What is a breach of confidentiality?

Trust is the cornerstone of professional relationships, especially when you’re dealing with sensitive information. You have to be able to trust that anything private you share won’t be disclosed to anyone else without your approval. If this does happen, it’s called a breach of confidentiality, and it can fundamentally damage relationships and harm reputations, as well as trigger significant legal consequences. 

​​Here, we define what a breach of confidentiality is, explore its ramifications, and offer guidelines on how to prove that it’s taken place.

What is considered a breach of confidentiality?

A breach of confidentiality is when confidential or private information is shared with a third party without proper authorisation or justification. Confidentiality refers to the understanding that sensitive information will remain private and only be used for its intended purpose. If this trust is broken, we say that there has been a breach of confidentiality.

To constitute a breach, a situation usually has to meet the following criteria:

• The person who shared the information expected it to be kept private. They might have this expectation because of the type of relationship concerned, because it’s been outlined in a contract all parties have signed, or because of the nature of the information itself. For example, doctor-patient and solicitor-client relationships assume a level of confidentiality. And it’s considered unethical to share someone’s private financial information if you have access to it.

• The information was disclosed to someone who wasn’t authorised to receive it. This might involve deliberately sharing information, accidentally leaving sensitive information where others could find it, or failing to secure digital information properly.

• The disclosure must occur without consent or legal justification. In some instances, it’s perfectly legal to share confidential information, such as when there’s a risk of someone being harmed or when a court orders information to be disclosed. If information is shared without consent or justification, however, it’s likely a breach of confidentiality.

Breaches of confidentiality can take many forms, ranging from seemingly minor indiscretions to serious violations.

Are you looking for insurance cover to support your business? Get in touch with us! A member of the Howden team would love to help you find the perfect policy!

Get a Quote

What are some common examples of a breach of confidentiality?

Here are some examples that help to explain breaches of confidentiality in practice:

• Medical records: A GP discussing a patient’s condition with others or leaving medical files visible on a reception desk.
• Corporate data leaks: An employee sharing confidential business plans or insider trading data with competitors or posting this information online.
• Legal privilege violations: A solicitor revealing details of a client’s divorce case during a dinner party conversation.
• Educational breaches: A teacher discussing a student’s learning difficulties with other parents at the school gates.
• Financial information exposure: A bank employee looking up and sharing an account holder’s account balance or transaction history.

What are the legal consequences of breaching confidentiality?

While some breaches are relatively minor and result in no more than a slap on the wrist, others can have major legal repercussions. The severity of the consequences typically depends on the sensitivity of the information, the seriousness of the breach, the relationship between the parties, and whether the breach was deliberate or accidental.

The most common consequences are:

• Civil liability: If information you shared confidentially is breached, you can bring a claim for breach of confidence, a well-established action under UK common law, before a court. If successful, the court may award damages to compensate you for the losses you incurred.

• Injunctions: Courts can also grant injunctions to prevent the information from being disclosed or misused any further. In serious cases, this might include ordering that materials containing the information be destroyed.

• Penalties: Many professional contracts include confidentiality clauses or standalone non-disclosure agreements (NDAs). Breaching these can result in penalties or the termination of the contract.

• Disciplinary proceedings: In regulated professions like medicine, law, and accountancy, practitioners who breach confidentiality may face disciplinary action from their regulatory bodies. This can result in sanctions ranging from formal warnings to being struck off their professional register, which can be career-ending.

• Criminal liability: While a breach of confidentiality is usually a civil matter, some breaches may be considered criminal offences if they fall under legislation like the Data Protection Act 2018, the Computer Misuse Act 1990, or the Official Secrets Act.

It’s worth bearing in mind that, while it isn’t exactly a legal consequence, reputational damage is also a common fallout in breach of confidentiality cases. Both the individuals or businesses whose information is disclosed, and those found guilty, can lose their public standing, the trust of their colleagues and clients, and future business opportunities.

Can I sue for breach of confidentiality in the UK?

Yes, you can definitely sue for breach of confidentiality in the UK. The British legal system recognises breach of confidence as a valid cause of action, which means that you can address the situation through civil litigation.

Which court you bring your claim to, from the County Court to the High Court, will depend on the value and complexity of your case. You usually have to bring claims to court within six years from the date of the breach. If it’s successful, the court may award you damages or grant an injunction.

Before you take your case to court, however, speak to a solicitor who specialises in privacy or confidentiality law. They’ll be able to assess the strength of your case, and explore other options if they think that suing the person or organisation involved isn’t the best route.

What damages can I claim for a breach of confidentiality?

If you choose to pursue a claim for breach of confidentiality, you can potentially claim for several types of damages:

• Financial losses: This is compensation for quantifiable monetary loss that resulted directly from the breach. It can include lost business opportunities and mitigation costs.
• Non-financial damages: This includes claims for emotional distress, embarrassment, or reputational harm from the disclosure of sensitive personal information.
• Account of profits: This involves claiming for the profits the defendant made from exploiting your confidential information.
• Injunctive relief: This court order prevents your information from being disclosed or misused in the future.

How can I prove a breach of confidentiality?

In order to prove a breach of confidentiality, you have to gather compelling evidence. This process can be challenging, but several approaches can strengthen your case:

• Documentary evidence is often the most powerful option. Look for emails, messages, letters, or memos that reference or contain the confidential information, as well as screenshots of unauthorised social media posts, website content, or digital communications that show it was illicitly shared. Any written agreements like NDAs, employment contracts, or professional service agreements that explicitly show that all parties agreed to hold information in confidence are also important. 
• Witness testimony can be crucial, particularly from individuals who saw the breach first-hand or who were given access to your confidential information.
• Evidence of unusual timing or coincidences often supports breach claims. For instance, if a competitor suddenly implements your confidential business strategy shortly after meeting with a former employee, this suspicious timing may suggest foul play.
• For digital breaches, technical evidence may be necessary. System access logs, audit trails, or forensic analysis of electronic devices can reveal unauthorised access to confidential files or systems. Server records might show when information was sent, and to whom.

Remember that, in civil cases, the standard of proof is “on the balance of probabilities”. This means that you need to be able to show it’s more likely than not that a breach occurred. This is a lower threshold than the criminal standard of “beyond reasonable doubt”.

How do you deal with a breach of confidentiality?

Once you’ve determined that a breach of confidentiality occurred and have enough compelling evidence to prove it, here’s how you can deal with it:

• Notify the breaching party: Inform the offending party in writing that you’ve learned about the breach. You can do this through a cease-and-desist letter, a demand letter, or a letter from your solicitor. Make sure to include the following information:
  
  • Details of the confidentiality agreement they signed
  • Proof that they’ve broken the confidentiality agreement
  • Your immediate demand to correct the situation, such as stopping any breach-related activities immediately
  • Describe what actions you intend to take should the breach continue
• Contain and assess the damages: Take steps necessary to stop the leaks, such as restricting any affected accounts or requesting third parties to delete your confidential information. Once you’ve contained the breach, assess any costs, lost profits, and other damages you may have incurred during this incident.
• Get legal advice: Discuss the breach with your solicitor to explore your legal rights and options, especially if you intend to sue and recover your losses.
• Review and revise confidentiality policies: Take the time to review your confidentiality policies and revise them if needed. Do whatever you reasonably can, such as more training or stricter confidentiality policies, to prevent another breach from happening again.

Quickfire summary: what is a breach of confidentiality?

When someone shares private information without your permission, it’s called a breach of confidentiality. It can seriously damage relationships and reputations, and may have major legal consequences.

If you suspect your or your company’s private information has been mishandled, the UK legal system is on your side. Start by gathering all the evidence you can and speak to a lawyer who specialises in confidentiality law. If your case is compelling enough, you may be able to take it to court. If not, your lawyer will be able to advise you on other avenues available to you.

Also read:

• Types of business insurance you should know about
• Small business grants to be aware of in the UK
• Legal expenses – do you have enough cover?