The first step employers need to take is to carry out a full and thorough investigation in to the matter. The easiest way to resolve any suspicions is to monitor and review the employee’s company emails or computer use. Any right to monitoring is usually set out in the company’s internet, email or technology policy and may also be outlined in any confidentiality policy. Monitoring should not be excessive and the employee must know what will and won’t be caught, for example, whether personal emails will be read.
Where the investigation uncovers evidence of divulging confidential information, then the employer should take formal action. This is essential to sanction the employee and also send out a clear deterrent to others. The appropriate sanction will depend on matters such as the information divulged, the seniority of the person, whether this was intentional, the employee’s length of service and their previous disciplinary record. Any disciplinary sanction needs to be reasonable in all the circumstances. In some cases, it will be reasonable for an employer to treat this as gross misconduct which summarily ends the contract of employment however, this will not always be the case.
Employers who have these suspicions, whether proven or not, may wish to introduce a confidentiality policy to ensure their business is protected in the future. A policy should set out the company’s rules on confidentiality, what can and can’t be done with company information, whether monitoring will be carried out including how and when, and any action that will be taken if the policy is breached.
Protecting the business becomes even more essential when an employee leaves. Ex-employees can take confidential information to competitors or use this information to set up in competition themselves. To avoid ex-employees divulging confidential information even after they have left employment, employers should put restrictive covenants in place. These restrict the employee’s actions and can cover confidentiality and disclosure.