Unmasking a company mole

Rodney Hylton-Potts writes;

Can I unmask a company mole? Some confidential information has appeared in local newspapers about my business and I clearly I have a “mole”. Can I find out who leaked the information, or do I risk breaching privacy laws? Is it worth having a strict confidentiality policy?

You can make inquiries to find out who is leaking information and check you have appropriate measures to prevent further leaks in future and to deal with the situation if a leak occurs. It may be that you have some idea of where or who it may have come from – and looking at the electronic records of your business may give clues.

You should have a written policy, making it clear that employees should not expect complete privacy in relation to email or internet usage at work and that such use (and of electronic records generally) can be monitored for business reasons. Looking to see who might have disclosed confidential information would be such a reason.

In the absence of such provision, you can review the use of your business’s electronic and other records, provided you do so in a proportionate way, consistent with protecting confidential information. In such a case, the risk of breaching data protection legislation should be slim.

In addition to updating contracts and policies, consider steps such as restricting access to, and transmission of, sensitive information and marking it “confidential”. Your employment contracts should define “confidential information”, and make it clear that such information cannot be used or disclosed, other than in the proper interests of your business.