One in four employees have intentionally leaked confidential business information to people outside their organisation.

In a survey of 2,000 UK workers, data privacy and risk management company Egress Software Technologies suggested that those who leak data are more likely to share information with competitors, or new or former employers. This included bank details and confidential customer information.

Half of all survey respondents said they had deleted, or would delete, emails from their sent folder if they had sent information somewhere they shouldn’t.

“As with many organisational behaviours, HR has a role to play in ensuring the workplace culture is aware of issues around data. One thing HR could do to minimise the malicious leaking of information is ensure concerns are both raised and dealt with in a fair way that does not compromise the overall employee experience,” said David D’Souza, the CIPD’s head of London.

There will always be a minority of people who are opportunistic, so there should be a shared responsibility between HR and IT on how to deal with such incidents, depending on their severity. Steps that can be taken to minimise the risk could be as simple as reminding people at the point they resign about rules on data protection around other organisations and information.

If an employee is still employed within their organisation, even if nothing is written in a contract of employment, they are under a legal obligation to not disclose confidential information. Prevention is often better than cure so, employers should be conscious of data protection clauses in their employment contracts, and be aware of the risks former employees could pose.

Once someone has left, if there is no clause in the contract, only your trade-secrets will be protected. Well-drafted contracts are vital, because they protect employers once a contract has ended, and draw an employee’s attention to their obligations.

Even without malicious data leaks, the research suggests organisations are being put at risk by slapdash email behaviours, with more than a third (37 per cent) of respondents reporting that they do not always check emails before sending them. The biggest human factor in sending emails by mistake was ‘rushing’ (68 per cent), with almost one in 10 (nine per cent) employees admitting to accidentally sending sensitive attachments such as bank details or customer information in error.

High-pressure workplace cultures don’t help. Employees send emails without thinking, or when they are too tired to concentrate properly. Almost half (46 per cent) of UK workers said they had received a panicked email ‘recall’ request during their careers, and 35 per cent admitted to sending a ‘fat fingered’ email themselves. Almost half of accidental emails were reported to contain an insult about the recipient, rude jokes or swearing.

While offending an accidental recipient may cause red faces, leaking confidential information can amount to a data breach. As we move towards the General Data Protection Regulation, it has never been more important to reduce the risk of a breach occurring.

Under the General Data Protection Regulation, due to come into force in May 2018, organisations will need to disclose data breaches to the appropriate authorities within 72 hours. If the breach poses a high degree of risk to the rights of the individuals concerned, the business will need to inform the people affected as well.

FREE first advice

Have you ever wanted to just ask an expert employment law solicitor if they can help you, without worrying about what it may cost to contact them?

Get in touch

We’d like to talk to you to see what we can do to help, so please either call us anytime for free on 08000 614 631, email us or use the form below.

Together we can work out what your next steps might confidence, at no cost and with no obligation.


* indicates required
McCabe and Co Solicitors will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:
You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.
We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.