Handling Confidential Information
October 2, 2014In this Issue:
Personnel e.bulletin - October 2014
Handling Confidential Information
Prepared for the PHCC Educational Foundation by TPO, Inc.
Confidential Employee Information – What You Must Know and Do
Here are some categories of confidential information that must be treated as such:
Personal Information – lots to protect here and avoid. THINK identity theft!
- Personal (social security number, address, date of birth, marital status)
- Hiring (job application, resume, interview notes, employment history, employment assessments, background checks, reference checks, I-9 forms)
- New-hire paperwork (offer letters, employment contracts, handbook and policy acknowledgements)
- Performance (performance reviews, performance documentation, documented recognition, warnings and disciplinary notices, job descriptions, documented job changes/promotions)
- Compensation and benefits (salary or hourly pay rates, merit increases and bonuses, other forms of pay, pay changes, benefits information)
- Payroll (time cards/sheets, work schedules, pay stubs, direct deposit forms, authorization for deducting or withholding pay, tax forms, status change forms)
- Termination (termination or layoff records, resignation letter, unemployment insurance claims)
- Attendance (dates and reasons for absence, time off, and leaves)
Health & Medical Information.
Any health and medical Information about employees must also be kept confidential under the following laws, in addition to any applicable state laws:
- Americans with Disabilities Act (ADA)
- Health Insurance Portability and Accountability Act (HIPPA)
- Genetic Information Nondiscrimination Act (GINA)
- Workers' Compensation
These laws all impose very strict rules for handling health related information obtained through medical examinations and inquiries. Keep confidential:
- Insurance and benefit enrollment forms and claims information
- Medical exam information
- Workers’ compensation records
- FMLA leave certifications and medical documentation
- Records regarding reasonable accommodations under ADA
- Doctor’s notes
- Drug test results
Medical and benefit record should be kept separate from personnel files and can only be revealed with an employees’ written permission to certain individuals on a legitimate “need-to-know” basis as defined by specific statutes.
Investigation Records – any missteps here can have big consequences, including morale.
You or your HR support must maintain confidentiality of records pertaining to workplace investigations. Investigations may apply to the following:
- Complaints of harassment, discrimination, retaliation, and threats
- Violations of rules or policies; conduct or disciplinary problems
- Performance issues
- Workplace injuries and illnesses
- Safety and security issues
- Witness statements and testimonies; records of interviews; meeting notes, written summaries of incidents with date, time, location, and individuals involved; written statements of complaints, and relevant letters, memos, and paperwork are all information related to investigations that should be kept confidential.
- When conducting investigations, balance preserving confidentiality and conducting a fair and complete investigation. Employees may request confidentiality, but be careful not to promise or guarantee complete confidentiality – you may need to involve other individuals. Instead, reassure an employee that their issue will be taken seriously and dealt with in a fair and appropriate manner.
Now that you know what employee information must be kept confidential – here are some “must dos”.
- All employee records should be kept in a secure location, such as a locked cabinet or locked office.
- Keep in separate files (not in personnel files):
- Medical records and Workers’ Compensation claims – as noted above
- Federal (FLMA) and state leave documents
- I-9 Forms
- Documents pertaining to an employee investigation such as a disciplinary action
- Background checks
Note: Many states have laws which prohibit or limit an employer’s use of background checks (also known as “consumer reports”) or criminal records checks and/or prohibit discrimination based on credit or criminal history information. Be sure to check the applicable laws in your state and consult with an employment law attorney who knows your state laws to ensure full compliance.
- As a good “people” practice, honor requests to view personnel files using a few guidelines:
- Employees must schedule time in advance to view their files with an HR representative – typically employees make a request to see their personnel files when they are troubled by something and/or upset. Having time in advance allows you to make sure that the file is in order, organized, contains only the appropriate materials relevant to the folder, and is generally ready to be reviewed.
- Supervise all viewings
Note: Employee records are considered to be the property of the employer and that employee access to personnel files varies by state; check your local laws.
- Keep personnel files no less than three years from the date of departure. Keep the most current ones (one year or less) secured in the office and the older ones (more than one year old) in on or off-site storage.
- Keep a log to sign and date the personnel files that are purged.
- Shred documents for security.
- Even after you’ve taken all the necessary precautions, a breach in confidentiality is still possible. If an employee’s personal information (Social Security number, immigration status, etc.) or company-related information (pay grade, performance reviews, etc.) has become compromised, the first step is to inform the employee and the employee’s supervisor. Depending on the type of breach, it may be advisable to change security measures, such as passwords and locks.
Confidential Company Information – Formal Agreements Between You and Your Employees
Formal agreements can help maintain the confidentiality of valuable company information such as customer lists, trade secrets, and other proprietary data – both during the course of employment with your company and after the employee leaves.
To help ensure that confidential information remains confidential and that former employees do not use the knowledge gained while working for you to the advantage of another employer, you may consider requiring that certain employees sign agreements which would prohibit them from:
- Working for a competitor or engaging in activities that compete with your business (non-competition agreements).
- Luring your customers or other employees to a competing business (non-solicitation agreements).
- Disclosing confidential information to anyone outside the company or anyone within the company who is not authorized to receive the information (confidentiality agreements).
Note: Non-competition/non-solicitation agreements and confidentiality agreements are generally governed by state law, therefore, the validity and enforceability of these contracts will vary from state to state. Seek advice from an employment law attorney before you begin drafting any agreements.
Advice from an attorney should help you:
- Determine whether your company has a valid need for the agreement – a legitimate business reason.
- Decide which employees should sign the agreement – typically not all.
- Keep the agreement reasonable – duration, geographic area, restrictions of type of business a former employee can engage in.
- Explain the consequences for breaching the agreement – immediate discharge, monetary penalty.
Other Ways to Maintain Confidentiality
Although non-competition/non-solicitation and confidentiality agreements can reduce the possibility that a competitor will take advantage of your confidential business information, keep in mind that these agreements should be part of a larger effort to maintain the privacy of proprietary information and protect your company from competition. Additional steps you can take can take include:
- Choosing carefully those employees who will have access to confidential information.
- Keeping hard copies of the information you wish to protect in locked cabinets and offices, clearly marked as confidential.
- Keeping electronic confidential information in password-protected databases.
- Training employees on how to recognize confidential information.
- Routinely reminding employees that confidential documents should never be left on desks and that restricted information should never be discussed where it could be overheard by unauthorized individuals within the company (such as in office hallways or common areas) or outside the company (such as in elevators, trains or other public places).
As a business owner, you have complete control over how you handle the personal and confidential information of your employees. You have less control over how your employees maintain the confidentiality of your company information, but your rigorous adherence to confidentiality standards will set the stage for a healthy and ethical work environment._____________________________________________________________________________
This content was developed for the PHCC Educational Foundation by TPO, Inc. (www.tpo-inc.com). Please consult your HR professional or attorney for further advice, as laws may differ in each state. Laws continue to evolve; the information presented is as of September 2014. Any omission or inclusion of incorrect data is unintentional. Please note this article is not intended to provide legal advice or to substitute for supervisor employment law training.
The PHCC Educational Foundation, a partnership of contractors, manufacturers and wholesalers was founded in 1987 to serve the plumbing-heating-cooling industry by preparing contractors and their employees to meet the challenges of a constantly changing marketplace. If you found this article helpful, please consider supporting the Foundation by making a contribution at http://www.phccfoundation.org.