Human resource professionals are held to the highest standards when it comes to confidentiality. To see why, you only need to look at the type of information that flows into HR.
Common HR documents
- Resumes, job applications and interviews.
- Financial, education and drug-testing information.
- New hire paperwork.
- Employee personal information, including name, address, date of birth and national origin.
- Social Security numbers.
- Work authorizations.
- Pay rates.
- Benefits elections.
- Spousal and dependent or beneficiary information.
- Employment contracts.
- Medical information.
- Time and attendance.
- Employee leave.
- Performance evaluations.
- Disciplinary actions.
- Workplace injury reports.
- Workers’ compensation claims.
- Unemployment insurance claims.
- Investigations and legal records, such as those arising from labor disputes.
- Information on business strategies and processes, such as workforce planning and company mergers or acquisitions.
- Trade secrets.
The vast majority of this information is highly sensitive and must be protected against data breaches and unauthorized disclosure.
Laws governing HR confidentiality
The HR department is subject not only to tremendous ethical standards but also to confidentiality and privacy regulations. These laws include:
- Americans with Disabilities Act (ADA).
- Family and Medical Leave Act (FMLA).
- Health Insurance Portability and Accountability Act (HIPAA).
- Genetic Information Nondiscrimination Act (GINA).
- Workers’ compensation disclosure rules.
- Data privacy laws, such as the General Data Protection Regulation (GDPR).
- State laws that regulate how employers should use, store and transmit employee data.
Coverage requirements may depend on the employer’s location, size or industry.
Consequences of HR confidentiality breaches
Regulatory penalties for noncompliance
The penalties for violating HR confidentiality laws can be stringent. For example, HIPAA violations may result in fines ranging from $100 to $250,000 (up to an annual maximum of $1.5 million) and prison sentences of one to 10 years.
Loss of employee trust
Employees want to know that their private information is in safe, reliable and trustworthy hands. Consequently, failure to appropriately safeguard employee information can lead to employees feeling betrayed. This is particularly true if the unauthorized disclosure comes from an HR professional within the company.
Employers may be able to sue HR professionals who breach their confidentiality agreements.
According to the UpCounsel website, “If an employee’s confidentiality agreement has been breached, the employer may receive monetary damages from the employee. If the damages can be calculated, the employee may be responsible for the entirety of the loss.” Further, the employee can face criminal charges if the confidentiality breach has severely impacted the company.
Employers, too, can be on the receiving end of lawsuits — such as by employees who believe their privacy has been unlawfully violated at work.
Breaches in HR confidentiality can ultimately lead to employee turnover, reputational harm to the organization and loss of business clients.
Confidentiality may not always be possible
In some cases, HR may be required to divulge certain confidential data, such as when the information is mandated by a court order. As a general rule, HR professionals should check state law before disclosing employment-related information to third parties, as some states have provisions on this issue.