persons of interest, while concealing key information such as names. Double-checking personal details such as home addresses, phone numbers and email addresses can also help prevent any unintentional data leaks.

This involves taking the necessary verification steps to confirm that the information provided is correct and ensuring that it is kept confidential while being used for internal purposes only. When sending an email it is wise to check whether there is a dash, weird spelling or other symbols that could look like letters. For example, someone using 0 as o or L as I. If possible, double-check with all parties and copy-paste addresses when applicable. By taking these measures, organisations can protect employee confidentiality and ensure a more private investigation.

Wrapping up

In many cases, it is not possible to guarantee complete employee confidentiality. Just like with every risk, companies can try to minimise it or avoid it but may not be able to eliminate it. Make it clear to those involved that the findings may need to be disclosed to others, primarily for legal reasons. Any breach of confidentiality can not only have devastating consequences for employees but can also result in legal and financial penalties for businesses. Therefore, it is essential that companies prioritise confidentiality as a core value and take proactive steps to protect employee privacy.

At Polonious, we know how important it is to protect employee confidentiality and ensure a private and effective investigation. We offer our clients a secure system to store sensitive information and record cases, with detailed security settings down to the field level. We provide them with automatic follow-up case updates and only share information with those responsible for each issue. Moreover, we are ISO 27001 and ISO 9001 certified which highlights our commitment to high-quality and confidential case management. Request a demo to learn more about how we can help you!