Is there a confidentiality crisis in your workflow?
Is there a confidentiality crisis in your workflow?
While sipping a latte last week in a busy Nashville coffee shop, I overheard an employee of a company engage in a work conversation on his cell. Even though I wore earbuds, I could easily hear the employee’s side of the conversation. He was trying to help his client - whom he named, but whom I’ll call “Edgar” - buy a home. Edgar had no credit because he’d been living with his parents, and the employee spoke about Edgar’s option for building credit with a credit card.
Was the employee’s conversation a confidentiality breach?
The University of California - Irvine has what I believe is an excellent definition of confidentiality. The definition, found on the UCI Office of Research website, reads: “Confidentiality pertains to the treatment of information that an individual has disclosed in a relationship of trust and with the expectation that it will not be divulged to others without permission in ways that are inconsistent with the understanding of the original disclosure.”
Said another way, unless Edgar agreed that I was authorized to know his home buying and credit status, the employee’s conversation in the coffee shop was a confidentiality breach.
I am convinced these types of breach-of-trust scenarios occur in offsite work spaces all over the United States multiple times every day, and they reveal a new dimension for workflow considerations: work location confidentiality risk.
Confidentiality expectations often are enumerated in a company’s Code of Conduct. Many companies require an annual attestation to the Code of Conduct. Annual attestations, while useful as a reminder of expectations and consequences, do not impart ownership of confidentiality values to the employee. An employee must own and demonstrate the values, even when “nobody”, i.e. coworkers who would hold one accountable, is looking.
With the emergence of offsite work locations, where coworkers aren’t looking, confidentiality can be relegated to the cobwebbed corners of the mind. “What does it matter if I show my spouse a wealth client’s asset value; my spouse won’t do or say anything.”
Neither an employee’s anonymity in a public work space, nor an employee’s familiarity with the people in one’s home, is an excuse for confidentiality carelessness. The onus for confidentiality falls on the employee, and not on the person(s) in close proximity. Divulging confidential information in the hearing or sight of a non-employee equates to making an unauthorized assessment of bad actor risk.
It will be interesting to see how companies address the confidentiality risks of offsite work locations. Perhaps one solution will be training which specifies confidentiality expectations in offsite locations. Maybe confidentiality risk levels will be assigned to Standard Operating Procedures. Still, another solution could be to restrict access to workflows involving confidential client information so that they are performed onsite only.
Effective Continuous Improvement begins with clarity on workflows, procedures, and training plans.
Operational excellence begins with clarity on workflows and procedures.
This blog was written and edited by a human!
© 2024 Lori K. Barbeau