Reporting a breach

Any breach of security or confidentiality can have serious consequences, no matter how minor it seems at the time.

Potential breaches of confidentiality and privacy can result from:

  • providing personal information without legitimate purpose
  • releasing the contents of a file for an unspecified purpose
  • carelessness with documents or information
  • providing passwords to unauthorised persons.

Your organisation will have specific procedures for reporting breaches.  These often provide penalties for staff that will vary depending on the seriousness of the breach and whether it is a repeat occurrence.  These could include:

  • official warnings
  • notes on file
  • disciplinary record
  • referral to mediation or board
  • suspension
  • dismissal.

Clients who pass on personal information disclosed in support groups should be given a warning, and may face exclusion from the group.

Case example

A worker in a multi-agency reception area is attempting to identify the needs of a ‘walk-in’ client.  The worker is repeating details loudly and clearly as she writes them down.  She seems not to notice that waiting clients are listening intently.  The town is very small, so it is likely that they know the client.

The supervisor suggests that the interview continues in an enclosed visitor room.  She later gives the worker a warning.  This is the worker’s second warning – a complaint was made less than a week ago – so a note is also added to the worker’s file.

Case example

A person claiming to be the friend of an absent staff member rang wanting to know their new address.  You provide the address, not knowing that the person had been subject to harassment by an ex-partner.  The caller does turn out to be a friend; however the co-worker reports you for breach of privacy, and is considering further action.

Your supervisor gives you a warning, and suggests mediation as an option to resolve tensions.

For serious incidents, you or your agency may be liable for legal action. Read the example below and consider what may happen as a result?

Case example

A co-worker has asked Neil if she can use his computer login and password to complete a task. Neil does not realise this is a breach of information security.  He finds out that she used his login to access a restricted database and view the personal information of a client known to her, but he does not report this. His co-worker later passes on information related to client’s sexuality, which leads to him being bullied and harassed by workmates.  The client makes a complaint against Neil for passing on personal information.

You may like to discuss this scenario with your supervisor to learn about the reporting of breaches and subsequent actions that apply in your workplace.

Last modified: Tuesday, 12 November 2013, 1:25 PM