INTRODUCTION
I was saddened to read that JJ Watt had to undergo treatment for a heart condition AND that this information was leaked, possibly by someone in the Arizona Cardinals organization, to the media. I used to work in sports PR, and I hated leaks and when reporters cited “unnamed sources” or “sources close to the team” for their stories.
While it’s difficult to stop employees who purposely act maliciously, you still need to have as many preventative measures in place. Here are three ways to reduce the chances that your employees leak confidential or sensitive information.
UPDATE YOUR POLICIES
As odd as it sounds, you can’t assume that your employees know it’s wrong to share confidential or sensitive information. That’s why you must make this a zero-tolerance policy that goes in the employee handbook or security guide. In addition, your policy should instruct employees how to secure confidential or sensitive information (e.g., not leaving documents on their desk, using a password lockscreen on their computer, etc.).
Make sure all current and new employees are fully aware of and trained in the policy. Your organization also should revisit this point from time to time. For example, if another organization in your industry encountered a news leak, you should use it as a chance to remind your team about your communications policies.
CREATE LEVELS OF ACCESS
You should consider assigning access levels to your information. In JJ’s case, his medical information should be limited to the medical staff and coaching staff, for example. That way if certain information gets leaked, you have a smaller group of employees to question.
For digitized information, you also should have a logbook of who has accessed files and folders on a system.
CREATE A REPORTING SYSTEM
Employees should have a way to anonymously report when they see or discover other employees leaking information. Don’t think of this in a negative sense, e.g., employees are encouraged to rat each other out. On the contrary, this should be an expected practice, as your organization also should have ways for employees to report suspected sexual harassment, ethics violations and other misconduct.
Make sure your managers/supervisors are trained on how to receive and deal with filings appropriately. If you don’t have the staffing or capacity to manage this reporting system internally, you can outsource it. For example, you can use an external hotline or a SaaS platform.