Employee Shared Confidential Information

An employee has been found to have accessed and shared confidential information of the company, what are the steps HR can take to limit the damage?

HR can take the following steps to limit the damage caused by an employee who has accessed and shared confidential information:

1. Immediately suspend the employee’s access to the company’s systems and facilities to prevent further unauthorised access to confidential information.

2. Conduct a thorough investigation to determine the extent of the damage caused by the employee’s actions. This may include identifying the confidential information that was accessed and shared, as well as determining who received the information.

3. Take appropriate disciplinary action against the employee. Depending on the severity of the breach, this may include termination of employment.

4. Notify affected parties of the breach as required by law. This may include customers, suppliers, or partners who were affected by the employee’s actions.

5. Review and update the company’s security policies and procedures to prevent future breaches. This may include implementing additional security measures, such as two-factor authentication or encryption.

It is important to take swift and decisive action to limit the damage caused by the breach and protect the company’s confidential information.

How do you reach out to affected individuals?

If the breach involves the personal data of individuals, the company must notify them as soon as possible. Here’s how to reach out to affected individuals:

1. Contact affected individuals directly: Contact the affected individuals directly via phone, email, or postal mail. Provide them with clear and concise information about the breach, including the types of personal data that were compromised, and the steps the company is taking to address the issue.

2. Provide guidance on next steps: Offer guidance on what affected individuals can do to protect themselves from identity theft and other potential risks. This may include advising them to monitor their financial accounts, change their passwords, or place a fraud alert with a credit reporting agency.

3. Be transparent and empathetic: Be transparent and empathetic in your communications. Acknowledge the impact that the breach may have on affected individuals and assure them that the company is taking steps to prevent similar incidents from happening in the future.

4. Provide a point of contact: Provide a point of contact, such as a dedicated email address or phone number, where affected individuals can ask questions or seek further assistance.

5. Keep accurate records: Keep accurate records of all communications with affected individuals, including the date and time of the communication, the individual’s contact information, and the information provided to them.

It is important to act quickly and communicate clearly and effectively with affected individuals to help them protect themselves from potential harm.


Thanks for sharing this topic which I found informative and helpful. One thing I found useful in my company is we get all new employees (at the point of onboarding) to sign a declaration form about handling sensitive information. The briefing raises awareness and by signing the form, they are bound by the company’s policies. This way helps both parties handle sensitive information better. – Christina

HR Community Form

    Full Name*

    Job Title*

    Company or Organisation Name*

    Work Email Address*

    Contact Number*


    Your Message